32 lines
1.4 KiB
Markdown
32 lines
1.4 KiB
Markdown
|
# OAuth2 Provider
|
||
|
|
|
||
|
|
This provider supports both generic OAuth2 as well as OpenID Connect
|
||
|
|
|
||
|
|
Scopes can be configured using Scope Mappings, a type of [Property Mappings](../property-mappings/index.md#scope-mapping).
|
||
|
|
|
||
|
|
Endpoint | URL
|
||
|
|
---------|---
|
||
|
|
Authorization | `/application/o/authorize/`
|
||
|
|
Token | `/application/o/token/`
|
||
|
|
User Info | `/application/o/userinfo/`
|
||
|
|
End Session | `/application/o/end-session/`
|
||
|
|
Introspect | `/application/o/end-session/`
|
||
|
|
JWKS | `/application/o/<application slug>/jwks/`
|
||
|
|
OpenID Configuration | `/application/o/<application slug>/.well-known/openid-configuration`
|
||
|
|
|
||
|
|
## GitHub Compatibility
|
||
|
|
|
||
|
|
This provider also exposes a GitHub-compatible endpoint. This endpoint can be used by applications, which support authenticating against GitHub Enterprise, but not generic OpenID Connect.
|
||
|
|
|
||
|
|
To use any of the GitHub Compatibility scopes, you have to use the GitHub Compatibility Endpoints.
|
||
|
|
|
||
|
|
|
||
|
|
Endpoint | URL
|
||
|
|
---------|---
|
||
|
|
Authorization | `/login/oauth/authorize`
|
||
|
|
Token | `/login/oauth/access_token`
|
||
|
|
User Info | `/user`
|
||
|
|
User Teams Info | `/user/teams`
|
||
|
|
|
||
|
|
To access the user's email address, a scope of `user:email` is required. To access their groups, `read:org` is required. Because these scopes are handled by a different endpoint, they are not customisable as a Scope Mapping.
|