跳到主内容

自定义OAuth

备注

Casdoor支持自定义提供商。 然而,自定义提供商必须遵循3-legged OAuth的标准流程,Token URLUserInfo URL的返回值必须符合Casdoor指定的格式。

Overview

Custom OAuth providers allow you to integrate any OAuth 2.0 compliant authentication service with Casdoor, even if it's not officially supported. This is useful when you want to integrate with:

  • Internal enterprise OAuth servers
  • Self-hosted authentication systems
  • Third-party services not yet officially supported by Casdoor

Multiple Custom Providers Support

Casdoor supports up to 10 different custom OAuth providers simultaneously. When creating custom providers, you can choose from the following types:

  • Custom - The first custom provider
  • Custom2 through Custom10 - Additional custom providers

This allows you to integrate multiple custom OAuth services without conflicts. Each custom provider maintains its own separate configuration and user data fields.

Creating a Custom Provider

To create a new custom provider, navigate to the provider page of Casdoor, and select one of the custom types ("Custom", "Custom2", "Custom3", etc.) in the Type field. 然后,您需要填写Client IDClient SecretAuth URLScopeToken URLUserInfo URLFavicon

image-20220418100744005

  • Auth URL 是自定义提供商的 OAuth 登录页面地址。

    如果你在Auth URL中填写https://door.casdoor.com/login/oauth/authorize,那么,当用户使用这个自定义提供者登录时,浏览器将首先重定向到

    https://door.casdoor.com/login/oauth/authorize?client_id={ClientID}&redirect_uri=https://{your-casdoor-hostname}/callback&state={State_generated_by_Casdoor}&response_type=code&scope={Scope}`

    授权完成后,自定义提供商应该重定向到

    https://{your-casdoor-hostname}/callback?code={code}

    经过这一步,Casdoor将会识别URL中的code参数。

  • Scope是访问Auth URL时携带的范围参数,您应根据自定义提供商的要求进行填写。

  • Token URL是获取accessToken的API端点。

    一旦你在前一步获取了代码,Casdoor应该使用它来获取accessToken。

    如果你在Token URL中填入https://door.casdoor.com/api/login/oauth/access_token,那么Casdoor将使用以下命令来访问它

    curl -X POST -u "{ClientID}:{ClientSecret}" --data-binary "code={code}&grant_type=authoritiation_code&redirect_uri=https://{your-casdoor-hostname}/callback" https://door.casdoor.com/api/login/oauth/access_token

    自定义提供者应至少返回以下信息:

    {
      "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ixxxxxxxxxxxxxx",
      "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6xxxxxxxxxxxxxx",
      "token_type": "Bearer",
      "expires_in": 10080,
      "scope": "openid profile email"
    }

  • UserInfo URL是通过accessToken获取用户信息的API端点。

    如果你在UserInfo URL中填入https://door.casdoor.com/api/userinfo,那么Casdoor将使用以下命令来访问它

    curl -X GET -H "Authorization: Bearer {accessToken}" https://door.casdoor.com/api/userinfo

    自定义提供者应至少返回以下信息:

    {
      "name": "admin",
      "preferred_username": "Admin",
      "email": "admin@example.com",
      "picture": "https://casbin.org/img/casbin.svg"
    }

  • Favicon 是自定义提供商的标识URL。

    此标志将与其他第三方登录提供商一起在Casdoor的登录页面上显示。