mirror of
https://github.com/infiniflow/ragflow.git
synced 2025-12-03 18:36:21 +00:00
a8542508b7
### What problem does this PR solve? Deprecate `/github_callback` route in favor of `/oauth/callback/<channel>` for GitHub OAuth integration: - Added GitHub OAuth support in the authentication module - Introduced `GithubOAuthClient` with methods to fetch and normalize user info - Updated `CLIENT_TYPES` to include GitHub OAuth client - Deprecated `/github_callback` route and suggested using the generic `/oauth/callback/<channel>` route --- - Related pull requests: - #7379 - #7553 ### Usage - [Create a GitHub OAuth App](https://github.com/settings/applications/new) to obtain the `client_id` and `client_secret`, configure the authorization callback url: `https://your-app.com/v1/user/oauth/callback/github` - Edit `service_conf.yaml.template`: ```yaml # ... oauth: github: type: "github" icon: "github" display_name: "Github" client_id: "your_client_id" client_secret: "your_client_secret" redirect_uri: "https://your-app.com/v1/user/oauth/callback/github" # ... ``` ### Type of change - [x] Documentation Update - [x] Refactoring (non-breaking change)
Auth
The Auth module provides implementations of OAuth2 and OpenID Connect (OIDC) authentication for integration with third-party identity providers.
Features
- Supports both OAuth2 and OIDC authentication protocols
- Automatic OIDC configuration discovery (via
/.well-known/openid-configuration) - JWT token validation
- Unified user information handling
Usage
# OAuth2 configuration
oauth_config = {
"type": "oauth2",
"client_id": "your_client_id",
"client_secret": "your_client_secret",
"authorization_url": "https://provider.com/oauth/authorize",
"token_url": "https://provider.com/oauth/token",
"userinfo_url": "https://provider.com/oauth/userinfo",
"redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
}
# OIDC configuration
oidc_config = {
"type": "oidc",
"issuer": "https://provider.com/v1/oidc",
"client_id": "your_client_id",
"client_secret": "your_client_secret",
"redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
}
# Github OAuth configuration
github_config = {
"type": "github"
"client_id": "your_client_id",
"client_secret": "your_client_secret",
"redirect_uri": "https://your-app.com/v1/user/oauth/callback/<channel>"
}
# Get client instance
client = get_auth_client(oauth_config)
Authentication Flow
- Get authorization URL:
auth_url = client.get_authorization_url()
- After user authorization, exchange authorization code for token:
token_response = client.exchange_code_for_token(authorization_code)
access_token = token_response["access_token"]
- Fetch user information:
user_info = client.fetch_user_info(access_token)
User Information Structure
All authentication methods return user information following this structure:
{
"email": "user@example.com",
"username": "username",
"nickname": "User Name",
"avatar_url": "https://example.com/avatar.jpg"
}