loginsrv

Unnamed repository; edit this file 'description' to name the repository.
git clone git@jamesshield.xyz:repos/loginsrv.git
Log | Files | Refs | README | LICENSE

commit bfd3354cea30097928b5c2d853ca05e742e7769a
parent 010559516934bbe1c92d0744e539d697e92b1f9c
Author: Sebastian Mancke <sebastian.mancke@snabble.io>
Date:   Sat, 19 Jan 2019 19:51:46 +0100

some doku improvements

Diffstat:
M.screenshot.png | 0
MCHANGELOG.md | 9++++-----
MREADME.md | 11++++++++---
3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/.screenshot.png b/.screenshot.png Binary files differ. diff --git a/CHANGELOG.md b/CHANGELOG.md @@ -1,14 +1,13 @@ # loginsrv changelog -## v1.3.0 (planned) +## v1.3.0 +* __*ATTENTION:*__ Added a config option to set the secure flag for cookies (default: -secure-secure=true). If you run unsecure HTTP you have to set this option ot false!!! * __Google OAuth provider now uses the google userinfo endpoint. No need to activate the google+ APIs anymore.__ * __Added Gitlab OAuth Provider__ -* __Added gitlab provider__ -* The GET endpoint nor returns the user info if the call accepts JSON -* Default OAuth scopes for google and facebook provider. -* Add config option to set the secure flag for cookies (default: secure=true). If you run unsecure HTTP this you have to set this option ot false!!! +* The GET endpoint now returns the user info if the call accepts JSON +* Default OAuth scopes for google and facebook provider. No need to configure them anymore. * Caddy-plugin: let upstream middleware (e.g. fastcgi and cgi) know about authenticated user * Caddy-plugin: fixed corner cases in handling of JWT_SECRET paramter for caddy * Add viewport meta tag to get proper scaling on mobile diff --git a/README.md b/README.md @@ -12,7 +12,11 @@ loginsrv is a standalone minimalistic login server providing a [JWT](https://jwt __** Attention: Update to v1.3.0 for Google Login Update !!!! **__ Google will stop support for the Google+ APIs. So we changed loginsrv to use the standard oauth endpoints for Google login. -Please update loginsrv to the master version or wait for release v1.2.5 if you are using google. +Please update loginsrv to v1.3.0 if you are using google login. + +__** Attention: Since v1.3.0, pure HTTP is not supported by default **__ + +See [CHANGELOG](CHANGELOG.md#v130) for details. ## Abstract @@ -57,6 +61,7 @@ _Note for Caddy users_: Not all parameters are available in Caddy. See the table | -cookie-expiry | string | session | X | Expiry duration for the cookie, e.g. 2h or 3h30m | | -cookie-http-only | boolean | true | X | Set the cookie with the HTTP only flag | | -cookie-name | string | "jwt_token" | X | Name of the JWT cookie | +| -cookie-secure | boolean | true | X | Set the secure flag on the JWT cookie. (Set this to false for plain HTTP support) | | -github | value | | X | OAuth config in the form: client_id=..,client_secret=..[,scope=..][,redirect_uri=..] | | -google | value | | X | OAuth config in the form: client_id=..,client_secret=..[,scope=..][,redirect_uri=..] | | -bitbucket | value | | X | OAuth config in the form: client_id=..,client_secret=..[,scope=..][,redirect_uri=..] | @@ -93,7 +98,7 @@ So e.g. `jwt-secret` can be set by environment variable `LOGINSRV_JWT_SECRET`. The simplest way to use loginsrv is by the provided docker container. E.g. configured with the simple provider: ``` -$ docker run -d -p 8080:8080 tarent/loginsrv -jwt-secret my_secret -simple bob=secret +$ docker run -d -p 8080:8080 tarent/loginsrv -secure-cookie=false -jwt-secret my_secret -simple bob=secret $ curl --data "username=bob&password=secret" 127.0.0.1:8080/login eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJib2IifQ.uWoJkSXTLA_RvfLKe12pb4CyxQNxe5_Ovw-N5wfQwkzXz2enbhA9JZf8MmTp9n-TTDcWdY3Fd1SA72_M20G9lQ @@ -101,7 +106,7 @@ eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJib2IifQ.uWoJkSXTLA_RvfLKe12pb4Cy The same configuration could be written with environment variables this way: ``` -$ docker run -d -p 8080:8080 -e LOGINSRV_JWT_SECRET=my_secret -e LOGINSRV_BACKEND=provider=simple,bob=secret tarent/loginsrv +$ docker run -d -p 8080:8080 -E SECURE_COOKIE=false -e LOGINSRV_JWT_SECRET=my_secret -e LOGINSRV_BACKEND=provider=simple,bob=secret tarent/loginsrv ``` ## API