From 0981ec30c3d5218939d44fc2f40725b0b4a03684 Mon Sep 17 00:00:00 2001 From: zeripath <art27@cantab.net> Date: Tue, 14 Dec 2021 08:37:11 +0000 Subject: Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766) * Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> --- docs/content/doc/usage/command-line.en-us.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'docs/content') diff --git a/docs/content/doc/usage/command-line.en-us.md b/docs/content/doc/usage/command-line.en-us.md index 296f87b51c..5e794b56c2 100644 --- a/docs/content/doc/usage/command-line.en-us.md +++ b/docs/content/doc/usage/command-line.en-us.md @@ -129,6 +129,13 @@ Admin operations: - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub). - `--custom-email-url`: Use a custom Email URL (option for GitHub). - `--icon-url`: Custom icon URL for OAuth2 login source. + - `--override-local-2fa`: Allow source to override local 2fa. (Optional) + - `--scopes`: Addtional scopes to request for this OAuth2 source. (Optional) + - `--required-claim-name`: Claim name that has to be set to allow users to login with this source. (Optional) + - `--required-claim-value`: Claim value that has to be set to allow users to login with this source. (Optional) + - `--group-claim-name`: Claim name providing group names for this source. (Optional) + - `--admin-group`: Group Claim value for administrator users. (Optional) + - `--restricted-group`: Group Claim value for restricted users. (Optional) - Examples: - `gitea admin auth add-oauth --name external-github --provider github --key OBTAIN_FROM_SOURCE --secret OBTAIN_FROM_SOURCE` - `update-oauth`: @@ -145,6 +152,13 @@ Admin operations: - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub). - `--custom-email-url`: Use a custom Email URL (option for GitHub). - `--icon-url`: Custom icon URL for OAuth2 login source. + - `--override-local-2fa`: Allow source to override local 2fa. (Optional) + - `--scopes`: Addtional scopes to request for this OAuth2 source. + - `--required-claim-name`: Claim name that has to be set to allow users to login with this source. (Optional) + - `--required-claim-value`: Claim value that has to be set to allow users to login with this source. (Optional) + - `--group-claim-name`: Claim name providing group names for this source. (Optional) + - `--admin-group`: Group Claim value for administrator users. (Optional) + - `--restricted-group`: Group Claim value for restricted users. (Optional) - Examples: - `gitea admin auth update-oauth --id 1 --name external-github-updated` - `add-ldap`: Add new LDAP (via Bind DN) authentication source -- cgit v1.2.3