forked from vikunja/vikunja
Docs and formatting
This commit is contained in:
parent
2fa6523cc1
commit
27891e4492
|
@ -654,8 +654,7 @@ Default: `<empty>`
|
|||
|
||||
Identity-Aware Proxy configuration will allow users to authenticate through an identity-aware proxy in front of Vikunja.<br/>
|
||||
The proxy needs to supply a signed JWT over HTTP headers with claims for `sub`, `iss`, and `email`.
|
||||
This JWT must be signed using ECDSA or RSA.
|
||||
It must also serve the public keys for that signed JWT in the JWKS format.
|
||||
Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/master/config.yml.sample) for more information about how to configure this authentication.
|
||||
|
||||
Default: `<empty>`
|
||||
|
||||
|
|
|
@ -70,7 +70,7 @@ func (err ErrIAPPublicKeysetMissing) HTTPError() web.HTTPError {
|
|||
}
|
||||
|
||||
// ErrIAPUserFrontendMismatch represents a "IAPUserDoesNotMatchFrontendUser" kind of error.
|
||||
type ErrIAPUserFrontendMismatch struct {}
|
||||
type ErrIAPUserFrontendMismatch struct{}
|
||||
|
||||
// IsErrIAPPublicKeysetMissing checks if an error is a ErrIAPUserFrontendMismatch.
|
||||
func IsErrIAPUserFrontendMismatch(err error) bool {
|
||||
|
@ -114,7 +114,7 @@ func (err ErrIAPUnsupportedJWTSigningMethod) HTTPError() web.HTTPError {
|
|||
}
|
||||
|
||||
// ErrIAPJWTMissingKID represents a "ErrIAPJWTMissingKID" kind of error.
|
||||
type ErrIAPJWTMissingKID struct {}
|
||||
type ErrIAPJWTMissingKID struct{}
|
||||
|
||||
// IsErrIAPUnsupportedJWTSigningMethod checks if an error is a ErrIAPJWTMissingKID.
|
||||
func IsErrIAPJWTMissingKID(err error) bool {
|
||||
|
|
|
@ -32,16 +32,11 @@ var doc = `{
|
|||
"host": "{{.Host}}",
|
||||
"basePath": "{{.BasePath}}",
|
||||
"paths": {
|
||||
"/auth/identityawareproxy/login": {
|
||||
"post": {
|
||||
"security": [
|
||||
{
|
||||
"JWTKeyAuth": []
|
||||
}
|
||||
],
|
||||
"description": "After a redirect from the OpenID Connect provider to the frontend has been made with the authentication ` + "`" + `code` + "`" + `, this endpoint can be used to obtain a jwt token for that user and thus log them in.",
|
||||
"/auth/identityawareproxy/token": {
|
||||
"get": {
|
||||
"description": "Generates a short-lived JWT based on the identity from the identity-aware proxy in order to provide the front-end with user id and username info",
|
||||
"consumes": [
|
||||
"application/json"
|
||||
"N/A"
|
||||
],
|
||||
"produces": [
|
||||
"application/json"
|
||||
|
@ -49,7 +44,7 @@ var doc = `{
|
|||
"tags": [
|
||||
"auth"
|
||||
],
|
||||
"summary": "Authenticate a user with OpenID Connect",
|
||||
"summary": "Authenticate a user from the Identity-Aware Proxy",
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "OK",
|
||||
|
@ -8631,9 +8626,6 @@ var doc = `{
|
|||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"name": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -15,16 +15,11 @@
|
|||
},
|
||||
"basePath": "/api/v1",
|
||||
"paths": {
|
||||
"/auth/identityawareproxy/login": {
|
||||
"post": {
|
||||
"security": [
|
||||
{
|
||||
"JWTKeyAuth": []
|
||||
}
|
||||
],
|
||||
"description": "After a redirect from the OpenID Connect provider to the frontend has been made with the authentication `code`, this endpoint can be used to obtain a jwt token for that user and thus log them in.",
|
||||
"/auth/identityawareproxy/token": {
|
||||
"get": {
|
||||
"description": "Generates a short-lived JWT based on the identity from the identity-aware proxy in order to provide the front-end with user id and username info",
|
||||
"consumes": [
|
||||
"application/json"
|
||||
"N/A"
|
||||
],
|
||||
"produces": [
|
||||
"application/json"
|
||||
|
@ -32,7 +27,7 @@
|
|||
"tags": [
|
||||
"auth"
|
||||
],
|
||||
"summary": "Authenticate a user with OpenID Connect",
|
||||
"summary": "Authenticate a user from the Identity-Aware Proxy",
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "OK",
|
||||
|
@ -8614,9 +8609,6 @@
|
|||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"name": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -1210,8 +1210,6 @@ definitions:
|
|||
properties:
|
||||
enabled:
|
||||
type: boolean
|
||||
name:
|
||||
type: string
|
||||
type: object
|
||||
v1.legalInfo:
|
||||
properties:
|
||||
|
@ -1338,11 +1336,11 @@ paths:
|
|||
summary: User Avatar
|
||||
tags:
|
||||
- user
|
||||
/auth/identityawareproxy/login:
|
||||
post:
|
||||
/auth/identityawareproxy/token:
|
||||
get:
|
||||
consumes:
|
||||
- application/json
|
||||
description: After a redirect from the OpenID Connect provider to the frontend has been made with the authentication `code`, this endpoint can be used to obtain a jwt token for that user and thus log them in.
|
||||
- N/A
|
||||
description: Generates a short-lived JWT based on the identity from the identity-aware proxy in order to provide the front-end with user id and username info
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
|
@ -1354,9 +1352,7 @@ paths:
|
|||
description: Internal error
|
||||
schema:
|
||||
$ref: '#/definitions/models.Message'
|
||||
security:
|
||||
- JWTKeyAuth: []
|
||||
summary: Authenticate a user with OpenID Connect
|
||||
summary: Authenticate a user from the Identity-Aware Proxy
|
||||
tags:
|
||||
- auth
|
||||
/auth/openid/{provider}/callback:
|
||||
|
|
Loading…
Reference in New Issue