29,279
edits
Changes
m
→Composing MAIN_AUTHENTICATION_OPENID_URL
Line 79:
Line 79:
−The you must set parameters and options of your openid connect service. From v21, you can enable the module OpenIDConnect to edit them. From v18 to v20, you must edit them from menu Home - Setup - Other.+
+
+
+
+# The final MAIN_AUTHENTICATION_OPENID_URL content should be like: <code><nowiki>https://tenant.us.auth0.com/authorize?client_id=My-Super-Awesome-Client-ID-1234&redirect_uri=https%3A%2F%2Fdolibarr.domain.com%2F%3Fopenid_mode%3Dtrue&scope=openid</nowiki> profile email&response_type=code</code>+==== Dolibarr application setup ====
−The final configuration step is to create the following values in '''Home > Setup > Other Setup'''.
−{| class="wikitable"
−!Name
−!Example
−!Comment
−!Description
−|-
−|<code>MAIN_AUTHENTICATION_OPENID_URL</code>
−|See above
−|OpenID Connect URL
−|Composed OpenID Connect URL
−|-
−|<code>MAIN_LOGOUT_GOTO_URL</code>
−|See above
−|Identity Provider logout URL
−|Composed IdP logout URL
−|-
−|<code>MAIN_AUTHENTICATION_OIDC_CLIENT_ID</code>
−|<code>My-Super-Awesome-Client-ID-1234</code>
−|OpenID Connect Client ID
−|Application client ID
−|-
−|<code>MAIN_AUTHENTICATION_OIDC_CLIENT_SECRET</code>
−|<code>My-Very-Hidden-Client-Secret-1234</code>
−|OpenID Connect Client Secret
−|Application client secret
−|-
−|<code>MAIN_AUTHENTICATION_OIDC_TOKEN_URL</code>
−|<code><nowiki>https://tenant.us.auth0.com/oauth/token</nowiki></code>
−|OpenID Connect token URL
−|<code>/token</code> endpoint
−|-
−|<code>MAIN_AUTHENTICATION_OIDC_USERINFO_URL</code>
−|<code><nowiki>https://tenant.us.auth0.com/userinfo</nowiki></code>
−|OpenID Connect userinfo URL
−|<code>/userinfo</code> endpoint
−|-
−|<code>MAIN_AUTHENTICATION_OIDC_REDIRECT_URL</code>
−|<code><nowiki>https://dolibarr.domain.com/?openid_mode=true</nowiki></code>
−|OpenID Connect redirect URL
−|Dolibarr URL followed by <code>/?openid_mode=true</code>
−|-
−|<code>MAIN_AUTHENTICATION_OIDC_LOGIN_CLAIM</code>
−|<code>email</code>
−|OpenID Connect login claim
−|OpenID Connect claim matching the Dolibarr user login. If not set or empty, defaults to <code>email</code>
−|}
−Source page https://github.com/Dolibarr/dolibarr/issues/22740.
==== Dolibarr application setup ====
+Then you must set parameters and options of your openid connect service. From v21, you can enable the module OpenIDConnect to edit them. From v18 to v20, you must edit them from menu '''Home - Setup - Other'''.
+{| class="wikitable"
+!Name
+!Example
+!Comment
+!Description
+|-
+|<code>MAIN_AUTHENTICATION_OIDC_CLIENT_ID</code>
+|<code>My-Super-Awesome-Client-ID-1234</code>
+|OpenID Connect Client ID
+|Application client ID
+|-
+|<code>MAIN_AUTHENTICATION_OIDC_CLIENT_SECRET</code>
+|<code>My-Very-Hidden-Client-Secret-1234</code>
+|OpenID Connect Client Secret
+|Application client secret
+|-
+|<code>MAIN_AUTHENTICATION_OIDC_AUTHORIZE_URL</code>
+|<code><nowiki>https://tenant.us.auth0.com/oauth/authorize</nowiki></code>
+|OpenID Authorize URL
+|<code>/authorize</code> endpoint
+|-
+|<code>MAIN_AUTHENTICATION_OIDC_TOKEN_URL</code>
+|<code><nowiki>https://tenant.us.auth0.com/oauth/token</nowiki></code>
+|OpenID Connect token URL
+|<code>/token</code> endpoint
+|-
+|<code>MAIN_AUTHENTICATION_OIDC_USERINFO_URL</code>
+|<code><nowiki>https://tenant.us.auth0.com/userinfo</nowiki></code>
+|OpenID Connect userinfo URL
+|<code>/userinfo</code> endpoint
+|-
+|<code>MAIN_AUTHENTICATION_OIDC_REDIRECT_URL</code>
+|<code><nowiki>https://dolibarr.domain.com/?openid_mode=true</nowiki></code>
+|OpenID Connect redirect URL
+|Dolibarr URL followed by <code>/?openid_mode=true</code>
+|-
+|<code>MAIN_AUTHENTICATION_OIDC_LOGIN_CLAIM</code>
+|<code>email</code>
+|OpenID Connect login claim
+|OpenID Connect claim matching the Dolibarr user login. If not set or empty, defaults to <code>email</code>
+|-
+|<code>MAIN_LOGOUT_GOTO_URL</code>
+|See later
+|Identity Provider logout URL
+|Composed IdP logout URL
+|}
+Source page https://github.com/Dolibarr/dolibarr/issues/22740.
====Composing <code>MAIN_AUTHENTICATION_OPENID_URL</code>====
====Composing <code>MAIN_AUTHENTICATION_OPENID_URL</code>====
+
+The MAIN_AUTHENTICATION_OPENID_URL will be generated (but if you prefer, you can set it manually from Home - Setup - Other) to
+
+<pre>
+MAIN_AUTHENTICATION_OIDC_AUTHORIZE_URL?client_id=MAIN_AUTHENTICATION_OIDC_CLIENT_ID&redirect_uri=mydolibarr/core/modules/openid_connect/callback.php&scope=MAIN_AUTHENTICATION_OIDC_SCOPES&response_type=code
+</pre>
This is the main OpenID Connect authentication URL, which allows the user to log in and then be redirected back to Dolibarr. It makes use of some already existing OpenID 2.0 features.
This is the main OpenID Connect authentication URL, which allows the user to log in and then be redirected back to Dolibarr. It makes use of some already existing OpenID 2.0 features.
Line 109:
Line 167:
|OAuth flow name, here we use <code>code</code> for the Authorization Code flow
|OAuth flow name, here we use <code>code</code> for the Authorization Code flow
|<code>code</code>
|<code>code</code>
+|-
+|state
+|A number
+|1234568
|}
|}
<br />
<br />
−The final MAIN_AUTHENTICATION_OPENID_URL content should be like: <code><nowiki>https://tenant.us.auth0.com/authorize?client_id=My-Super-Awesome-Client-ID-1234&redirect_uri=https%3A%2F%2Fdolibarr.domain.com%2F%3Fopenid_mode%3Dtrue&scope=openid</nowiki> profile email&response_type=code&state=anumber</code>
<br />
<br />
Line 138:
Line 200:
<br />
<br />
−===OpenID Connect using OpenID and the HTTP Basic of Apache===
===OpenID Connect using OpenID and the HTTP Basic of Apache===