Skip to content

kanboard/plugin-oauth2

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OAuth2 Authentication

Generic OAuth2 authentication plugin.

Author

  • Frédéric Guillot
  • License MIT

Requirements

  • Kanboard >= 1.0.37

Installation

You have the choice between 3 methods:

  1. Install the plugin from the Kanboard plugin manager in one click
  2. Download the zip file and decompress everything under the directory plugins/OAuth2
  3. Clone this repository into the folder plugins/OAuth2

Note: Plugin folder is case-sensitive.

Configuration

Note: Also works with most OpenID Providers

Go to the application settings > integrations > OAuth2 Authentication.

1) Create a new application on the OAuth2 provider

Go to the third-party authentication provider and add a new application. Copy and paste the Kanboard callback URL and generate a new set of tokens.

The third-party provider will returns a Client ID and a Client Secret. Copy those values in the Kanboard's settings.

2) Configure the provider in Kanboard

  • Client ID: Unique ID that comes from the third-party provider
  • Client Secret: Unique token that comes from the third-party provider
  • Authorize URL: URL used for authorization
  • Token URL: URL used to get tokens from third-party provider
  • User API URL: URL used to fetch user profile after authentication
  • Username Key: Key used to fetch the username from the user API response
  • Name Key: Key used to fetch the full name
  • Email Key: Key used to fetch the user email
  • User ID Key: Key used to fetch the unique user ID

Examples

Example for Github OAuth2:

  • Authorize URL: https://github.com/login/oauth/authorize
  • Token URL: https://github.com/login/oauth/access_token
  • User API URL: https://api.github.com/user
  • Username Key: login
  • Name Key: name
  • Email Key: email
  • User ID Key: id

Example for Salesforce:

  • Authorize URL: https://login.salesforce.com/services/oauth2/authorize
  • Token URL: https://login.salesforce.com/services/oauth2/token
  • User API URL: https://login.salesforce.com/services/oauth2/userinfo
  • Username Key: nickname
  • Name Key: name
  • Email Key: email
  • User ID Key: user_id

Example for Discord:

  • Authorize URL: https://discord.com/api/oauth2/authorize
  • Token URL: https://discord.com/api/oauth2/token
  • User API URL: https://discordapp.com/api/users/@me
  • Scopes: email identify
  • Username Key: username
  • Name Key: username
  • Email Key: email
  • User ID Key: id

Example for Gitea:

  • Authorize URL: https://try.gitea.io/login/oauth/authorize
  • Token URL: https://try.gitea.io/login/oauth/access_token
  • User API URL: https://try.gitea.io/login/oauth/userinfo
  • Scopes: openid profile email groups
  • Username Key: preferred_username
  • Name Key: name
  • Email Key: email
  • User ID Key: sub

Example for Slack:

  • Authorize URL: https://slack.com/openid/connect/authorize
  • Token URL: https://slack.com/api/openid.connect.token
  • User API URL: https://slack.com/api/openid.connect.userInfo
  • Scopes: openid profile email
  • Username Key: name
  • Name Key: name
  • Email Key: email
  • User ID Key: sub

Example for Azure AD (find the URLs with proper UUIDs in your Azure app page):

  • Authorize URL: https://login.microsoftonline.com/<UUID>/oauth2/v2.0/authorize
  • Token URL: https://login.microsoftonline.com/<UUID>/oauth2/v2.0/token
  • User API URL: https://graph.microsoft.com/beta/me
  • Scopes: User.Read
  • Username Key: userPrincipalName
  • Name Key: displayName
  • Email Key: mail
  • User ID Key: id

Example for self-hosted Authentik:

  • Authorize URL: https://auth.domain.tld/application/o/authorize/
  • Token URL: https://auth.domain.tld/application/o/token/
  • User API URL: https://auth.domain.tld/application/o/userinfo/
  • Scopes: openid profile email
  • Username Key: preferred_username
  • Name Key: name
  • Email Key: email
  • User ID Key: sub