Browse Source

Add docs

pull/675/head
Setu Shah 4 years ago
parent
commit
0d84f5e67f
3 changed files with 55 additions and 1 deletions
  1. 56
      docs/advanced/oauth2_settings.md
  2. BIN
      docs/images/oauth/okta_oauth_app.png
  3. BIN
      docs/images/oauth/okta_oauth_login_page.png

56
docs/advanced/oauth2_settings.md

@ -1,6 +1,8 @@
# How to use OAuth
This document aims to instruct how to setup OAuth for doccano. doccano now supports social login via GitHub and Active Directory by [#75](https://github.com/doccano/doccano/pull/75). In this document, we show GitHub OAuth as an example.
This document aims to instruct how to setup OAuth for doccano. doccano now supports social login via GitHub and Active Directory by [#75](https://github.com/doccano/doccano/pull/75). In this document, we show GitHub OAuth as an example.
# GitHub
## Create OAuth App
@ -35,3 +37,55 @@ python manage.py runserver
Go to login page:
![image](../images/oauth/login_page.png)
# Okta
Create an Okta web app in the Okta developer portal and get the key and secret from the app details.
## OAuth2
If you want to use OAuth2, set these environment variables.
```bash
export OAUTH_OKTA_OAUTH2_KEY=YOUR_CLIENT_ID
export OAUTH_OKTA_OAUTH2_SECRET=YOUR_CLIENT_SECRET
export OAUTH_OKTA_OAUTH2_API_URL=YOUR_BASE_URL
```
In the app settings, please set the redirect URI to `{DOCCANO_URL}/social/complete/okta-oauth2/`. For example, if you are serving Doccano at `https://example.com`, the redirect URI should be `https://example.com/social/complete/okta-oauth2/`. If using a local installation being served at port 8000, set the redirect URI to `http://127.0.0.1:8000/social/complete/okta-oauth2/`.
Okta Application setup:
![image](../images/oauth/okta_oauth_app.png)
Optionally, if you want to assign Doccano super users from Okta users, you can use Okta groups to assign them the policy. Ensure your Okta [authorization server can serve `groups` claims](https://developer.okta.com/docs/guides/customize-tokens-returned-from-okta/add-groups-claim-org-as/) and set the environment variable `OKTA_OAUTH2_ADMIN_GROUP_NAME`.
```bash
export OKTA_OAUTH2_ADMIN_GROUP_NAME=SUPERUSER_OKTA_GROUP_NAME
```
## OpenIDConnect
If you want to use OpenIDConnect, set these environment variables.
```bash
export OAUTH_OKTA_OPENIDCONNECT_KEY=YOUR_CLIENT_ID
export OAUTH_OKTA_OPENIDCONNECT_SECRET=YOUR_CLIENT_SECRET
export OAUTH_OKTA_OPENIDCONNECT_API_URL=YOUR_BASE_URL
```
In the app settings, please set the redirect URI to your app domain `/social/complete/okta-openidconnect/`. For example, if you are serving Doccano at `https://example.com`, the redirect URI should be `https://example.com/social/complete/okta-openidconnect/`. If using a local installation being served at port 8000, set the redirect URI to `http://127.0.0.1:8000/social/complete/okta-openidconnect/`.
Optionally, if you want to assign Doccano super users from Okta users, you can use Okta groups to assign them the policy. Ensure your Okta [authorization server can serve `groups` claims](https://developer.okta.com/docs/guides/customize-tokens-returned-from-okta/add-groups-claim-org-as/) and set the environment variable `OKTA_OPENIDCONNECT_ADMIN_GROUP_NAME`.
```bash
export OKTA_OPENIDCONNECT_ADMIN_GROUP_NAME=SUPERUSER_OKTA_GROUP_NAME
```
## Run Server
```bash
python manage.py runserver
```
If everything has been setup correctly, you should see a login page like the one below with an option to login using Okta.
![image](../images/oauth/okta_oauth_login_page.png)

BIN
docs/images/oauth/okta_oauth_app.png

Before After
Width: 1466  |  Height: 1920  |  Size: 220 KiB

BIN
docs/images/oauth/okta_oauth_login_page.png

Before After
Width: 2792  |  Height: 1176  |  Size: 131 KiB
Loading…
Cancel
Save