Skip to content

Commit

Permalink
Merge pull request #214 from canonical/github-integration
Browse files Browse the repository at this point in the history
GitHub integration
  • Loading branch information
nsklikas authored Jan 4, 2024
2 parents 05273cc + 3fc3b74 commit 0abcafa
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 14 deletions.
42 changes: 33 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,32 +77,56 @@ docker run -p 8080:8080 -it --name login-ui --rm localhost:32000/identity-platfo

## Development setup

As a requirement, please make sure to have `docker` and `docker-compose` installed as well as a set of client credentials for AzureAD.
As a requirement, please make sure to have `docker` and `docker-compose` installed.

Create a file called `.env` on the root of the repository and paste your client credentials:
You need to have a registered Github OAuth application to use for logging in.
To register a Github OAuth application:
1) Go to https://github.com/settings/applications/new. The application name and homepage URL do not matter, but the Authorization callback URL must be `http://localhost:4433/self-service/methods/oidc/callback/github`.
2) Generate a client secret
3) Create a file called `.env` on the root of the repository and paste your client credentials:

```
CLIENT_ID=<client_id>
CLIENT_SECRET=<client_secret>
MICROSOFT_TENANT=<tenant_id>
```

We are going to use docker-compose to run Kratos, Hydra and OpenFGA:
Run the login UI's dependencies:

```console
docker-compose -f docker-compose.dev.yml up -- build --force-recreate
```

Now we can run the UI:
Build and run the Login UI:
```console
make build
export KRATOS_PUBLIC_URL=http://localhost:4433
export HYDRA_ADMIN_URL=http://localhost:4445
export BASE_URL=http://localhost:4455
export PORT=4455
export TRACING_ENABLED=false
export LOG_LEVEL=debug
export OPENFGA_API_SCHEME=http
export OPENFGA_API_HOST=localhost:8080
export OPENFGA_STORE_ID=01GP1254CHWJC1MNGVB0WDG1T0
go run cmd/main.go
export AUTHORIZATION_ENABLED=false
./cmd/app
```

To test the authorizatoin code flow you can use the Ory Hydra CLI:

> To install the Ory Hydra CLI follow the instructions: https://www.ory.sh/docs/hydra/self-hosted/install
```console
code_client=$(hydra create client \
--endpoint http://localhost:4445 \
--name grafana \
--grant-type authorization_code,refresh_token \
--response-type code \
--format json \
--scope openid,offline_access,email,profile \
--redirect-uri http://127.0.0.1:4446/callback \
--audience app_client \
)
hydra perform authorization-code \
--endpoint http://localhost:4444 \
--client-id `echo "$code_client" | yq .client_id` \
--client-secret `echo "$code_client" | yq .client_secret` \
--scope openid,profile,email,offline_access
```
1 change: 0 additions & 1 deletion docker-compose.dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ services:
- LOG_LEVEL=trace
- SELFSERVICE_METHODS_OIDC_CONFIG_PROVIDERS_0_CLIENT_ID=${CLIENT_ID}
- SELFSERVICE_METHODS_OIDC_CONFIG_PROVIDERS_0_CLIENT_SECRET=${CLIENT_SECRET}
- SELFSERVICE_METHODS_OIDC_CONFIG_PROVIDERS_0_MICROSOFT_TENANT=${MICROSOFT_TENANT}
command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
volumes:
- type: volume
Expand Down
8 changes: 4 additions & 4 deletions docker/kratos/kratos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,11 @@ selfservice:
enabled: True
config:
providers:
- id: "microsoft"
provider: "microsoft"
- id: "github"
provider: "github"
mapper_url: "file:///etc/config/kratos/microsoft_schema.jsonnet"
scope: ["profile", "email", "address", "phone"]
label: EntraID
scope: ["user:email"]
label: Github
courier:
smtp:
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true

0 comments on commit 0abcafa

Please sign in to comment.