Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibility to set OAuth config via ENV variables #1081

Open
alexanderadam opened this issue Jun 9, 2022 · 5 comments
Open

Possibility to set OAuth config via ENV variables #1081

alexanderadam opened this issue Jun 9, 2022 · 5 comments

Comments

@alexanderadam
Copy link

alexanderadam commented Jun 9, 2022
edited

It seems that the Facebook, Google and Github credentials for OAuth/OIDC are already configurable via ENV variables (Possibility to set OAuth config via ENV variables) but it doesn't seem to be possible yet for generic solutions (i.e. as the described here)?

Would it be possible to add this possibility as well?

Thank you for your work! 🙌
@debMan
Copy link

debMan commented Jan 17, 2023

Any update on this?

@goenning
Copy link
Member

What's the reason for wanting this via ENV? Is the UI not sufficient?

@debMan
Copy link

debMan commented Feb 4, 2023

As I prefer everything as code, I wanted to set up it on a Kubernetes environment, with just a kubectl apply command or on ArgiCD.

So, it would be nice to code everything. Things I encountered:

  • OAuth configurations are on GUI
  • Tenant creation is on GUI
  • First admin user creation is on GUI

Hacky solution:
I wrote some database migrations and mounted them on the migrations directory to do the above tasks for me out of the box after running the fider instance.

@alexanderadam
Copy link
Author

Hacky solution: I wrote some database migrations and mounted them on the migrations directory to do the above tasks for me out of the box after running the fider instance.

would you mind to share the migrations of the hacky solution?

@debMan
Copy link

debMan commented Feb 4, 2023
edited

Sure. You should mount this file on /app/migrations/202205082056_my_init.

Named like this to place it after all other migrations

INSERT INTO tenants (
    id,
    name,
    subdomain,
    created_at,
    cname,
    invitation,
    welcome_message,
    status,
    is_private,
    custom_css,
    logo_bkey,
    locale,
    is_email_auth_allowed
)
VALUES (
    1,
    'MY_INSTANCE',
    'default',
    current_timestamp,
    '',
    '',
    '',
    1,
    false,
    '',
    '',
    'en',
    false
);

INSERT INTO oauth_providers (
    id,
    tenant_id,
    provider,
    display_name,
    status,
    client_id,
    client_secret,
    authorize_url,
    token_url,
    profile_url,
    scope,
    json_user_id_path,
    json_user_name_path,
    json_user_email_path,
    logo_bkey,
    is_trusted
)
VALUES (
    1,
    1,
    '_0000000000',
    'MY_PROVIDER',
    2,
    'CLIENT_ID',
    'CLIENT_SECRET',
    'MY_AUTHORIZE_URL',
    'MY_TOKEN_URL',
    'MY_PROFILE_URL',
    'openid email',
    'preferred_username',
    'given_name',
    'email',
    '',
    true
);

INSERT INTO users (
    id,
    name,
    email,
    created_at,
    tenant_id,
    role,
    status,
    avatar_type,
    avatar_bkey
)
VALUES (
    1,
    'ADMIN_USER_NAME',
    'ADMIN_USER_EMAIL',
    current_timestamp,
    1,
    3,
    1,
    2,
    '
);

NOTE: Don't forget to replace capitalized parameters.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@goenning @alexanderadam @debMan