mitchell852 commented on a change in pull request #3763: Oauth authentication
rebase
URL: https://github.com/apache/trafficcontrol/pull/3763#discussion_r308768357
##########
File path: traffic_portal/app/src/traffic_portal_properties.json
##########
@@ -201,6 +201,16 @@
"url": "http://trafficcontrol.apache.org/";
}
]
+ },
+ "oAuth": {
+ "_comment": "Opt-in OAuth properties for SSO login. See
http://traffic-control-cdn.readthedocs.io/en/release-4.0.0/admin/quick_howto/oauth_login.html
for more details. redirectUriParameterOverride defaults to redirect_uri if
left blank.",
+ "enabled": false,
+ "oAuthUrl": "https://oauthProvider.example.com/auth";,
+ "oAuthTokenQueryParam": "example_token_key",
+ "redirectUriParameterOverride": "example_redirect_url_key",
+ "clientId": "exampleClient",
+ "oAuthCodeTokenUrl": "https://oauthProvider.example.com/auth/token";,
+ "clientSecret": "AbCd123"
Review comment:
@jhg03a brought up a good point to me regarding storing secrets in this
file. probably not a good idea as this file is "publicly" accessible - you
might want to look into adding this secret to
https://github.com/apache/trafficcontrol/blob/master/traffic_portal/conf/config.js
(which is not publicly accessible) which gets read by server.js when the
server starts up.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
