OAuth2 Authentication

Generic OAuth2 authentication plugin.

Author

• Frédéric Guillot
• License MIT

Requirements

• Kanboard >= 1.0.37

Installation

You have the choice between 3 methods:

1. Install the plugin from the Kanboard plugin manager in one click
2. Download the zip file and decompress everything under the directory plugins/OAuth2
3. Clone this repository into the folder plugins/OAuth2

Note: Plugin folder is case-sensitive.

Configuration

Note: Also works with most OpenID Providers

Go to the application settings > integrations > OAuth2 Authentication.

1) Create a new application on the OAuth2 provider

Go to the third-party authentication provider and add a new application. Copy and paste the Kanboard callback URL and generate a new set of tokens.

The third-party provider will returns a Client ID and a Client Secret. Copy those values in the Kanboard's settings.

2) Configure the provider in Kanboard

• Client ID: Unique ID that comes from the third-party provider
• Client Secret: Unique token that comes from the third-party provider
• Authorize URL: URL used for authorization
• Token URL: URL used to get tokens from third-party provider
• User API URL: URL used to fetch user profile after authentication
• Username Key: Key used to fetch the username from the user API response
• Name Key: Key used to fetch the full name
• Email Key: Key used to fetch the user email
• User ID Key: Key used to fetch the unique user ID

Notes

If "Allow Account Creation" checkbox is checked, anyone who goes to the login page, clicks the "OAuth2 Login" link, and correctly validates with your Oauth2 backend will automatically have their account created. No need to create the user in Kanboard or to use the "Invite people" link in the users area.

Examples

Example for Github OAuth2:

• Authorize URL: https://github.com/login/oauth/authorize
• Token URL: https://github.com/login/oauth/access_token
• User API URL: https://api.github.com/user
• Username Key: login
• Name Key: name
• Email Key: email
• User ID Key: id

Example for Salesforce:

• Authorize URL: https://login.salesforce.com/services/oauth2/authorize
• Token URL: https://login.salesforce.com/services/oauth2/token
• User API URL: https://login.salesforce.com/services/oauth2/userinfo
• Username Key: nickname
• Name Key: name
• Email Key: email
• User ID Key: user_id

Example for Discord:

• Authorize URL: https://discord.com/api/oauth2/authorize
• Token URL: https://discord.com/api/oauth2/token
• User API URL: https://discordapp.com/api/users/@me
• Scopes: email identify
• Username Key: username
• Name Key: username
• Email Key: email
• User ID Key: id

Example for Gitea:

• Authorize URL: https://try.gitea.io/login/oauth/authorize
• Token URL: https://try.gitea.io/login/oauth/access_token
• User API URL: https://try.gitea.io/login/oauth/userinfo
• Scopes: openid profile email groups
• Username Key: preferred_username
• Name Key: name
• Email Key: email
• User ID Key: sub

Example for Slack:

• Authorize URL: https://slack.com/openid/connect/authorize
• Token URL: https://slack.com/api/openid.connect.token
• User API URL: https://slack.com/api/openid.connect.userInfo
• Scopes: openid profile email
• Username Key: name
• Name Key: name
• Email Key: email
• User ID Key: sub

Example for Azure AD (find the URLs with proper UUIDs in your Azure app page):

• Authorize URL: https://login.microsoftonline.com/<UUID>/oauth2/v2.0/authorize
• Token URL: https://login.microsoftonline.com/<UUID>/oauth2/v2.0/token
• User API URL: https://graph.microsoft.com/v1.0/me
• Scopes: User.Read
• Username Key: userPrincipalName
• Name Key: displayName
• Email Key: mail
• User ID Key: id

Example for self-hosted Authentik:

• Authorize URL: https://auth.domain.tld/application/o/authorize/
• Token URL: https://auth.domain.tld/application/o/token/
• User API URL: https://auth.domain.tld/application/o/userinfo/
• Scopes: openid profile email
• Username Key: preferred_username
• Name Key: name
• Email Key: email
• User ID Key: sub