diff --git a/README.md b/README.md index c6ca48e..814c4a3 100644 --- a/README.md +++ b/README.md @@ -247,10 +247,18 @@ These variables are the defaults of our roles, if you want to override the prope | smtp_port | Port number of SMTP server | | | smtp_user | Username for SMTP authentication | | | smtp_password | Password for SMTP authentication | | -| enable_oidc | Enable OIDC integration, this disables the username/password authentication method | false | +| enable_oidc | Enable OIDC integration, this disables the username/password authentication method (self exclusive SSO type) | false | | oidc_client_id | OIDC client id, required when enable_oidc is true | | | oidc_client_secret | OIDC client secret, required when enable_oidc is true | | | oidc_server_base_url | OIDC identity provider base url, required when enable_oidc is true | | +| enable_oauth2 | Enable OAUTH2 integration, this disables the username/password authentication method (self exclusive SSO type) | false | +| oauth2_client_id | OAUTH2 client id, required when enable_oauth2 is true | | +| oauth2_client_secret | OAUTH2 client secret, required when enable_oauth2 is true | | +| oauth2_server_base_url | OAUTH2 identity provider base url, required when enable_oauth2 is true | | +| oauth2_authorize_url | OAUTH2 authorize url, required when enable_oauth2 is true | | +| oauth2_token_url | OAUTH2 token url, required when enable_oauth2 is true | | +| oauth2_user_url | OAUTH2 user information url, required when enable_oauth2 is true | | +| oauth2_scopes | OAUTH2 scopes, required when enable_oauth2 is true | "profile email" | | install_nginx | Install nginx | true | | nginx_ssl_cert_as_base64 | Nginx SSL certificate provided as base64 string | false | | nginx_ssl_key_as_base64 | Nginx SSL key provided as base64 string | false | diff --git a/roles/app/defaults/main.yml b/roles/app/defaults/main.yml index 0c9fb83..0229949 100644 --- a/roles/app/defaults/main.yml +++ b/roles/app/defaults/main.yml @@ -27,3 +27,11 @@ enable_oidc: "false" oidc_client_id: "" oidc_client_secret: "" oidc_server_base_url: "" +enable_oauth2: "false" +oauth2_client_id: "" +oauth2_client_secret: "" +oauth2_server_base_url: "" +oauth2_authorize_url: "" +oauth2_token_url: "" +oauth2_user_url: "" +oauth2_scopes: "profile email" diff --git a/roles/app/tasks/docker.yml b/roles/app/tasks/docker.yml index 1d86095..003424f 100644 --- a/roles/app/tasks/docker.yml +++ b/roles/app/tasks/docker.yml @@ -106,3 +106,11 @@ OIDC_CLIENT_ID: "{{ oidc_client_id }}" OIDC_CLIENT_SECRET: "{{ oidc_client_secret }}" OIDC_BASE_URL: "{{ oidc_server_base_url }}" + ENABLE_OAUTH2: "{{ enable_oauth2 }}" + OAUTH2_CLIENT_ID: "{{ oauth2_client_id }}" + OAUTH2_CLIENT_SECRET: "{{ oauth2_client_secret }}" + OAUTH2_BASE_URL: "{{ oauth2_server_base_url }}" + OAUTH2_AUTHORIZE_URL: "{{ oauth2_authorize_url }}" + OAUTH2_TOKEN_URL: "{{ oauth2_token_url }}" + OAUTH2_USER_URL: "{{ oauth2_user_url }}" + OAUTH2_SCOPES: "{{ oauth2_scopes }}" diff --git a/roles/app/templates/trento-web.j2 b/roles/app/templates/trento-web.j2 index b6697f3..14d2c61 100644 --- a/roles/app/templates/trento-web.j2 +++ b/roles/app/templates/trento-web.j2 @@ -22,3 +22,11 @@ ENABLE_OIDC={{ enable_oidc }} OIDC_CLIENT_ID={{ oidc_client_id }} OIDC_CLIENT_SECRET={{ oidc_client_secret }} OIDC_BASE_URL={{ oidc_server_base_url }} +ENABLE_OAUTH2={{ enable_oauth2 }} +OAUTH2_CLIENT_ID={{ oauth2_client_id }} +OAUTH2_CLIENT_SECRET={{ oauth2_client_secret }} +OAUTH2_BASE_URL={{ oauth2_server_base_url }} +OAUTH2_AUTHORIZE_URL={{ oauth2_authorize_url }} +OAUTH2_TOKEN_URL={{ oauth2_token_url }} +OAUTH2_USER_URL={{ oauth2_user_url }} +OAUTH2_SCOPES={{ oauth2_scopes }}