This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
сервис_oauth2 [2021/03/03 13:07] val создано |
сервис_oauth2 [2022/05/17 10:14] val [GitLab] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Сервис OAuth2 ====== | ====== Сервис OAuth2 ====== | ||
- | * [[https://www.ory.sh/run-oauth2-server-open-source-api-security/|Run your own OAuth2 Server]] | + | * [[https://habr.com/ru/post/77648/|OAuth: описание протокола простым и понятным языком]] |
+ | |||
+ | ===== ORY Hydra OAuth2 Server ===== | ||
+ | |||
+ | * [[https://www.ory.sh/run-oauth2-server-open-source-api-security/|ORY Hydra Run your own OAuth2 Server]] | ||
+ | * [[https://www.ory.sh/hydra/docs/5min-tutorial/|ORY Hydra 5 Minute Tutorial]] | ||
+ | |||
+ | ===== Gitlab ===== | ||
+ | |||
+ | * Инструмент GitLab [[Инструмент GitLab#Сервер OAuth2]] | ||
+ | |||
+ | ===== OpenID Connect authentication module for Apache ===== | ||
+ | |||
+ | * [[https://github.com/zmartzone/mod_auth_openidc|Аuthenticates users of a web site against an OpenID Connect Identity Provider or an OAuth 2.0 Authorization Server]] | ||
+ | |||
+ | <code> | ||
+ | # apt install libapache2-mod-auth-openidc | ||
+ | </code> | ||
+ | |||
+ | ==== Подключение к GitLab ==== | ||
+ | |||
+ | * [[https://github.com/zmartzone/mod_auth_openidc/wiki/GitLab-OAuth2]] | ||
+ | |||
+ | <code> | ||
+ | # cat /etc/apache2/sites-available/default-ssl.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | OIDCProviderMetadataURL https://gitlab.bmstu.ru/.well-known/openid-configuration | ||
+ | OIDCClientID 802..........................................................4c8 | ||
+ | OIDCClientSecret 991..........................................................5e7 | ||
+ | OIDCRedirectURI https://val.bmstu.ru/auth-test | ||
+ | OIDCCryptoPassphrase h...any.....string.....j | ||
+ | |||
+ | <Directory /home/val/auth-test> | ||
+ | Options ExecCGI Indexes FollowSymLinks | ||
+ | AddHandler cgi-script .cgi | ||
+ | DirectoryIndex env.cgi | ||
+ | AuthType openid-connect | ||
+ | Require valid-user | ||
+ | </Directory> | ||
+ | Alias /auth-test "/home/val/auth-test" | ||
+ | ... | ||
+ | </code> | ||
+ | |||
+ | ==== Тестирование ==== | ||
+ | |||
+ | * !!! В настройках URL без финального "/", при подключении обязательно с ним !!! | ||
+ | |||
+ | <code> | ||
+ | https://val.bmstu.ru/auth-test/ | ||
+ | </code> |