-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FR: Support multiple usages of the same strategy in config #186
Comments
Can you provide a few examples? |
Take any of the strategies and try to define it multiple times, e.g. Keycloack strategy for a Keycloack instance and Authentik. It will fail. |
@samip5 do you mind providing a code snippet with your configuration? You should be able to do the following: config :ueberauth, Ueberauth,
providers: [
keycloackone: { Ueberauth.Strategy. Keycloack, [] },
keycloacktwo: { Ueberauth.Strategy. Keycloack, [] },] }
] The key is what matters. |
I can confirm, I've done similar thing with Facebook. Works like a charm. |
It may be that we are defining it weirdly in Mobilizon. config :ueberauth,
Ueberauth,
providers: [
keycloak: {Ueberauth.Strategy.Keycloak, [default_scope: "openid profile email"]}
]
config :mobilizon, :auth,
oauth_consumer_strategies: [
{:keycloak, "Pikaviestin.fi -tunnus"}
]
authentik_url = "https://login.pikaviestin.fi"
config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
client_id: "<snip>",
client_secret: "<snip>",
site: authentik_url,
authorize_url: "#{authentik_url}/application/o/authorize/",
token_url: "#{authentik_url}/application/o/token/",
userinfo_url: "#{authentik_url}/application/o/userinfo/",
token_method: :post |
So the proper solution would be to be able to pass provider specific info in the strategy opts?
|
To me it looks more of an issue with provider implementation. If it read data from source different than config, it could be done quite easily. |
Possibly, but that wouldn't help with URLs portion of the equation. |
If you set it like that, how would you set different options per provider for urls and keys? |
Would something like this be acceptable API format? config :ueberauth, Ueberauth,
providers: [
keycloackone:
{Ueberauth.Strategy.Keycloack,
[
client_id: "<snip>",
client_secret: "<snip>",
site: authentik_url,
authorize_url: "#{authentik_url}/application/o/authorize/",
token_url: "#{authentik_url}/application/o/token/",
userinfo_url: "#{authentik_url}/application/o/userinfo/",
token_method: :post
]},
keycloacktwo:
{Ueberauth.Strategy.Keycloack,
[
client_id: "<snip2>",
client_secret: "<2snip>",
site: authentik_ur2l,
authorize_url: "#{authentik_url}/appasdlication/o/authorize/",
token_url: "#{authentik_url}/applicatiasdon/o/token/",
userinfo_url: "#{authentik_url}/applicasdation/o/userinfo/",
token_method: :post
]}
] I am not sure if current version of Ueberauth will allow this. |
I think the array [] is for scopes though originally, but otherwise that would look reasonable yes. |
If the provider doesn't support this, it might be an issue with the provider. I know that I've been testing UeberauthOidcc with multiple providers against Keycloak and it works fine, so you might give that a shot if the other one isn't working. |
I think the problem might not be the provider but how it's implemented in the app in question. |
Problem Statement
I want to be able to specify multiple Keycloack strategies in the provider map, and have them all named differently. Currently when configuring eg Mastodon, that uses this, it's not possible to have configure multiple oauth providers eg Authentik and Keycloak.
Solution Brainstorm
One possibility would be to create a separate OpenID Connect Strategy and then allow that to be used multiple times.
The text was updated successfully, but these errors were encountered: