AI/ragflow
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/infiniflow/ragflow.git synced 2025-07-23 17:04:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
ragflow/api/apps/auth
History
Chaoxi Weng e349635a3d
Feat: Add /login/channels route and improve auth logic for frontend third-party login integration (#7521) 
### What problem does this PR solve?

Add `/login/channels` route and improve auth logic to support frontend
integration with third-party login providers:

- Add `/login/channels` route to provide authentication channel list
with `display_name` and `icon`
- Optimize user info parsing logic by prioritizing `avatar_url` and
falling back to `picture`
- Simplify OIDC token validation by removing unnecessary `kid` checks
- Ensure `client_id` is safely cast to string during `audience`
validation
- Fix typo

---
- Related pull request: #7379 

### Type of change

- [x] New Feature (non-breaking change which adds functionality)
- [x] Documentation Update
2025-05-08 10:23:19 +08:00
..
__init__.py
Feat: Add support for OAuth2 and OpenID Connect (OIDC) authentication (#7379)
2025-04-28 16:15:52 +08:00
oauth.py
Feat: Add /login/channels route and improve auth logic for frontend third-party login integration (#7521)
2025-05-08 10:23:19 +08:00
oidc.py
Feat: Add /login/channels route and improve auth logic for frontend third-party login integration (#7521)
2025-05-08 10:23:19 +08:00
README.md
Feat: Add /login/channels route and improve auth logic for frontend third-party login integration (#7521)
2025-05-08 10:23:19 +08:00

README.md

Auth

The Auth module provides implementations of OAuth2 and OpenID Connect (OIDC) authentication for integration with third-party identity providers.

Features

  • Supports both OAuth2 and OIDC authentication protocols
  • Automatic OIDC configuration discovery (via /.well-known/openid-configuration)
  • JWT token validation
  • Unified user information handling

Usage

# OAuth2 configuration
oauth_config = {
    "type": "oauth2",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "authorization_url": "https://provider.com/oauth/authorize",
    "token_url": "https://provider.com/oauth/token",
    "userinfo_url": "https://provider.com/oauth/userinfo",
    "redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
}

# OIDC configuration
oidc_config = {
    "type": "oidc",
    "issuer": "https://provider.com/v1/oidc",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
}

# Get client instance
client = get_auth_client(oauth_config)  # or oidc_config

Authentication Flow

  1. Get authorization URL:
auth_url = client.get_authorization_url()
  1. After user authorization, exchange authorization code for token:
token_response = client.exchange_code_for_token(authorization_code)
access_token = token_response["access_token"]
  1. Fetch user information:
user_info = client.fetch_user_info(access_token)

User Information Structure

All authentication methods return user information following this structure:

{
    "email": "user@example.com",
    "username": "username",
    "nickname": "User Name",
    "avatar_url": "https://example.com/avatar.jpg"
}