AI/ragflow
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/infiniflow/ragflow.git synced 2025-07-31 03:52:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
ragflow/api/apps/auth
History
Chaoxi Weng 3a43043c8a
Feat: Add support for OAuth2 and OpenID Connect (OIDC) authentication (#7379) 
### What problem does this PR solve?

Add support for OAuth2 and OpenID Connect (OIDC) authentication,
allowing OAuth/OIDC authentication using the specified routes:
- `/login/<channel>`: Initiates the OAuth flow for the specified channel
- `/oauth/callback/<channel>`: Handles the OAuth callback after
successful authentication

The callback URL should be configured in your OAuth provider as:
```
https://your-app.com/oauth/callback/<channel>
```

For detailed instructions on configuring **service_conf.yaml.template**,
see: `./api/apps/auth/README.md#usage`.

- Related issues
#3495  

### Type of change

- [x] New Feature (non-breaking change which adds functionality)
- [x] Documentation Update
2025-04-28 16:15:52 +08:00
..
__init__.py
Feat: Add support for OAuth2 and OpenID Connect (OIDC) authentication (#7379)
2025-04-28 16:15:52 +08:00
oauth.py
Feat: Add support for OAuth2 and OpenID Connect (OIDC) authentication (#7379)
2025-04-28 16:15:52 +08:00
oidc.py
Feat: Add support for OAuth2 and OpenID Connect (OIDC) authentication (#7379)
2025-04-28 16:15:52 +08:00
README.md
Feat: Add support for OAuth2 and OpenID Connect (OIDC) authentication (#7379)
2025-04-28 16:15:52 +08:00

README.md

Auth

The Auth module provides implementations of OAuth2 and OpenID Connect (OIDC) authentication for integration with third-party identity providers.

Features

  • Supports both OAuth2 and OIDC authentication protocols
  • Automatic OIDC configuration discovery (via /.well-known/openid-configuration)
  • JWT token validation
  • Unified user information handling

Usage

# OAuth2 configuration
oauth_config = {
    "type": "oauth2",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "authorization_url": "https://provider.com/oauth/authorize",
    "token_url": "https://provider.com/oauth/token",
    "userinfo_url": "https://provider.com/oauth/userinfo",
    "redirect_uri": "https://your-app.com/oauth/callback/<channel>"
}

# OIDC configuration
oidc_config = {
    "type": "oidc",
    "issuer": "https://provider.com/v1/oidc",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "redirect_uri": "https://your-app.com/oauth/callback/<channel>"
}

# Get client instance
client = get_auth_client(oauth_config)  # or oidc_config

Authentication Flow

  1. Get authorization URL:
auth_url = client.get_authorization_url()
  1. After user authorization, exchange authorization code for token:
token_response = client.exchange_code_for_token(authorization_code)
access_token = token_response["access_token"]
  1. Fetch user information:
user_info = client.fetch_user_info(access_token)

User Information Structure

All authentication methods return user information following this structure:

{
    "email": "user@example.com",
    "username": "username",
    "nickname": "User Name",
    "avatar_url": "https://example.com/avatar.jpg"
}