mirror of
https://github.com/infiniflow/ragflow.git
synced 2025-12-24 15:36:50 +08:00
a8542508b7
### What problem does this PR solve? Deprecate `/github_callback` route in favor of `/oauth/callback/<channel>` for GitHub OAuth integration: - Added GitHub OAuth support in the authentication module - Introduced `GithubOAuthClient` with methods to fetch and normalize user info - Updated `CLIENT_TYPES` to include GitHub OAuth client - Deprecated `/github_callback` route and suggested using the generic `/oauth/callback/<channel>` route --- - Related pull requests: - #7379 - #7553 ### Usage - [Create a GitHub OAuth App](https://github.com/settings/applications/new) to obtain the `client_id` and `client_secret`, configure the authorization callback url: `https://your-app.com/v1/user/oauth/callback/github` - Edit `service_conf.yaml.template`: ```yaml # ... oauth: github: type: "github" icon: "github" display_name: "Github" client_id: "your_client_id" client_secret: "your_client_secret" redirect_uri: "https://your-app.com/v1/user/oauth/callback/github" # ... ``` ### Type of change - [x] Documentation Update - [x] Refactoring (non-breaking change)
77 lines
2.0 KiB
Markdown
77 lines
2.0 KiB
Markdown
# Auth
|
|
|
|
The Auth module provides implementations of OAuth2 and OpenID Connect (OIDC) authentication for integration with third-party identity providers.
|
|
|
|
**Features**
|
|
|
|
- Supports both OAuth2 and OIDC authentication protocols
|
|
- Automatic OIDC configuration discovery (via `/.well-known/openid-configuration`)
|
|
- JWT token validation
|
|
- Unified user information handling
|
|
|
|
## Usage
|
|
|
|
```python
|
|
# OAuth2 configuration
|
|
oauth_config = {
|
|
"type": "oauth2",
|
|
"client_id": "your_client_id",
|
|
"client_secret": "your_client_secret",
|
|
"authorization_url": "https://provider.com/oauth/authorize",
|
|
"token_url": "https://provider.com/oauth/token",
|
|
"userinfo_url": "https://provider.com/oauth/userinfo",
|
|
"redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
|
|
}
|
|
|
|
# OIDC configuration
|
|
oidc_config = {
|
|
"type": "oidc",
|
|
"issuer": "https://provider.com/v1/oidc",
|
|
"client_id": "your_client_id",
|
|
"client_secret": "your_client_secret",
|
|
"redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
|
|
}
|
|
|
|
# Github OAuth configuration
|
|
github_config = {
|
|
"type": "github"
|
|
"client_id": "your_client_id",
|
|
"client_secret": "your_client_secret",
|
|
"redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
|
|
}
|
|
|
|
# Get client instance
|
|
client = get_auth_client(oauth_config)
|
|
```
|
|
|
|
### Authentication Flow
|
|
|
|
1. Get authorization URL:
|
|
```python
|
|
auth_url = client.get_authorization_url()
|
|
```
|
|
|
|
2. After user authorization, exchange authorization code for token:
|
|
```python
|
|
token_response = client.exchange_code_for_token(authorization_code)
|
|
access_token = token_response["access_token"]
|
|
```
|
|
|
|
3. Fetch user information:
|
|
```python
|
|
user_info = client.fetch_user_info(access_token)
|
|
```
|
|
|
|
## User Information Structure
|
|
|
|
All authentication methods return user information following this structure:
|
|
|
|
```python
|
|
{
|
|
"email": "user@example.com",
|
|
"username": "username",
|
|
"nickname": "User Name",
|
|
"avatar_url": "https://example.com/avatar.jpg"
|
|
}
|
|
```
|