🎓Aidbox
Configure Aidbox as an External OAuth Provider
To set up one Aidbox instance to authenticate users in another Aidbox instance follow these steps:
Set up Aidbox as OAuth Provider instance
Set up client Aidbox instances that use the Provider
Set up Provider Aidbox
To set up the Provider Aidbox create a Client
resource to be used by Client Aidbox
In this guide Provider Aidbox URL is https://provider.example.com
Create Client
resource
Client
resourceClient Aidbox instance will use these Client to access Provider instance when authenticating users
PUT /Client/local-client
Content-Type: text/yaml
Accept: text/yaml
resourceType: Client
id: local-client
secret: local-secret
auth:
authorization_code:
redirect_uri: https://client.example.com/auth/callback/global-provider
refresh_token: true
secret_required: true
access_token_expiration: 36000
grant_types:
- authorization_code
Set up Client Aidbox
Create an IdentityProvider
resource to set up a Client Aidbox instance.
In this guide Client Aidbox URL is https://client.example.com
Create IdentityProvider
resource
IdentityProvider
resourceIdentityProvider
resource defies external authentication server
PUT /IdentityProvider/global-provider
Accept: text/yaml
Content-Type: text/yaml
resourceType: IdentityProvider
title: AidboxGlobal
system: https://provider.example.com
active: true
id: global-provider
authorize_endpoint: https://provider.example.com/auth/authorize
token_endpoint: https://provider.example.com/auth/token
userinfo_endpoint: https://provider.example.com/auth/userinfo
scopes:
- user
- read:org
client:
id: local-client
secret: local-secret
redirect_uri: https://client.example.com/auth/callback/global-provider
Usage
If the Provider and the Client Aidbox instances are configured correctly, users registered and authenticated in the Provider Aidbox can get access to the Client Aidbox.
User signs in the Client Aidbox using Provider Aidbox
Press "Sign in with
<Provider Aidbox title>
" buttonEnter email and password of some User from the Provider Aidbox
Allow requested scopes in the Grant screen
Finally the user is authenticated and redirected to the Client Aidbox.
Last updated
Was this helpful?