I would like to use own ldap auth and also give users to auth via google account. Can you give me hint how to configure it? Thank you very much
You can use the default OAuth authenticator, it should work with most providers:
https://docs.getindico.io/en/stable/config/auth/#authentication-providers
It will look like something like this:
AUTH_PROVIDERS = {
"google-oauth": {
"type": "oauth",
"title": "Google",
"oauth": {
"access_token_method": "POST",
"authorize_url": "https://accounts.google.com/o/oauth2/auth",
"consumer_key": "xxxxxxxx",
"consumer_secret": "xxxxxxx",
"request_token_url": None,
"access_token_url": "https://accounts.google.com/o/oauth2/token",
},
"callback_uri": "/auth/oauth2/callback",
"user_info_endpoint": "https://www.googleapis.com/oauth2/v2/userinfo"
},
"your-ldap": ...
}
I haven’t tested it, but it should be enough to get you started.
Thank you very much. Let me test it
I have added your config to mine and what do i need to put IDENTITY_PROVIDERS and PROVIDER_MAP
AUTH_PROVIDERS = {
'ldap': {
'type': 'ldap',
'title': 'OBL LDAP',
'ldap': _ldap_config,
'default': True
},
"google-oauth": {
"type": "oauth",
"title": "Google",
"oauth": {
...
}
}
IDENTITY_PROVIDERS = {
'ldap': {
'type': 'ldap',
'title': 'LDAP',
'ldap': _ldap_config,
'mapping': {
'first_name': 'givenName',
'last_name': 'sn',
'email': 'mail',
'affiliation': 'company',
'phone': 'telephoneNumber',
},
'trusted_email': True,
'default_group_provider': True,
'synced_fields': {'first_name', 'last_name', 'affiliation', 'phone', 'address'}
}
}
PROVIDER_MAP = {
'ldap': 'ldap'
}
I believe this example GitHub config may help:
https://flask-multipass.readthedocs.io/en/latest/quickstart/#id3