Skip to content

Commit

Permalink
[BOT] post-merge updates
Browse files Browse the repository at this point in the history
  • Loading branch information
OCA-git-bot committed Oct 9, 2023
1 parent da1a764 commit 0513ca2
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 26 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ addon | version | maintainers | summary
[auth_jwt](auth_jwt/) | 16.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | JWT bearer token authentication.
[auth_jwt_demo](auth_jwt_demo/) | 16.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Test/demo module for auth_jwt.
[auth_ldaps](auth_ldaps/) | 16.0.1.0.0 | | Allows to use LDAP over SSL authentication
[auth_oidc](auth_oidc/) | 16.0.1.0.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
[auth_oidc](auth_oidc/) | 16.0.1.0.1 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
[auth_oidc_environment](auth_oidc_environment/) | 16.0.1.0.0 | | This module allows to use server env for OIDC configuration
[auth_saml](auth_saml/) | 16.0.1.0.2 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
[auth_session_timeout](auth_session_timeout/) | 16.0.1.0.0 | | This module disable all inactive sessions since a given delay
Expand Down
36 changes: 24 additions & 12 deletions auth_oidc/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Authentication OpenID Connect
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:0e77943e35a7d7c6fb3b6f9e5753d5870e6023f5614e17f7bc0c32522086c49a
!! source digest: sha256:bdea2939597996bddfbd2c7949c8da2ad701b61203c3fd62c0c640bb5721eaf1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
Expand Down Expand Up @@ -51,11 +51,9 @@ Configuration
Setup for Microsoft Azure
~~~~~~~~~~~~~~~~~~~~~~~~~

Example configuration with OpenID Connect implicit flow.
This configuration is not recommended because it exposes the access token
to the client, and in logs.
Example configuration with OpenID Connect authorization code flow.

# configure a new web application in Azure with OpenID and implicit flow (see
# configure a new web application in Azure with OpenID and code flow (see
the `provider documentation
<https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider)>`_)
# in this application the redirect url must be be "<url of your
Expand All @@ -66,15 +64,29 @@ to the client, and in logs.
<https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings>`_
for more information):

* Provider Name: Azure
* Auth Flow: OpenID Connect
* Client ID: use the value of the OAuth2 autorization endoing (v2) from the Azure Endpoints list
* Body: Azure SSO
* Authentication URL: use the value of "OAuth2 autorization endpoint (v2)" from the Azure endpoints list
* Scope: openid email
* Validation URL: use the value of "OAuth2 token endpoint (v2)" from the Azure endpoints list
.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png

.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png

Single tenant provider limits the access to user of your tenant,
while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login
without an guest account.

* Provider Name: Azure AD Single Tenant
* Client ID: Application (client) id
* Client Secret: Client secret
* Allowed: yes

or

* Provider Name: Azure AD Multitenant
* Client ID: Application (client) id
* Client Secret: Client secret
* Allowed: yes
* replace {tenant_id} in urls with your Azure tenant id

.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png


Setup for Keycloak
~~~~~~~~~~~~~~~~~~
Expand Down
2 changes: 1 addition & 1 deletion auth_oidc/__manifest__.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

{
"name": "Authentication OpenID Connect",
"version": "16.0.1.0.0",
"version": "16.0.1.0.1",
"license": "AGPL-3",
"author": (
"ICTSTUDIO, André Schenkels, "
Expand Down
32 changes: 20 additions & 12 deletions auth_oidc/static/description/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -367,7 +367,7 @@ <h1 class="title">Authentication OpenID Connect</h1>
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:0e77943e35a7d7c6fb3b6f9e5753d5870e6023f5614e17f7bc0c32522086c49a
!! source digest: sha256:bdea2939597996bddfbd2c7949c8da2ad701b61203c3fd62c0c640bb5721eaf1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/auth_oidc"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oidc"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
<p>This module allows users to login through an OpenID Connect provider using the
Expand Down Expand Up @@ -409,11 +409,9 @@ <h1><a class="toc-backref" href="#toc-entry-1">Installation</a></h1>
<h1><a class="toc-backref" href="#toc-entry-2">Configuration</a></h1>
<div class="section" id="setup-for-microsoft-azure">
<h2><a class="toc-backref" href="#toc-entry-3">Setup for Microsoft Azure</a></h2>
<p>Example configuration with OpenID Connect implicit flow.
This configuration is not recommended because it exposes the access token
to the client, and in logs.</p>
<p>Example configuration with OpenID Connect authorization code flow.</p>
<dl class="docutils">
<dt># configure a new web application in Azure with OpenID and implicit flow (see</dt>
<dt># configure a new web application in Azure with OpenID and code flow (see</dt>
<dd>the <a class="reference external" href="https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider)">provider documentation</a>)</dd>
<dt># in this application the redirect url must be be “&lt;url of your</dt>
<dd>server&gt;/auth_oauth/signin” and of course this URL should be reachable from
Expand All @@ -422,16 +420,26 @@ <h2><a class="toc-backref" href="#toc-entry-3">Setup for Microsoft Azure</a></h2
<dd>parameters (see the <a class="reference external" href="https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings">portal documentation</a>
for more information):</dd>
</dl>
<img alt="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png" />
<img alt="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png" />
<p>Single tenant provider limits the access to user of your tenant,
while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login
without an guest account.</p>
<ul class="simple">
<li>Provider Name: Azure</li>
<li>Auth Flow: OpenID Connect</li>
<li>Client ID: use the value of the OAuth2 autorization endoing (v2) from the Azure Endpoints list</li>
<li>Body: Azure SSO</li>
<li>Authentication URL: use the value of “OAuth2 autorization endpoint (v2)” from the Azure endpoints list</li>
<li>Scope: openid email</li>
<li>Validation URL: use the value of “OAuth2 token endpoint (v2)” from the Azure endpoints list</li>
<li>Provider Name: Azure AD Single Tenant</li>
<li>Client ID: Application (client) id</li>
<li>Client Secret: Client secret</li>
<li>Allowed: yes</li>
</ul>
<p>or</p>
<ul class="simple">
<li>Provider Name: Azure AD Multitenant</li>
<li>Client ID: Application (client) id</li>
<li>Client Secret: Client secret</li>
<li>Allowed: yes</li>
<li>replace {tenant_id} in urls with your Azure tenant id</li>
</ul>
<img alt="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png" />
</div>
<div class="section" id="setup-for-keycloak">
<h2><a class="toc-backref" href="#toc-entry-4">Setup for Keycloak</a></h2>
Expand Down

0 comments on commit 0513ca2

Please sign in to comment.