mirror of https://github.com/zulip/zulip.git
auth: Fix up AzureAD Oauth2 docs and config.
This commit brings AzureAD config in line with other backends: - SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET gets fetched in computed_settings.py instead of default_settings, consistent with github/gitlab/etc. - SOCIAL_AUTH_AZUREAD_OAUTH2_KEY gets fetched in default_settings via get_secret(..., development_only=True) like other social backends, to allow easier set up in dev environment, in the dev-secrets.conf file. - The secret gets renamed from azure_oauth2_secret to social_auth_azuread_oauth2_secret to have a consistent naming scheme with other social backends and with the SOCIAL_AUTH_AZUREAD_OAUTH2_KEY name. This is backwards-incompatible. The instructions for setting it up are updated to fit how this is currently done in AzureAD.
This commit is contained in:
parent
3826fc8af9
commit
16829bd84b
|
@ -96,7 +96,11 @@ log][commit-log] for an up-to-date list of raw changes.
|
||||||
|
|
||||||
#### Upgrade notes for 6.0
|
#### Upgrade notes for 6.0
|
||||||
|
|
||||||
- None yet.
|
- Installations using the AzureAD authentication backend will need to
|
||||||
|
update `/etc/zulip/zulip-secrets.conf` after upgrading. The
|
||||||
|
`azure_oauth2_secret` secret was renamed to
|
||||||
|
`social_auth_azuread_oauth2_secret`, to match our other external
|
||||||
|
authentication methods.
|
||||||
|
|
||||||
## Zulip 5.x series
|
## Zulip 5.x series
|
||||||
|
|
||||||
|
|
|
@ -1120,6 +1120,8 @@ else:
|
||||||
|
|
||||||
SOCIAL_AUTH_GITHUB_SECRET = get_secret("social_auth_github_secret")
|
SOCIAL_AUTH_GITHUB_SECRET = get_secret("social_auth_github_secret")
|
||||||
SOCIAL_AUTH_GITLAB_SECRET = get_secret("social_auth_gitlab_secret")
|
SOCIAL_AUTH_GITLAB_SECRET = get_secret("social_auth_gitlab_secret")
|
||||||
|
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET = get_secret("social_auth_azuread_oauth2_secret")
|
||||||
|
|
||||||
SOCIAL_AUTH_GITHUB_SCOPE = ["user:email"]
|
SOCIAL_AUTH_GITHUB_SCOPE = ["user:email"]
|
||||||
if SOCIAL_AUTH_GITHUB_ORG_NAME or SOCIAL_AUTH_GITHUB_TEAM_ID:
|
if SOCIAL_AUTH_GITHUB_ORG_NAME or SOCIAL_AUTH_GITHUB_TEAM_ID:
|
||||||
SOCIAL_AUTH_GITHUB_SCOPE.append("read:org")
|
SOCIAL_AUTH_GITHUB_SCOPE.append("read:org")
|
||||||
|
|
|
@ -76,7 +76,7 @@ SOCIAL_AUTH_GITHUB_ORG_NAME: Optional[str] = None
|
||||||
SOCIAL_AUTH_GITHUB_TEAM_ID: Optional[str] = None
|
SOCIAL_AUTH_GITHUB_TEAM_ID: Optional[str] = None
|
||||||
SOCIAL_AUTH_GITLAB_KEY = get_secret("social_auth_gitlab_key", development_only=True)
|
SOCIAL_AUTH_GITLAB_KEY = get_secret("social_auth_gitlab_key", development_only=True)
|
||||||
SOCIAL_AUTH_SUBDOMAIN: Optional[str] = None
|
SOCIAL_AUTH_SUBDOMAIN: Optional[str] = None
|
||||||
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET = get_secret("azure_oauth2_secret")
|
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = get_secret("social_auth_azuread_oauth2_key", development_only=True)
|
||||||
SOCIAL_AUTH_GOOGLE_KEY = get_secret("social_auth_google_key", development_only=True)
|
SOCIAL_AUTH_GOOGLE_KEY = get_secret("social_auth_google_key", development_only=True)
|
||||||
# SAML:
|
# SAML:
|
||||||
SOCIAL_AUTH_SAML_SP_ENTITY_ID: Optional[str] = None
|
SOCIAL_AUTH_SAML_SP_ENTITY_ID: Optional[str] = None
|
||||||
|
|
|
@ -509,15 +509,19 @@ SOCIAL_AUTH_SAML_SUPPORT_CONTACT = {
|
||||||
##
|
##
|
||||||
## To set up Microsoft Azure AD authentication, you'll need to do the following:
|
## To set up Microsoft Azure AD authentication, you'll need to do the following:
|
||||||
##
|
##
|
||||||
## (1) Register an OAuth2 application with Microsoft at:
|
## (1) Open "App registrations" at
|
||||||
## https://apps.dev.microsoft.com
|
## https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
|
||||||
## Generate a new password under Application Secrets
|
## and click "New registration".
|
||||||
## Generate a new platform (web) under Platforms. For Redirect URL, enter:
|
|
||||||
## https://zulip.example.com/complete/azuread-oauth2/
|
|
||||||
## Add User.Read permission under Microsoft Graph Permissions
|
|
||||||
##
|
##
|
||||||
## (2) Enter the application ID for the app as SOCIAL_AUTH_AZUREAD_OAUTH2_KEY here
|
## (2) In the "Redirect URI (optional)" section, select Web as the platform
|
||||||
## (3) Put the application password in zulip-secrets.conf as 'azure_oauth2_secret'.
|
## and enter https://zulip.example.com/complete/azuread-oauth2/ as the redirect URI,
|
||||||
|
## based on your values of EXTERNAL_HOST and SOCIAL_AUTH_SUBDOMAIN.
|
||||||
|
##
|
||||||
|
## (3) After registering the app, go to "Certificates & secrets" and
|
||||||
|
## generate a new client secret. Make sure to save the generated Value.
|
||||||
|
##
|
||||||
|
## (4) Enter the application ID for the app as SOCIAL_AUTH_AZUREAD_OAUTH2_KEY below
|
||||||
|
## and the generated secret Value in zulip-secrets.conf as `social_auth_azuread_oauth2_secret`.
|
||||||
# SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = ""
|
# SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = ""
|
||||||
|
|
||||||
########
|
########
|
||||||
|
|
Loading…
Reference in New Issue