apache
[Feature][Authentication] Optimize authentication related code and support more OAuth2 providers
Search before asking
- [X] I had searched in the issues and found no similar feature requirement.
Description
Currently, DS supports user login through Password, LDAP, Casdoor SSO. However, users still could no configure other standard OAuth2.0 provider such as Google and GitHub. It would be better if users could login with their Google / GitHub account.
To achieve this:
- Use spring security filter chain to enable
OAuth. - Optimize front-end so that
user storewill not be empty if users login throughOAuth. Empty user store will cause some front-end user interaction issues. - Refactoring related login logic, make
AuthenticatorandCredentialsmore abstract to satisfyOpen-Closed Principle.
Use case
No response
Related issues
No response
Are you willing to submit a PR?
- [ ] Yes I am willing to submit a PR!
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
Thank you for your feedback, we have received your issue, Please wait patiently for a reply.
- In order for us to understand your request as soon as possible, please provide detailed information, version or pictures.
- If you haven't received a reply for a long time, you can join our slack and send your question to channel
#troubleshooting
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue is a bit challenging. It requires contributors to have knowledge in both front-end and back-end.
There are many login methods now, can you re-integrate the current login logic, support password, ldap, Casdoor SSO, and OAuth2 on the same login page at the same time, and implement login logic through multiple interfaces instead of dynamic loading single login implementation #13062
There are many login methods now, can you re-integrate the current login logic, support password, ldap, Casdoor SSO, and OAuth2 on the same login page at the same time, and implement login logic through multiple interfaces instead of dynamic loading single login implementation #13062
Sounds cool. But currently I don't have time for this : )
Hi @EricGao888 @gaopeng666 the existing Casdoor SSO already supports OAuth including Google, GitHub and other dozens of identity providers: https://casdoor.org/docs/provider/oauth/overview . Also other protocols like SAML, CAS, OIDC, LDAP are supported.
The demo is: https://door.casdoor.com/
你好 @EricGao888 @gaopeng666现有的
Casdoor SSO已经支持 OAuth,包括 Google、GitHub 和其他数十个身份提供商: https: //casdoor.org/docs/provider/oauth/overview 。 还支持其他协议,如 SAML、CAS、OIDC、LDAP。演示是: https: //door.casdoor.com/
Thanks, I am learning about Casdoor recently, I think it is reasonable to hand over all the authentication work to the authentication center, but if users who do not use Casdoor may also need OAuth2.0 authentication, just like there are multiple in grafana configuration OAuth
I believe that as an independent open-source software, ds should not overly depend on Casdoor. However, currently, different OAuth2 providers can exhibit subtle differences, and some companies have their own OAuth2 services. At present, the implementation of OAuth2 login in dolphinscheduler within PR #14743 does not accommodate all providers. Thus, it is worth considering whether to refactor OAuth2 functionality akin to how taskplugin has done, so as to cater to a broader range of OAuth2 providers. @zhongjiajie
