Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

website/integrations: add Frappe #10797

Merged
merged 6 commits into from
Aug 12, 2024

Conversation

Infernogeek1
Copy link
Contributor

Details

Add Frappe OIDC integration


Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@Infernogeek1 Infernogeek1 requested a review from a team as a code owner August 6, 2024 14:26
Copy link

netlify bot commented Aug 6, 2024

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 65a2b7a
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/66b6960e24d30d0008cf94ac
😎 Deploy Preview https://deploy-preview-10797--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Copy link

netlify bot commented Aug 6, 2024

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 65a2b7a
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/66b6960ee7e34c0008025b52

- **Client ID**: Either create your own Client ID or use the auto-populated ID
- **Client Secret**: Either create your own Client Secret or use the auto-populated secret
:::note
Take note of the `Client ID` and `Client Secret` as they are required when configuring Immich.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

required when configuring --> Immich.? And I don't think it's a good idea to add a note in the middle of that instruction set. You could say something like "Take note of these values as you will need them later.

- **Authentication flow**: default-authentication-flow
- **Authorization flow**: default-provider-authorization-explicit-consent
- **Client type**: Confidential
- **Client ID**: Either create your own Client ID or use the auto-populated ID
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's best to suggest the auto-created one for security reasons


1. Create a new OAuth2/OpenID Provider under **Applications** > **Providers** using the following settings:
- **Name**: Frappe
- **Authentication flow**: default-authentication-flow
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some users might have different flows

1. Create a new OAuth2/OpenID Provider under **Applications** > **Providers** using the following settings:
- **Name**: Frappe
- **Authentication flow**: default-authentication-flow
- **Authorization flow**: default-provider-authorization-explicit-consent
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some users might have different flows

- **Authorization flow**: default-provider-authorization-explicit-consent
- **Client type**: Confidential
- **Client ID**: Either create your own Client ID or use the auto-populated ID
- **Client Secret**: Either create your own Client Secret or use the auto-populated secret
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's best to suggest the auto-created one for security reasons

- `https://frappe.company/api/method/frappe.integrations.oauth2_logins.custom/provider`
- **Scopes**: `email`, `openid`, `profile`
- **Subject mode**: `Based on the Users's username`
:::danger
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment as above about notes in the middle of instruction sets

- **Include claims in id_token**: `True`
- Leave everything else as default

## Service configuration
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
## Service configuration
## Frappe configuration


## Service configuration

1. In Frappe main menu, navigate to Integrations, then to Social Login Key.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. In Frappe main menu, navigate to Integrations, then to Social Login Key.
1. From the Frappe main menu navigate to ***Integrations**, then to **Social Login Key**.


1. In Frappe main menu, navigate to Integrations, then to Social Login Key.

Add a new Social login Key using `+ Add Social Login Key` on top right.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure about the formulation here. you could just say the button on the top right instead of adding it's full name in codeblock


In Client Credentials section:
- Enable Social Login: Turn the checkmark to the _on_ position.
- Client ID: _CLIENT_ID_
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this referencing values in authentik? if so, it should be said

website/docs: integrations: fixed the errors
Copy link

codecov bot commented Aug 7, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.74%. Comparing base (ae88ea3) to head (65a2b7a).
Report is 55 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main   #10797      +/-   ##
==========================================
+ Coverage   92.56%   92.74%   +0.17%     
==========================================
  Files         727      736       +9     
  Lines       35541    36243     +702     
==========================================
+ Hits        32900    33615     +715     
+ Misses       2641     2628      -13     
Flag Coverage Δ
e2e 49.37% <ø> (-0.24%) ⬇️
integration 25.12% <ø> (-0.19%) ⬇️
unit 90.23% <ø> (+0.15%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.


## authentik configuration

1. Create a new OAuth2/OpenID Provider under **Applications** > **Providers** using the following settings:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. Create a new OAuth2/OpenID Provider under **Applications** > **Providers** using the following settings:
1. Log in to authentik as an admin, and go to the Admin interface,
2. Create a new OAuth2/OpenID Provider under **Applications** -> **Providers** using the following settings:


Take note of **Client ID** and **Client Secret** as you will need them later.

2. Create a new Application under **Applications** > **Applications** and assign the created provider.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
2. Create a new Application under **Applications** > **Applications** and assign the created provider.
2. Create a new Application under **Applications** -> **Applications** and assign the provider that you just created.

In Client Information:
- Auth URL Data: `{"response_type": "code", "scope": "email profile openid"}`

![](./frappe4.png)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any final step here? Is there a way to verify that all of the configs were successful?

Seems like an abrupt ending... ;-)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As for verifying that it worked, I would offer to go to frappe.company and press that Login with provider.

Copy link
Contributor

@tanberry tanberry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much @Infernogeek1 for this contribution! A few nits with phrasing, and a question about how to end the topic, but looks good! Please make any suggested changes you agree with and let's get this merged!


## Frappe configuration

1. From the Frappe main menu navigate to **Integrations**, then to **Social Login Key**.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. From the Frappe main menu navigate to **Integrations**, then to **Social Login Key**.
1. From the Frappe main menu, navigate to **Integrations**, then to **Social Login Key**.


Take note of **Client ID** and **Client Secret** as you will need them later.

3. Create a new Application under **Applications** > **Applications** and assign the provider that you have just created.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

creating an application is more than the provider you could also say "select a name, a slug, and assign the provider" not in dept either just indirectly saying that there's more than the provider if you know what i mean


1. Go to `https://frappe.company` from Incognito mode.
2. Press **Login with provider** on the login screen.
3. Authorize with Authentik.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
3. Authorize with Authentik.
3. Authorize with authentik.

authentik is always lowercase. if the out reference it with uppercase elsewhere in the docs it should also be changed

@rissson rissson changed the title website/docs: integrations: add Frappe integration website/integrations: add Frappe Aug 8, 2024
Copy link
Contributor

@tanberry tanberry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much for this contribution, @Infernogeek1. A couple of nits... you might need to double-check the indentation on some of the images that are within numbered steps; I am not sure everything is aligned there, but the Suggestion box doesn't allow me to put in proper indentations, only spaces.

Let me know if any questions, and as soon as you make these few changes, let's get it merged!


## authentik configuration

1. Log in to authentik as an admin, and go to the Admin interface,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. Log in to authentik as an admin, and go to the Admin interface,
1. Log in to authentik as an admin, and go to the Admin interface.


Take note of **Client ID** and **Client Secret** as you will need them later.

3. Create a new Application under **Applications** > **Applications**, pick a name and a slug, and assign the provider that you have just created.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
3. Create a new Application under **Applications** > **Applications**, pick a name and a slug, and assign the provider that you have just created.
3. Create a new application under **Applications** -> **Applications**, pick a name and a slug, and assign the provider that you have just created.


2. Enter the following settings:

In Client Credentials section:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
In Client Credentials section:
In the **Client Credentials** section:

- Client ID: _client-id-from-authentik_
- Client Secret: _client-secret-from-authentik_

In Configuration section:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
In Configuration section:
In the **Configuration** section:


![](./frappe2.png)

In Identity Details section:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
In Identity Details section:
In the **Identity Details** section:


![](./frappe3.png)

In Client Information:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
In Client Information:
In the **Client Information** section:

In Client Information:
- Auth URL Data: `{"response_type": "code", "scope": "email profile openid"}`

![](./frappe4.png) 3. Press the black **Save** button on the top right.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
![](./frappe4.png) 3. Press the black **Save** button on the top right.
![](./frappe4.png)
3. Click **Save** on the top right.

## Verification

1. Go to `https://frappe.company` from Incognito mode.
2. Press **Login with provider** on the login screen.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
2. Press **Login with provider** on the login screen.
2. Click **Login with provider** on the login screen.

@Infernogeek1
Copy link
Contributor Author

Thanks so much for this contribution, @Infernogeek1. A couple of nits... you might need to double-check the indentation on some of the images that are within numbered steps; I am not sure everything is aligned there, but the Suggestion box doesn't allow me to put in proper indentations, only spaces.

Let me know if any questions, and as soon as you make these few changes, let's get it merged!

@tanberry, I tried make website-watch and images in numbered steps rendered fine.

@Infernogeek1 Infernogeek1 changed the title website/integrations: add Frappe website/docs: integrations: add Frappe Aug 12, 2024
@rissson rissson changed the title website/docs: integrations: add Frappe website/integrations: add Frappe Aug 12, 2024
Copy link
Contributor

@tanberry tanberry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much @Infernogeek1 for all the fixes, we'll merge now.

@tanberry tanberry merged commit 5217d48 into goauthentik:main Aug 12, 2024
68 checks passed
kensternberg-authentik added a commit that referenced this pull request Aug 12, 2024
* main: (57 commits)
  web/elements: fix empty enterprise banner (#10882)
  root: fix docker build warnings (#10881)
  website/integrations: compress images (#10880)
  website/integrations: add Frappe (#10797)
  translate: Updates for file web/xliff/en.xlf in ru (#10878)
  core, web: update translations (#10877)
  web: bump API Client version (#10876)
  providers: add provider/ prefix for property mappings API (#10874)
  core, web: update translations (#10831)
  core: bump gunicorn from 22.0.0 to 23.0.0 (#10861)
  web: bump the swc group across 2 directories with 11 updates (#10868)
  web: bump ts-pattern from 5.2.0 to 5.3.1 in /web (#10870)
  web: bump @eslint/js from 9.8.0 to 9.9.0 in /web (#10871)
  web: bump @sentry/browser from 8.24.0 to 8.25.0 in /web in the sentry group across 1 directory (#10853)
  core: bump goauthentik.io/api/v3 from 3.2024063.6 to 3.2024063.8 (#10850)
  core: bump paramiko from 3.4.0 to 3.4.1 (#10862)
  core: bump lxml from 5.2.2 to 5.3.0 (#10863)
  core: bump watchdog from 4.0.1 to 4.0.2 (#10864)
  web: bump API Client version (#10844)
  core: bump aiohttp from 3.9.5 to 3.10.2 (#10843)
  ...
kensternberg-authentik added a commit that referenced this pull request Aug 16, 2024
* main: (26 commits)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in ru (#10884)
  core, web: update translations (#10887)
  web: bump typescript-eslint from 8.0.1 to 8.1.0 in /web (#10889)
  web: bump @goauthentik/api from 2024.6.3-1723234818 to 2024.6.3-1723497462 in /web/sfe (#10890)
  core: bump goauthentik.io/api/v3 from 3.2024063.8 to 3.2024063.10 (#10891)
  web: bump API Client version (#10886)
  outposts: add better UI for showing mismatched versions (#10885)
  website/integrations: Add Semgrep (#10849)
  web/elements: fix empty enterprise banner (#10882)
  root: fix docker build warnings (#10881)
  website/integrations: compress images (#10880)
  website/integrations: add Frappe (#10797)
  translate: Updates for file web/xliff/en.xlf in ru (#10878)
  core, web: update translations (#10877)
  web: bump API Client version (#10876)
  providers: add provider/ prefix for property mappings API (#10874)
  core, web: update translations (#10831)
  core: bump gunicorn from 22.0.0 to 23.0.0 (#10861)
  web: bump the swc group across 2 directories with 11 updates (#10868)
  web: bump ts-pattern from 5.2.0 to 5.3.1 in /web (#10870)
  ...
@Infernogeek1
Copy link
Contributor Author

I have dogfooded my own docs and found out I screwed up and included a trailing slash where it should not have been.
It should be

- Redirect URL: /api/method/frappe.integrations.oauth2_logins.custom/provider/
+ Redirect URL: /api/method/frappe.integrations.oauth2_logins.custom/provider

@tanberry

@tanberry
Copy link
Contributor

I have dogfooded my own docs and found out I screwed up and included a trailing slash where it should not have been. It should be

- Redirect URL: /api/method/frappe.integrations.oauth2_logins.custom/provider/
+ Redirect URL: /api/method/frappe.integrations.oauth2_logins.custom/provider

@tanberry

Hi hi, @Infernogeek1 good catch, thanks. Do you want to open a new PR with this fix (since the PR has already been merged), or I can do it, as you wish.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants