summaryrefslogtreecommitdiffstats
path: root/packages/wekan-accounts-oidc/README.md
blob: ce0b5738b45c4d1f3f4cf9ccc74ec9deba0a0d39 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

# salleman:accounts-oidc package

A Meteor login service for OpenID Connect (OIDC).

## Installation

    meteor add salleman:accounts-oidc

## Usage

`Meteor.loginWithOidc(options, callback)`
* `options` - object containing options, see below (optional)
* `callback` - callback function (optional)

#### Example

```js
Template.myTemplateName.events({
  'click #login-button': function() {
    Meteor.loginWithOidc();
  }
);
```


## Options

These options override service configuration stored in the database.

* `loginStyle`: `redirect` or `popup`
* `redirectUrl`: Where to redirect after successful login. Only used if `loginStyle` is set to `redirect`

## Manual Configuration Setup

You can manually configure this package by upserting the service configuration on startup. First, add the `service-configuration` package:

    meteor add service-configuration

### Service Configuration

The following service configuration are available:

* `clientId`: OIDC client identifier
* `secret`: OIDC client shared secret
* `serverUrl`: URL of the OIDC server. e.g. `https://openid.example.org:8443`
* `authorizationEndpoint`: Endpoint of the OIDC authorization service, e.g. `/oidc/authorize`
* `tokenEndpoint`: Endpoint of the OIDC token service, e.g. `/oidc/token`
* `userinfoEndpoint`: Endpoint of the OIDC userinfo service, e.g. `/oidc/userinfo`
* `idTokenWhitelistFields`: A list of fields from IDToken to be added to Meteor.user().services.oidc object

### Project Configuration

Then in your project:

```js
if (Meteor.isServer) {
  Meteor.startup(function () {
    ServiceConfiguration.configurations.upsert(
      { service: 'oidc' },
      {
        $set: {
          loginStyle: 'redirect',
          clientId: 'my-client-id-registered-with-the-oidc-server',
          secret: 'my-client-shared-secret',
          serverUrl: 'https://openid.example.org',
          authorizationEndpoint: '/oidc/authorize',
          tokenEndpoint: '/oidc/token',
          userinfoEndpoint: '/oidc/userinfo',
          idTokenWhitelistFields: []
        }
      }
    );
  });
}
```
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-02 13:38:33 +0000