feat: support OIDC login.
This commit is contained in:
ruiqurm
@@ -428,6 +428,7 @@ export default {
|
||||
invitationCodeInvalid: 'Invalid or used invitation code',
|
||||
invitationCodeValidating: 'Validating invitation code...',
|
||||
invitationCodeInvalidCannotRegister: 'Invalid invitation code. Please check and try again',
|
||||
oauthOrContinue: 'or continue with email',
|
||||
linuxdo: {
|
||||
signIn: 'Continue with Linux.do',
|
||||
orContinue: 'or continue with email',
|
||||
@@ -442,6 +443,20 @@ export default {
|
||||
completing: 'Completing registration…',
|
||||
completeRegistrationFailed: 'Registration failed. Please check your invitation code and try again.'
|
||||
},
|
||||
oidc: {
|
||||
signIn: 'Continue with {providerName}',
|
||||
callbackTitle: 'Signing you in with {providerName}',
|
||||
callbackProcessing: 'Completing login with {providerName}, please wait...',
|
||||
callbackHint: 'If you are not redirected automatically, go back to the login page and try again.',
|
||||
callbackMissingToken: 'Missing login token, please try again.',
|
||||
backToLogin: 'Back to Login',
|
||||
invitationRequired:
|
||||
'This {providerName} account is not yet registered. The site requires an invitation code — please enter one to complete registration.',
|
||||
invalidPendingToken: 'The registration token has expired. Please sign in again.',
|
||||
completeRegistration: 'Complete Registration',
|
||||
completing: 'Completing registration…',
|
||||
completeRegistrationFailed: 'Registration failed. Please check your invitation code and try again.'
|
||||
},
|
||||
oauth: {
|
||||
code: 'Code',
|
||||
state: 'State',
|
||||
@@ -4227,6 +4242,57 @@ export default {
|
||||
quickSetCopy: 'Generate & Copy (current site)',
|
||||
redirectUrlSetAndCopied: 'Redirect URL generated and copied to clipboard'
|
||||
},
|
||||
oidc: {
|
||||
title: 'OIDC Login',
|
||||
description: 'Configure a standard OIDC provider (for example Keycloak)',
|
||||
enable: 'Enable OIDC Login',
|
||||
enableHint: 'Show OIDC login on the login/register pages',
|
||||
providerName: 'Provider Name',
|
||||
providerNamePlaceholder: 'for example Keycloak',
|
||||
clientId: 'Client ID',
|
||||
clientIdPlaceholder: 'OIDC client id',
|
||||
clientSecret: 'Client Secret',
|
||||
clientSecretPlaceholder: '********',
|
||||
clientSecretHint: 'Used by backend to exchange tokens (keep it secret)',
|
||||
clientSecretConfiguredPlaceholder: '********',
|
||||
clientSecretConfiguredHint: 'Secret configured. Leave empty to keep the current value.',
|
||||
issuerUrl: 'Issuer URL',
|
||||
issuerUrlPlaceholder: 'https://id.example.com/realms/main',
|
||||
discoveryUrl: 'Discovery URL',
|
||||
discoveryUrlPlaceholder: 'Optional, leave empty to auto-derive from issuer',
|
||||
authorizeUrl: 'Authorize URL',
|
||||
authorizeUrlPlaceholder: 'Optional, can be discovered automatically',
|
||||
tokenUrl: 'Token URL',
|
||||
tokenUrlPlaceholder: 'Optional, can be discovered automatically',
|
||||
userinfoUrl: 'UserInfo URL',
|
||||
userinfoUrlPlaceholder: 'Optional, can be discovered automatically',
|
||||
jwksUrl: 'JWKS URL',
|
||||
jwksUrlPlaceholder: 'Optional, required when strict ID token validation is enabled',
|
||||
scopes: 'Scopes',
|
||||
scopesPlaceholder: 'openid email profile',
|
||||
scopesHint: 'Must include openid',
|
||||
redirectUrl: 'Backend Redirect URL',
|
||||
redirectUrlPlaceholder: 'https://your-domain.com/api/v1/auth/oauth/oidc/callback',
|
||||
redirectUrlHint: 'Must match the callback URL configured in the OIDC provider',
|
||||
quickSetCopy: 'Generate & Copy (current site)',
|
||||
redirectUrlSetAndCopied: 'Redirect URL generated and copied to clipboard',
|
||||
frontendRedirectUrl: 'Frontend Callback Path',
|
||||
frontendRedirectUrlPlaceholder: '/auth/oidc/callback',
|
||||
frontendRedirectUrlHint: 'Frontend route used after backend callback',
|
||||
tokenAuthMethod: 'Token Auth Method',
|
||||
clockSkewSeconds: 'Clock Skew (seconds)',
|
||||
allowedSigningAlgs: 'Allowed Signing Algs',
|
||||
allowedSigningAlgsPlaceholder: 'RS256,ES256,PS256',
|
||||
usePkce: 'Use PKCE',
|
||||
validateIdToken: 'Validate ID Token',
|
||||
requireEmailVerified: 'Require Email Verified',
|
||||
userinfoEmailPath: 'UserInfo Email Path',
|
||||
userinfoEmailPathPlaceholder: 'for example data.email',
|
||||
userinfoIdPath: 'UserInfo ID Path',
|
||||
userinfoIdPathPlaceholder: 'for example data.id',
|
||||
userinfoUsernamePath: 'UserInfo Username Path',
|
||||
userinfoUsernamePathPlaceholder: 'for example data.username'
|
||||
},
|
||||
defaults: {
|
||||
title: 'Default User Settings',
|
||||
description: 'Default values for new users',
|
||||
|
||||
@@ -427,6 +427,7 @@ export default {
|
||||
invitationCodeInvalid: '邀请码无效或已被使用',
|
||||
invitationCodeValidating: '正在验证邀请码...',
|
||||
invitationCodeInvalidCannotRegister: '邀请码无效,请检查后重试',
|
||||
oauthOrContinue: '或使用邮箱密码继续',
|
||||
linuxdo: {
|
||||
signIn: '使用 Linux.do 登录',
|
||||
orContinue: '或使用邮箱密码继续',
|
||||
@@ -441,6 +442,19 @@ export default {
|
||||
completing: '正在完成注册...',
|
||||
completeRegistrationFailed: '注册失败,请检查邀请码后重试。'
|
||||
},
|
||||
oidc: {
|
||||
signIn: '使用 {providerName} 登录',
|
||||
callbackTitle: '正在完成 {providerName} 登录',
|
||||
callbackProcessing: '正在验证 {providerName} 登录信息,请稍候...',
|
||||
callbackHint: '如果页面未自动跳转,请返回登录页重试。',
|
||||
callbackMissingToken: '登录信息缺失,请返回重试。',
|
||||
backToLogin: '返回登录',
|
||||
invitationRequired: '该 {providerName} 账号尚未注册,站点已开启邀请码注册,请输入邀请码以完成注册。',
|
||||
invalidPendingToken: '注册凭证已失效,请重新登录。',
|
||||
completeRegistration: '完成注册',
|
||||
completing: '正在完成注册...',
|
||||
completeRegistrationFailed: '注册失败,请检查邀请码后重试。'
|
||||
},
|
||||
oauth: {
|
||||
code: '授权码',
|
||||
state: '状态',
|
||||
@@ -4393,6 +4407,57 @@ export default {
|
||||
quickSetCopy: '使用当前站点生成并复制',
|
||||
redirectUrlSetAndCopied: '已使用当前站点生成回调地址并复制到剪贴板'
|
||||
},
|
||||
oidc: {
|
||||
title: 'OIDC 登录',
|
||||
description: '配置标准 OIDC Provider(例如 Keycloak)',
|
||||
enable: '启用 OIDC 登录',
|
||||
enableHint: '在登录/注册页面显示 OIDC 登录入口',
|
||||
providerName: 'Provider 名称',
|
||||
providerNamePlaceholder: '例如 Keycloak',
|
||||
clientId: 'Client ID',
|
||||
clientIdPlaceholder: 'OIDC client id',
|
||||
clientSecret: 'Client Secret',
|
||||
clientSecretPlaceholder: '********',
|
||||
clientSecretHint: '用于后端交换 token(请保密)',
|
||||
clientSecretConfiguredPlaceholder: '********',
|
||||
clientSecretConfiguredHint: '密钥已配置,留空以保留当前值。',
|
||||
issuerUrl: 'Issuer URL',
|
||||
issuerUrlPlaceholder: 'https://id.example.com/realms/main',
|
||||
discoveryUrl: 'Discovery URL',
|
||||
discoveryUrlPlaceholder: '可选,留空将基于 issuer 自动推导',
|
||||
authorizeUrl: 'Authorize URL',
|
||||
authorizeUrlPlaceholder: '可选,可通过 discovery 自动获取',
|
||||
tokenUrl: 'Token URL',
|
||||
tokenUrlPlaceholder: '可选,可通过 discovery 自动获取',
|
||||
userinfoUrl: 'UserInfo URL',
|
||||
userinfoUrlPlaceholder: '可选,可通过 discovery 自动获取',
|
||||
jwksUrl: 'JWKS URL',
|
||||
jwksUrlPlaceholder: '可选;启用严格 ID Token 校验时必填',
|
||||
scopes: 'Scopes',
|
||||
scopesPlaceholder: 'openid email profile',
|
||||
scopesHint: '必须包含 openid',
|
||||
redirectUrl: '后端回调地址(Redirect URL)',
|
||||
redirectUrlPlaceholder: 'https://your-domain.com/api/v1/auth/oauth/oidc/callback',
|
||||
redirectUrlHint: '必须与 OIDC Provider 中配置的回调地址一致',
|
||||
quickSetCopy: '使用当前站点生成并复制',
|
||||
redirectUrlSetAndCopied: '已使用当前站点生成回调地址并复制到剪贴板',
|
||||
frontendRedirectUrl: '前端回调路径',
|
||||
frontendRedirectUrlPlaceholder: '/auth/oidc/callback',
|
||||
frontendRedirectUrlHint: '后端回调完成后重定向到此前端路径',
|
||||
tokenAuthMethod: 'Token 鉴权方式',
|
||||
clockSkewSeconds: '时钟偏移(秒)',
|
||||
allowedSigningAlgs: '允许的签名算法',
|
||||
allowedSigningAlgsPlaceholder: 'RS256,ES256,PS256',
|
||||
usePkce: '启用 PKCE',
|
||||
validateIdToken: '校验 ID Token',
|
||||
requireEmailVerified: '要求邮箱已验证',
|
||||
userinfoEmailPath: 'UserInfo 邮箱字段路径',
|
||||
userinfoEmailPathPlaceholder: '例如 data.email',
|
||||
userinfoIdPath: 'UserInfo ID 字段路径',
|
||||
userinfoIdPathPlaceholder: '例如 data.id',
|
||||
userinfoUsernamePath: 'UserInfo 用户名字段路径',
|
||||
userinfoUsernamePathPlaceholder: '例如 data.username'
|
||||
},
|
||||
defaults: {
|
||||
title: '用户默认设置',
|
||||
description: '新用户的默认值',
|
||||
|
||||
Reference in New Issue
Block a user