mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-15 22:01:08 +00:00
a07e67d9cc
This is "minimal" in the sense that only the Authorization Code Flow from OpenID Connect Core is implemented. No discovery, no configuration endpoint, and no user scope management. OpenID Connect is an extension to the (already implemented) OAuth 2.0 protocol, and essentially an `id_token` JWT is added to the access token endpoint response when using the Authorization Code Flow. I also added support for the "nonce" field since it is required to be used in the id_token if the client decides to include it in its initial request. In order to enable this extension an OAuth 2.0 scope containing "openid" is needed. Other OAuth 2.0 requests should not be impacted by this change. This minimal implementation is enough to enable single sign-on (SSO) for other sites, e.g. by using something like `mod_auth_openidc` to only allow access to a CI server if a user has logged into Gitea. Fixes: #1310 Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
33 lines
1.4 KiB
Handlebars
33 lines
1.4 KiB
Handlebars
{{template "base/head" .}}
|
|
<div class="page-content ui one column stackable center aligned page grid oauth2-authorize-application-box">
|
|
<div class="column seven wide">
|
|
<div class="ui middle centered raised segments">
|
|
<h3 class="ui top attached header">
|
|
{{.i18n.Tr "auth.authorize_title" .Application.Name}}
|
|
</h3>
|
|
<div class="ui attached segment">
|
|
{{template "base/alert" .}}
|
|
<p>
|
|
<b>{{.i18n.Tr "auth.authorize_application_description"}}</b><br/>
|
|
{{.i18n.Tr "auth.authorize_application_created_by" .ApplicationUserLink | Str2html}}
|
|
</p>
|
|
</div>
|
|
<div class="ui attached segment">
|
|
<p>{{.i18n.Tr "auth.authorize_redirect_notice" .ApplicationRedirectDomainHTML | Str2html}}</p>
|
|
</div>
|
|
<div class="ui attached segment">
|
|
<form method="post" action="{{AppSubUrl}}/login/oauth/grant">
|
|
{{.CsrfTokenHtml}}
|
|
<input type="hidden" name="client_id" value="{{.Application.ClientID}}">
|
|
<input type="hidden" name="state" value="{{.State}}">
|
|
<input type="hidden" name="scope" value="{{.Scope}}">
|
|
<input type="hidden" name="nonce" value="{{.Nonce}}">
|
|
<input type="hidden" name="redirect_uri" value="{{.RedirectURI}}">
|
|
<input type="submit" id="authorize-app" value="{{.i18n.Tr "auth.authorize_application"}}" class="ui red inline button"/>
|
|
<a href="{{.RedirectURI}}" class="ui basic primary inline button">Cancel</a>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
{{template "base/footer" .}}
|