Third-party Authentication
Zealot supports authorized logins using supported third-party services, which can be currently configured via the following environment variables or in the settings page of the admin panel.
Service | provider |
---|---|
Feishu | feishu |
Gitlab | gitlab |
google_oauth2 | |
LDAP | ldap |
OpenID Connect | openid_connect |
If the above services need to set the callback address please set it uniformly as follows
https://zealot.example.com/users/auth/:provider/callback
where :provider
is the identifier of the above supported third-party service, for example:
# if Google is enabled, then replace `:provider` with `google_oauth2`.
https://zealot.example.com/users/auth/google_oauth2/callback
Gitlab​
- Register a Gitlab On line account or use self-host service
- Create an application in Preferences -> Applications page.
- Configure
Redirect URI
such likehttps://zealot.example.com/users/auth/gitlab/callback
(replace the domain in your case) - Check scope:
read_user
,By default zealot only uses this license, if your enable scope isapi
that's fine too
GITLAB_ENABLED=true
GITLAB_SITE=https://gitlab.com/api/v4
GITLAB_SCOPE=read_user
GITLAB_APP_ID=
GITLAB_SECRET=
Google​
- Register a Google account
- Enable Google Cloud Platform service
- Choose or create a Project then go to Credentials page
- Create OAuth Client ID with Web Application, and configure Authorized redirect URI such like
https://zealot.example.com/users/auth/google_oauth2/callback
(replace the domain in your case)
GOOGLE_OAUTH_ENABLED=true
GOOGLE_CLIENT_ID=
GOOGLE_SECRET=
Feishu (Lark)​
- Register a feishu (lark) account and download the Phone app.
- Enable Open platform and create application to get app_id, app_secret
- Configure callback url such like
https://zealot.example.com/users/auth/feishu/callback
(replace the domain in your case) - Check user filed information scope:
email address
(Optional) - Create a version and publish
FEISHU_ENABLED=true
FEISHU_APP_ID=
FEISHU_APP_SECRET=
LDAP​
LDAP_ENABLED=true
LDAP_HOST=10.0.0.1
LDAP_PORT=389
LDAP_METHOD=plain
LDAP_BIND_DN="cn=Manager,dc=example,dc=com"
LDAP_PASSWORD=password
LDAP_BASE="ou=People,dc=example,dc=com"
LDAP_UID=uid
OpenID Connect​
Supports both auto-discovery mode and manual settings.
Auto-discovery​
Turning on auto-discovery mode will automatically fetch the [OIDC_ISSUER_URL]/.well-known/openid-configuration
configuration.
OIDC_ENABLED=true
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_ISSUER_URL=https://oidc.example.com
OIDC_DISCOVERY=true
Manual​
OIDC_ENABLED=true
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_ISSUER_URL=https://oidc.example.com
OIDC_AUTH_URI=/authorize
OIDC_TOKEN_URI=/token
OIDC_USERINFO_URI=/userinfo
Above OIDC_AUTH_URI
, OIDC_TOKEN_URI
, OIDC_USERINFO_URI
will use the default path as above if not set.