Skip to content

Latest commit

 

History

History
70 lines (60 loc) · 2.78 KB

authorization-configuration.md

File metadata and controls

70 lines (60 loc) · 2.78 KB

Authorization Configuration

Luigi provides OpenID Connect and OAuth2 Implicit Grant authorization out of the box. The use key defines the active authorization provider.

auth: {
  use: 'openIdConnect',
  openIdConnect: {
    ...
  }
}

Open ID Connect configuration

The following code snippet demonstrates how to configure authorization using OpenID Connect in Luigi.

auth: {
    use: 'openIdConnect',
    openIdConnect: {
      authority: 'https://example-authority.com',
      client_id: 'client',
      scope: 'audience:server:client_id:client openid profile email groups',
      redirect_uri: '',
      post_logout_redirect_uri: '/logout.html',
      automaticSilentRenew: true
}
  • authority contains the OpenID Connect server address used to authenticate.
  • client_id contains your app client ID.
  • scope defines the permissions to request at login.
  • redirect_uri sets the URL to return to after login. The default application root is /.
  • post_logout_redirect_uri sets the URL to return after logout. The default URL is /logout.html.
  • automaticSilentRenew enables the renewal of the automatic token if it is supported by the server. The default value is false.

OAuth2 Implicit Grant configuration

The following code snippet demonstrates how to configure authorization using OAuth2 Implicit Grant in Luigi.

auth: {
  use: 'oAuth2ImplicitGrant',
  oAuth2ImplicitGrant: {
    authorizeUrl: 'https://example-url.com/authorize',
    logoutUrl: 'https://example-url.com/logout',
    oAuthData: {
      client_id: 'egDuozijY5SVr0NSIowUP1dT6RVqHnlp'
      scope: '',
      // optional parameters
      redirect_uri: '/luigi-core/auth/oauth2/callback.html'
      response_type: 'id_token token',
      // all specified values inside oAuthData will be added to the oauth call, i.e display="popup",
    }
    // optional functions
    nonceFn: () => {},
    logoutFn: (settings, authData, logoutCallback) => {}
  },
  • authorizeUrl contains the URL or address of the OAuth2 authorization server.
  • logoutUrl contains the endpoint to terminate the authorization session.
  • oAuthData comprises the object with data sent to the authorizeUrl.
  • client_id holds your application client ID.
  • scope defines permissions that are requested at login.
  • redirect_uri contains the URL to return to after login. The default application root is /.
  • response_type defaults to the id_token. Any other parameter that is added to oAuthData is also added to the authorization payload.
  • nonceFn provides a function that returns a string in order to override the default nonce.
  • logoutFn provides a function to override logoutUrl functionality for a custom logout. It needs to execute the function logoutCallback() after logout.