forked from microscopepony/omero-oauth
-
Notifications
You must be signed in to change notification settings - Fork 1
/
multi-example.yaml
130 lines (107 loc) · 3.55 KB
/
multi-example.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
# oauth section names must match [a-z][a-z0-9]+
providers:
######################################################################
# Google OpenID
- name: google
displayname: Google
url:
# These 3 URLs will be found using OpenID discovery, uncomment to override
#authorisation: https://accounts.google.com/o/oauth2/v2/auth
#token: https://oauth2.googleapis.com/token
#userinfo: https://openidconnect.googleapis.com/v1/userinfo
callback: https://OMERO.WEB.HOST/oauth/callback/google
# https://console.developers.google.com/apis/credentials
client:
id: CLIENT_ID
secret: SECRET_ID
scopes:
- openid
- https://www.googleapis.com/auth/userinfo.email
- https://www.googleapis.com/auth/userinfo.profile
openid:
# OpenID issuer, required for auto-discovery
issuer: https://accounts.google.com
# Uncomment to enable verification
#verify: true
# force to always make user click authorize
authorization:
params:
prompt: select_account
userinfo:
type: openid
user:
# OMERO user name, template must contain {sub}
name: 'google-{sub}'
email: '{email}'
firstname: '{given_name}'
lastname: '{family_name}'
######################################################################
# GitHub
- name: github
displayname: GitHub
url:
authorisation: https://github.com/login/oauth/authorize
token: https://github.com/login/oauth/access_token
userinfo: https://api.github.com/user
callback: https://OMERO.WEB.HOST/oauth/callback/github
# Create an OAuth app: https://github.com/settings/developers
client:
id: CLIENT_ID
secret: SECRET_ID
scopes:
# Needs to exactly match the string returned by GitHub
- 'read:user,user:email'
userinfo:
type: github
user:
# OMERO user name, template must contain {login}
name: 'github-{login}'
######################################################################
# ORCID
- name: orcid
displayname: ORCID
url:
authorisation: https://orcid.org/oauth/authorize
token: https://orcid.org/oauth/token
userinfo: https://pub.orcid.org/v2.1/{orcid}
callback: https://OMERO.WEB.HOST/oauth/callback/orcid
# https://support.orcid.org/hc/en-us/articles/360006897174
client:
id: CLIENT_ID
secret: SECRET_ID
scopes:
- /authenticate
userinfo:
type: orcid
user:
# OMERO user name, template must contain {orcid}
name: 'orcid-{orcid}'
######################################################################
# Synapse
# https://docs.synapse.org/articles/using_synapse_as_an_oauth_server.html
- name: synapse
displayname: Synapse
url:
callback: https://OMERO.WEB.HOST/oauth/callback/synapse
client:
id: CLIENT_ID
secret: SECRET_ID
# only allowed scope for synapse is openid
scopes:
- openid
openid:
issuer: https://repo-prod.prod.sagebase.org/auth/v1
authorization:
params:
# Only the specified teams are allowed to log in
claims: "{\"id_token\": { \"user_name\": null, \"email\": null, \"given_name\": null, \"family_name\": null, \"team\": {\"values\": [\"3410871\"] } } }"
userinfo:
type: synapse
user:
# OMERO user name
# TODO changing the template values below doesn't have effect right now
name: '{user_name}'
email: '{email}'
firstname: '{given_name}'
lastname: '{family_name}'