feat: add oidc support #1725
Merged
feat: add oidc support #1725
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- update SystemSetting.js - add setup ui - add configuration
- update SystemSetting.js
- update common.js - update AuthLogin.js - update config.js
…lients to request user information from the IdP. - update config.js - update SystemSetting.js
…cons for WeChat, EMail, GitHub. - update lark.svg - new oidc.svg
|
特别期待的功能! 建议统一术语为标准术语: https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1 client id, client secret, 不使用 appID, appSecret 等非标准术语. 建议支持 oidc 的自动发现 https://auth0.com/docs/get-started/applications/configure-applications-with-oidc-discovery userinfo_endpoint, token_endpoint, authorization_endpoint 改为高级选项, 用于兼容不支持自动发现的提供商, 这样方便配置. 这些术语个人建议不要翻译, 因为会配置的自然也懂, 不会配置的翻译了也没用, 和供应商的术语还有可能对不上. |
遵循现有的标准是很好的建议,非常乐意修改为标准术语
很好的想法,我的实现思路是提供一个 well-known endpoint 的配置,填写该配置将通过 GET 请求 well-known endpoint 并解析返回值中的各个端点,之后通过现有的方式保存到后端 |
…ge: ClientId, ClientSecret.
|
我个人认为不应该将自动发现得到的各个 endpoint 保存至后端, 实践中虽然很少有接口更改的情况, 但该机制的初衷就是希望通过自动发现来自动配置, 不需要用户的操作, 如果提供商有接口地址更新, 有可能会导致这边的配置无法使用, 造成一些不符合直觉的现象. 比较建议实例化时实时获取最新的配置, 这样即使说提供商有接口地址更改, 一般重启应用即可解决问题, 而如果将 endpoint 保存至后端, 还需要手动清除相关的高级配置才可真正更新. |
|
还有就是可以考虑使用 https://github.com/coreos/go-oidc 这类的第三方包进行实现, 这种包直接提供了自动发现的相关机制, 无需重复实现. |
存储 自动发现端点 的作用是在配置结束后再次进入到配置页面可以得到之前配置的内容是什么,仅为存储用途,对于后端并无功能性作用,自动发现的过程将在前端完成。 |
感谢提醒,目前后端部分已经完全按照 OIDC 标准实现了,OIDC 标准并不复杂,实现起来并不困难,也鲜有出现 Bug 的机会,所以这里不再修改了,如果后续此版 OIDC 实现出现 Bug 会再次 pr 一个使用此库的版本。 |
- Change the AppId and AppSecret on the Server End to the standard usage: ClientId, ClientSecret. - add Well-Known configuration to store in database, no actual use in server end but store and display in web ui only
|
pr 已更新 |
|
Thx~ |
mxdlzg
pushed a commit
to mxdlzg/one-api
that referenced
this pull request
Oct 15, 2024
* feat: add the ui for configuring the third-party standard OAuth2.0/OIDC. - update SystemSetting.js - add setup ui - add configuration * feat: add the ui for "allow the OAuth 2.0 to login" - update SystemSetting.js * feat: add OAuth 2.0 web ui and its process functions - update common.js - update AuthLogin.js - update config.js * fix: missing "Userinfo" endpoint configuration entry, used by OAuth clients to request user information from the IdP. - update config.js - update SystemSetting.js * feat: updated the icons for Lark and OIDC to match the style of the icons for WeChat, EMail, GitHub. - update lark.svg - new oidc.svg * refactor: Changing OAuth 2.0 to OIDC * feat: add OIDC login method * feat: Add support for OIDC login to the backend * fix: Change the AppId and AppSecret on the Web UI to the standard usage: ClientId, ClientSecret. * feat: Support quick configuration of OIDC through Well-Known Discovery Endpoint * feat: Standardize terminology, add well-known configuration - Change the AppId and AppSecret on the Server End to the standard usage: ClientId, ClientSecret. - add Well-Known configuration to store in database, no actual use in server end but store and display in web ui only
daqingllm
added a commit
to daqingllm/one-api
that referenced
this pull request
Dec 29, 2024
* fix: Groq organization not auto-disabled when blocked (songquanpeng#1822) * fix: postgres use COALESCE replace null (songquanpeng#1793) Co-authored-by: jinqi.guo <[email protected]> * feat: update disabled channel (songquanpeng#1780) * Update disabled channel * Update manage.go * Update manage.go * chore: add missing space --------- Co-authored-by: JustSong <[email protected]> Co-authored-by: JustSong <[email protected]> * feat: ResponseFormat support json_schema (songquanpeng#1759) * feat: responseFormat support json_schema * chore: rename struct name --------- Co-authored-by: JustSong <[email protected]> * fix: fix ali embedding model always use v1 (songquanpeng#1747) * fix:ali embedding model: v2 and v3 * chore: use ctxkey.RequestModel to eliminate hardcoding --------- Co-authored-by: xuejia <[email protected]> Co-authored-by: JustSong <[email protected]> * feat: update stepfun models (songquanpeng#1740) Co-authored-by: chenlinfeng <[email protected]> * feat: add lobechat open link options (songquanpeng#1741) Co-authored-by: Star <[email protected]> * fix: getTokenById return token nil, make panic (songquanpeng#1728) * fix:getTokenById return token nil, make panic * chore: remove useless err check --------- Co-authored-by: JustSong <[email protected]> * feat: support new openai models (4o 0806, chatgpt-4o-latest) (songquanpeng#1721) * feat: support new model gpt-4o-2024-08-06 * feat: support new model chatgpt-4o-latest * feat: add oidc support (songquanpeng#1725) * feat: add the ui for configuring the third-party standard OAuth2.0/OIDC. - update SystemSetting.js - add setup ui - add configuration * feat: add the ui for "allow the OAuth 2.0 to login" - update SystemSetting.js * feat: add OAuth 2.0 web ui and its process functions - update common.js - update AuthLogin.js - update config.js * fix: missing "Userinfo" endpoint configuration entry, used by OAuth clients to request user information from the IdP. - update config.js - update SystemSetting.js * feat: updated the icons for Lark and OIDC to match the style of the icons for WeChat, EMail, GitHub. - update lark.svg - new oidc.svg * refactor: Changing OAuth 2.0 to OIDC * feat: add OIDC login method * feat: Add support for OIDC login to the backend * fix: Change the AppId and AppSecret on the Web UI to the standard usage: ClientId, ClientSecret. * feat: Support quick configuration of OIDC through Well-Known Discovery Endpoint * feat: Standardize terminology, add well-known configuration - Change the AppId and AppSecret on the Server End to the standard usage: ClientId, ClientSecret. - add Well-Known configuration to store in database, no actual use in server end but store and display in web ui only * feat: support SparkDesk-v3.1-128K (songquanpeng#1732) * feat: 支持SparkDesk-v3.1-128K以及hunyuan-vision * feat: 支持SparkDesk-v3.1-128K以及hunyuan-vision --------- Co-authored-by: lihangfu <[email protected]> * feat: add siliconflow usage (songquanpeng#1798) * fix: return the usage info if not null (songquanpeng#1792) Usage is missing. * fix: modify the type of token models to be text (songquanpeng#1761) * fix: modify the type of token models to be text * chore: update receiver name --------- Co-authored-by: JustSong <[email protected]> * feat: support multipart/form-data format request (songquanpeng#1690) * "add parser multipart/form-data" * chore: fix impl * chore: update impl --------- Co-authored-by: JustSong <[email protected]> * feat: support SparkDesk-v3.5-32K (songquanpeng#1832) Co-authored-by: lihangfu <[email protected]> * fix:unsuccessful lobechat redirection link (songquanpeng#1843) * feat: add Vertex AI gemini-1.5-pro-002 and gemini-1.5-flash-002 (songquanpeng#1854) * fix: use modelMap when testing a channel (songquanpeng#1855) Co-authored-by: oliang <[email protected]> * feat: update groq model and price (songquanpeng#1864) * feat: add support for Claude Sonnet 3.5 v2 (songquanpeng#1888) * feat: update Gemini adaptor to support custom response format (songquanpeng#1892) * feat: always return usage in stream mode * feat: able to hide test model selector and balance col * feat: added support for Claude 3.5 Haiku (songquanpeng#1912) * feat: add support for xAI (songquanpeng#1915) * feat: add new claude models (songquanpeng#1910) * feat: Add new models to ModelList in constants.go * feat: update model lists and mappings for Claude 3.5 versions --------- Co-authored-by: JustSong <[email protected]> * fix: changeoptional field to pointer type (songquanpeng#1907) * fix:修复在渠道配置中设置模型重定向时,temperature为0被忽略的问题 * fix: set optional fields to pointer type --------- Co-authored-by: JustSong <[email protected]> * feat: update GeneralOpenAIRequest * fix: update Spark Lite's domain to lite (songquanpeng#1896) * feat: able to use ENFORCE_INCLUDE_USAGE to enforce include usage in response * feat: support set system prompt for channel (close songquanpeng#1920) * feat: support set system_prompt for theme air & berry * feat: add warning in log when system prompt is reset * feat: support gzip decode (songquanpeng#1962) * feat: update feishu oauth login * docs: update readme * feat: support replicate chat models (songquanpeng#1989) * feat: add Replicate adaptor and integrate into channel and API types * feat: support llm chat on replicate * feat: add support for new OpenAI models and update billing ratios (songquanpeng#1990) * feat: add gemini-2.0-flash-exp and fix race condition in processChannelRelayError (songquanpeng#1983) Co-authored-by: JustSong <[email protected]> * chore(deps): bump golang.org/x/crypto from 0.24.0 to 0.31.0 (songquanpeng#1976) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.24.0 to 0.31.0. - [Commits](golang/crypto@v0.24.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: update qwen model and price (songquanpeng#1966) * feat: enhance response handling to support gemini-2.0-thinking (songquanpeng#1995) * fix: fix balance query for siliconflow (songquanpeng#1960) * docs: add tutorial section for BT Panel installation (songquanpeng#1985) * Update README.md 在国内有大部分用户都在使用宝塔面板管理服务器,因此增加使用宝塔面板部署的教程,可视化的部署方式可以帮助用户更加便捷的部署one-api * docs: update readme --------- Co-authored-by: JustSong <[email protected]> * fix: remove the duplicate `claude-3-5-haiku-20241022` in Anthropic's base model list (songquanpeng#1957) * Update constants.go Remove the duplicate `claude-3-5-haiku-20241022` causing issue 1928 * fix: fix syntax error --------- Co-authored-by: JustSong <[email protected]> * feat: support Redis Sentinel and Redis Cluster (songquanpeng#1952) * feature: support Redis Sentinel and Redis Cluster * chore: update implementation --------- Co-authored-by: JustSong <[email protected]> * feat: add balance query support for DeepSeek (songquanpeng#1946) * Support Balance Query for DeepSeek * Fix * chore: update model mapping implementation for audio (songquanpeng#1932) * fixed model mapping * chore: update implementation --------- Co-authored-by: JustSong <[email protected]> * feat: support gpt-4o-2024-11-20 (songquanpeng#1941) * fix: add branch limitation and drop pull_request trigger for ci.yml * fix: add branch check * docs: update README.md * chore: update readme * chore: update ci yaml * new disable * fix --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: AJ's Life Journey <[email protected]> Co-authored-by: guogeer <[email protected]> Co-authored-by: jinqi.guo <[email protected]> Co-authored-by: Ghostz <[email protected]> Co-authored-by: JustSong <[email protected]> Co-authored-by: JustSong <[email protected]> Co-authored-by: majian <[email protected]> Co-authored-by: leavegee <[email protected]> Co-authored-by: xuejia <[email protected]> Co-authored-by: forrestlinfeng <[email protected]> Co-authored-by: chenlinfeng <[email protected]> Co-authored-by: 千寻简 <[email protected]> Co-authored-by: Star <[email protected]> Co-authored-by: qinguoyi <[email protected]> Co-authored-by: TAKO <[email protected]> Co-authored-by: OnEvent <[email protected]> Co-authored-by: lihangfu <[email protected]> Co-authored-by: lihangfu <[email protected]> Co-authored-by: TimeTrapzz <[email protected]> Co-authored-by: byte911 <[email protected]> Co-authored-by: 徐瑞东 <[email protected]> Co-authored-by: 抒情熊 <[email protected]> Co-authored-by: Pan, Wen-Ming <[email protected]> Co-authored-by: liangjs <[email protected]> Co-authored-by: oliang <[email protected]> Co-authored-by: longkeyy <[email protected]> Co-authored-by: shaoyun <[email protected]> Co-authored-by: Wei Tingjiang <[email protected]> Co-authored-by: Ryo Shen <[email protected]> Co-authored-by: Laisky.Cai <[email protected]> Co-authored-by: wanthigh <[email protected]> Co-authored-by: Calcium-Ion <[email protected]> Co-authored-by: JustSong <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ke Wang <[email protected]> Co-authored-by: bestlaw66 <[email protected]> Co-authored-by: ZhangTianrong <[email protected]> Co-authored-by: Yuwei Ba <[email protected]> Co-authored-by: Qiying Wang <[email protected]> Co-authored-by: liuliming <[email protected]>
SheldonLiu0412
pushed a commit
to SheldonLiu0412/one-api
that referenced
this pull request
Jan 23, 2025
* feat: add the ui for configuring the third-party standard OAuth2.0/OIDC. - update SystemSetting.js - add setup ui - add configuration * feat: add the ui for "allow the OAuth 2.0 to login" - update SystemSetting.js * feat: add OAuth 2.0 web ui and its process functions - update common.js - update AuthLogin.js - update config.js * fix: missing "Userinfo" endpoint configuration entry, used by OAuth clients to request user information from the IdP. - update config.js - update SystemSetting.js * feat: updated the icons for Lark and OIDC to match the style of the icons for WeChat, EMail, GitHub. - update lark.svg - new oidc.svg * refactor: Changing OAuth 2.0 to OIDC * feat: add OIDC login method * feat: Add support for OIDC login to the backend * fix: Change the AppId and AppSecret on the Web UI to the standard usage: ClientId, ClientSecret. * feat: Support quick configuration of OIDC through Well-Known Discovery Endpoint * feat: Standardize terminology, add well-known configuration - Change the AppId and AppSecret on the Server End to the standard usage: ClientId, ClientSecret. - add Well-Known configuration to store in database, no actual use in server end but store and display in web ui only
|
这个实现问题有点多
|
确实是存在很多问题的
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
add support for oidc login.
close #508
close #554
我已确认该 PR 已自测通过,相关截图如下:
