feat: support OIDC login.
This commit is contained in:
ruiqurm
@@ -62,6 +62,30 @@ export interface SystemSettings {
|
||||
linuxdo_connect_client_secret_configured: boolean
|
||||
linuxdo_connect_redirect_url: string
|
||||
|
||||
// Generic OIDC OAuth settings
|
||||
oidc_connect_enabled: boolean
|
||||
oidc_connect_provider_name: string
|
||||
oidc_connect_client_id: string
|
||||
oidc_connect_client_secret_configured: boolean
|
||||
oidc_connect_issuer_url: string
|
||||
oidc_connect_discovery_url: string
|
||||
oidc_connect_authorize_url: string
|
||||
oidc_connect_token_url: string
|
||||
oidc_connect_userinfo_url: string
|
||||
oidc_connect_jwks_url: string
|
||||
oidc_connect_scopes: string
|
||||
oidc_connect_redirect_url: string
|
||||
oidc_connect_frontend_redirect_url: string
|
||||
oidc_connect_token_auth_method: string
|
||||
oidc_connect_use_pkce: boolean
|
||||
oidc_connect_validate_id_token: boolean
|
||||
oidc_connect_allowed_signing_algs: string
|
||||
oidc_connect_clock_skew_seconds: number
|
||||
oidc_connect_require_email_verified: boolean
|
||||
oidc_connect_userinfo_email_path: string
|
||||
oidc_connect_userinfo_id_path: string
|
||||
oidc_connect_userinfo_username_path: string
|
||||
|
||||
// Model fallback configuration
|
||||
enable_model_fallback: boolean
|
||||
fallback_model_anthropic: string
|
||||
@@ -131,6 +155,28 @@ export interface UpdateSettingsRequest {
|
||||
linuxdo_connect_client_id?: string
|
||||
linuxdo_connect_client_secret?: string
|
||||
linuxdo_connect_redirect_url?: string
|
||||
oidc_connect_enabled?: boolean
|
||||
oidc_connect_provider_name?: string
|
||||
oidc_connect_client_id?: string
|
||||
oidc_connect_client_secret?: string
|
||||
oidc_connect_issuer_url?: string
|
||||
oidc_connect_discovery_url?: string
|
||||
oidc_connect_authorize_url?: string
|
||||
oidc_connect_token_url?: string
|
||||
oidc_connect_userinfo_url?: string
|
||||
oidc_connect_jwks_url?: string
|
||||
oidc_connect_scopes?: string
|
||||
oidc_connect_redirect_url?: string
|
||||
oidc_connect_frontend_redirect_url?: string
|
||||
oidc_connect_token_auth_method?: string
|
||||
oidc_connect_use_pkce?: boolean
|
||||
oidc_connect_validate_id_token?: boolean
|
||||
oidc_connect_allowed_signing_algs?: string
|
||||
oidc_connect_clock_skew_seconds?: number
|
||||
oidc_connect_require_email_verified?: boolean
|
||||
oidc_connect_userinfo_email_path?: string
|
||||
oidc_connect_userinfo_id_path?: string
|
||||
oidc_connect_userinfo_username_path?: string
|
||||
enable_model_fallback?: boolean
|
||||
fallback_model_anthropic?: string
|
||||
fallback_model_openai?: string
|
||||
|
||||
@@ -357,6 +357,28 @@ export async function completeLinuxDoOAuthRegistration(
|
||||
return data
|
||||
}
|
||||
|
||||
/**
|
||||
* Complete OIDC OAuth registration by supplying an invitation code
|
||||
* @param pendingOAuthToken - Short-lived JWT from the OAuth callback
|
||||
* @param invitationCode - Invitation code entered by the user
|
||||
* @returns Token pair on success
|
||||
*/
|
||||
export async function completeOIDCOAuthRegistration(
|
||||
pendingOAuthToken: string,
|
||||
invitationCode: string
|
||||
): Promise<{ access_token: string; refresh_token: string; expires_in: number; token_type: string }> {
|
||||
const { data } = await apiClient.post<{
|
||||
access_token: string
|
||||
refresh_token: string
|
||||
expires_in: number
|
||||
token_type: string
|
||||
}>('/auth/oauth/oidc/complete-registration', {
|
||||
pending_oauth_token: pendingOAuthToken,
|
||||
invitation_code: invitationCode
|
||||
})
|
||||
return data
|
||||
}
|
||||
|
||||
export const authAPI = {
|
||||
login,
|
||||
login2FA,
|
||||
@@ -380,7 +402,8 @@ export const authAPI = {
|
||||
resetPassword,
|
||||
refreshToken,
|
||||
revokeAllSessions,
|
||||
completeLinuxDoOAuthRegistration
|
||||
completeLinuxDoOAuthRegistration,
|
||||
completeOIDCOAuthRegistration
|
||||
}
|
||||
|
||||
export default authAPI
|
||||
|
||||
Reference in New Issue
Block a user