diff options
Diffstat (limited to 'packages/wekan-accounts-oidc')
| -rw-r--r-- | packages/wekan-accounts-oidc/.gitignore | 1 | ||||
| -rw-r--r-- | packages/wekan-accounts-oidc/LICENSE.txt | 14 | ||||
| -rw-r--r-- | packages/wekan-accounts-oidc/README.md | 75 | ||||
| -rw-r--r-- | packages/wekan-accounts-oidc/oidc.js | 22 | ||||
| -rw-r--r-- | packages/wekan-accounts-oidc/oidc_login_button.css | 3 | ||||
| -rw-r--r-- | packages/wekan-accounts-oidc/package.js | 19 |
6 files changed, 134 insertions, 0 deletions
diff --git a/packages/wekan-accounts-oidc/.gitignore b/packages/wekan-accounts-oidc/.gitignore new file mode 100644 index 00000000..5379d4c3 --- /dev/null +++ b/packages/wekan-accounts-oidc/.gitignore @@ -0,0 +1 @@ +.versions diff --git a/packages/wekan-accounts-oidc/LICENSE.txt b/packages/wekan-accounts-oidc/LICENSE.txt new file mode 100644 index 00000000..c7be3264 --- /dev/null +++ b/packages/wekan-accounts-oidc/LICENSE.txt @@ -0,0 +1,14 @@ +Copyright (C) 2016 SWITCH + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + diff --git a/packages/wekan-accounts-oidc/README.md b/packages/wekan-accounts-oidc/README.md new file mode 100644 index 00000000..ce0b5738 --- /dev/null +++ b/packages/wekan-accounts-oidc/README.md @@ -0,0 +1,75 @@ +# salleman:accounts-oidc package + +A Meteor login service for OpenID Connect (OIDC). + +## Installation + + meteor add salleman:accounts-oidc + +## Usage + +`Meteor.loginWithOidc(options, callback)` +* `options` - object containing options, see below (optional) +* `callback` - callback function (optional) + +#### Example + +```js +Template.myTemplateName.events({ + 'click #login-button': function() { + Meteor.loginWithOidc(); + } +); +``` + + +## Options + +These options override service configuration stored in the database. + +* `loginStyle`: `redirect` or `popup` +* `redirectUrl`: Where to redirect after successful login. Only used if `loginStyle` is set to `redirect` + +## Manual Configuration Setup + +You can manually configure this package by upserting the service configuration on startup. First, add the `service-configuration` package: + + meteor add service-configuration + +### Service Configuration + +The following service configuration are available: + +* `clientId`: OIDC client identifier +* `secret`: OIDC client shared secret +* `serverUrl`: URL of the OIDC server. e.g. `https://openid.example.org:8443` +* `authorizationEndpoint`: Endpoint of the OIDC authorization service, e.g. `/oidc/authorize` +* `tokenEndpoint`: Endpoint of the OIDC token service, e.g. `/oidc/token` +* `userinfoEndpoint`: Endpoint of the OIDC userinfo service, e.g. `/oidc/userinfo` +* `idTokenWhitelistFields`: A list of fields from IDToken to be added to Meteor.user().services.oidc object + +### Project Configuration + +Then in your project: + +```js +if (Meteor.isServer) { + Meteor.startup(function () { + ServiceConfiguration.configurations.upsert( + { service: 'oidc' }, + { + $set: { + loginStyle: 'redirect', + clientId: 'my-client-id-registered-with-the-oidc-server', + secret: 'my-client-shared-secret', + serverUrl: 'https://openid.example.org', + authorizationEndpoint: '/oidc/authorize', + tokenEndpoint: '/oidc/token', + userinfoEndpoint: '/oidc/userinfo', + idTokenWhitelistFields: [] + } + } + ); + }); +} +``` diff --git a/packages/wekan-accounts-oidc/oidc.js b/packages/wekan-accounts-oidc/oidc.js new file mode 100644 index 00000000..75cd89ae --- /dev/null +++ b/packages/wekan-accounts-oidc/oidc.js @@ -0,0 +1,22 @@ +Accounts.oauth.registerService('oidc'); + +if (Meteor.isClient) { + Meteor.loginWithOidc = function(options, callback) { + // support a callback without options + if (! callback && typeof options === "function") { + callback = options; + options = null; + } + + var credentialRequestCompleteCallback = Accounts.oauth.credentialRequestCompleteHandler(callback); + Oidc.requestCredential(options, credentialRequestCompleteCallback); + }; +} else { + Accounts.addAutopublishFields({ + // not sure whether the OIDC api can be used from the browser, + // thus not sure if we should be sending access tokens; but we do it + // for all other oauth2 providers, and it may come in handy. + forLoggedInUser: ['services.oidc'], + forOtherUsers: ['services.oidc.id'] + }); +} diff --git a/packages/wekan-accounts-oidc/oidc_login_button.css b/packages/wekan-accounts-oidc/oidc_login_button.css new file mode 100644 index 00000000..da42120b --- /dev/null +++ b/packages/wekan-accounts-oidc/oidc_login_button.css @@ -0,0 +1,3 @@ +#login-buttons-image-oidc { + background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACQUlEQVQ4T5WTy2taQRTGv4kSXw0IoYIihCjFmhhfhUqW9a+o0I2LInTRRbtw05V2I9KQuuimi24KXQqChIhQQcQgGGNz0YpvMCG1yL1tGqvBZsKMIIXcjQcOcznnfL+ZOecOEUVx4/Ly8mQ6neqxhKlUKmltbc1Nut2uqJ/bEnJAkiTmEhEEgVqtViiVyjuAP70j/Pj6Htbglzu52WyGdrsNUq1Wqc1mk939+9sHPP7wTVM232g0QMrlMrXb7bIFndgcbAk3ZPP1eh2kVCrRra2tRcFoNEK1WoXf78fg3Rxsfl3H3t4e3G43dnd3wWrMZjNqtRpIsVhcAFKpFPL5PBfF43H8TDj49/2XAvb393F2dgaNRgNKKaLR6ByQz+epw+HAwcEBisUijEYjgsEg1Go1pA9ODtC/+MZFDCKKIo9FIhEIggCSy+Xozs4OYrEY2ChDoRAIIVww/ujhxdrnFTSbTX6Cfr+Pi4sLhMNhnJ6egmSzWepyuZBIJGAwGBAIBLiY2ezTI74qg2UoFIqFr6ys4OrqiveKHB4eckAmk8FgMMD29jZ8Ph8XKj4/5uu/ZyXZKXBAOp2mHo+H/0isD6zDOp0Om5ubsAuvcA+/8ffpkSygUqmApFIp6vV6+b2ZsNfrodVqYTgcwqXtwul04pfhiSzg+PgYJJlMUovFwhvIbHV1lTs70c3NDSaTCa6vr+8A2FvodDr8CmwuepPJtIDIbvdfkInPz89ZRCKFQmFjNBqdjMfjpZ6jVquV1tfX3bcYegI7CyIWlgAAAABJRU5ErkJggg=='); +} diff --git a/packages/wekan-accounts-oidc/package.js b/packages/wekan-accounts-oidc/package.js new file mode 100644 index 00000000..251fb265 --- /dev/null +++ b/packages/wekan-accounts-oidc/package.js @@ -0,0 +1,19 @@ +Package.describe({ + summary: "OpenID Connect (OIDC) for Meteor accounts", + version: "1.0.10", + name: "wekan-accounts-oidc", + git: "https://github.com/wekan/meteor-accounts-oidc.git", + +}); + +Package.onUse(function(api) { + api.use('accounts-base@1.2.0', ['client', 'server']); + // Export Accounts (etc) to packages using this one. + api.imply('accounts-base', ['client', 'server']); + api.use('accounts-oauth@1.1.0', ['client', 'server']); + api.use('wekan-oidc@1.0.10', ['client', 'server']); + + api.addFiles('oidc_login_button.css', 'client'); + + api.addFiles('oidc.js'); +}); |