Delmar/docker_dev
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Julieñ
2025-11-17 18:45:35 +01:00
parent 0f58e3bdff
commit 14d6f9aa73
7607 changed files with 1969407 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
lowcoder/docs/workspaces-and-teamwork/oauth/README.md Normal file
View File

@@ -0,0 +1,57 @@
# OAuth
Since Lowcoder 2.1.3 we support OAuth for 4 standard sources. The list will increase and be completed by a generic OAUTH configuration ability.
As for now we support:
* Google
* Github
* ORY
* KeyCloak
Next on the list are:
* Atlassian
* Gitlab
* Microsoft Graph (AD / B2C) as OAuth
* LinkedIn
* Facebook
### Use OAuth providers in 2 ways.
* By Invite Link
* By workspace welcome Page
### Invite Link
When an Admin or User with appropriate rights sends an Invite Link, then this Invite Link contains the information in which workspace the new users get invited. In this way, the List of OAuth Providers at the Sign in and Sign up Screens is adapted.
<figure><img src="../../.gitbook/assets/OAuth Invite People.png" alt=""><figcaption></figcaption></figure>
### Workspace welcome page
Based on a URL pattern you can guide new Users to your Workspace welcome page, where they will find the List of OAuth Providers at the Sign in and Sign up Screens too.
```
// URL pattern to show the Workspace welcome page
// The Workspace-ID == the Org ID.
https://<your Lowcoder location>/org/<your org Id>/auth/login?redirectUrl=...
```
### Manage Login Methods (Auth Providers)
In the Admin area of Lowcoder select Settings > Auth Providers. Here you see the list of currently active auth providers. At the beginning, you will always see the standard-provider "Email"
{% hint style="warning" %}
In Lowcoder, Auth Providers except Email are bound to the Workspace. That means, that per workspace you can have individual settings and Auth Provider.
{% endhint %}
<figure><img src="../../.gitbook/assets/OAuth Providers.png" alt=""><figcaption><p>the list of Auth Providers per Workspace can be different -exept the Standard Provider Email</p></figcaption></figure>
{% hint style="info" %}
As OAuth Providers are bound to a single Workspace, they will not appear on the general Sign In or Sign up screens, but only on the Workspace-related screens.
{% endhint %}

204
lowcoder/docs/workspaces-and-teamwork/oauth/generic-oauth-provider.md Normal file
View File

@@ -0,0 +1,204 @@
# Generic OAuth Provider
Since Lowcoder v2.4.0, a generic OAuth Provider has been introduced. The goal is to cover as many OAuth providers as possible without special implementation but give you, as an Admin, the freedom to connect to any OAuth Provider using a flexible configuration.
{% hint style="info" %}
As communicated and voted by the community, we introduced the functionality in v2.4.0 but are still optimizing it, based on your feedback. Latest by Lowcoder v2.5.x this function is stable. (We expect anyhow already before that version a stable function of it.)
{% endhint %}
OAuth Providers are configured individually per Workspace.
The configuration has three parts:
* Meta-Data
* OAuth Provider Configuration
* Information Mapping
### Setup a generic OAuth provider
As the Admin of your Workspace, go to Settings > User Authentication. Here, you will find a List of your configured User Authentication Providers.
<figure><img src="../../.gitbook/assets/Settings Auth Providers.png" alt=""><figcaption><p>Overview of configured Aouth Providers for your Workspace</p></figcaption></figure>
Now, you can use the button in the upper right corner to add a new OAuth Provider. Select "Generic".
<figure><img src="../../.gitbook/assets/Settings OAuth Select Generic OAuth Provider.png" alt="" width="563"><figcaption></figcaption></figure>
### .well\_known URI
The `.well-known/openid-configuration` URI is specifically part of the OpenID Connect (OIDC) standard. If a provider supports OpenID Connect, this endpoint provides a JSON document with the configuration details for OAuth and OIDC operations. Lowcoder will try to use this configuration data and will fill out the standard OAuth Provider Configuration fields as well as possible in the next screens of the Generic OAuth Provider Configurator.
<figure><img src="../../.gitbook/assets/Settings OAuth Well Known URI.png" alt="" width="563"><figcaption><p>Enter your Well Known URI to auto-fill the configuration in Step 2</p></figcaption></figure>
### Popular Services
Here are some popular services and their OpenID configuration Endpoints
#### Google
```
https://accounts.google.com/.well-known/openid-configuration
```
#### Facebook
```
https://www.facebook.com/.well-known/openid-configuration
```
#### Microsoft
```
https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
```
#### LinkedIn
```
https://www.linkedin.com/oauth/.well-known/openid-configuration
```
#### Apple
```
https://appleid.apple.com/.well-known/openid-configuration
```
#### Amazon Cognito
```
https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/openid-configuration
```
#### Salesforce
```
https://login.salesforce.com/.well-known/openid-configuration
```
#### Dropbox
```
https://www.dropbox.com/.well-known/openid-configuration
```
#### PayPal
```
https://www.paypal.com/.well-known/openid-configuration
```
#### Slack
```
https://slack.com/.well-known/openid-configuration
```
### Popular IDMs that you can self-host
#### Keycloak
```
https://{yourKeycloakDomain}/auth/realms/{yourRealm}/.well-known/openid-configuration
```
#### Okta
```
// Self-Host
https://{yourOktaDomain}/.well-known/openid-configuration
// Cloud (domain depends on the region)
https://{yourApp}.okta-emea.com/.well-known/openid-configuration
```
#### Auth0
```
// Self-Host
https://{yourAuth0Domain}/.well-known/openid-configuration
// Cloud
https://{yourApp}.auth0.com/.well-known/openid-configuration
```
#### Ory
```
// Self-Host
https://{yourOryHydraDomain}/.well-known/openid-configuration
// Cloud
https://{yourApp}.projects.oryapis.com/.well-known/openid-configuration
```
#### Authentik
```
https://{yourAuthentikDomain}/application/o/.well-known/openid-configuration
```
#### IBM Security Access Manager (ISAM)
```
https://{yourISAMDomain}/mga/sps/oauth/oauth20/.well-known/openid-configuration
```
### OAuth Source Meta-Data
Meta Data describes the Auth Source, allowing you to influence the visual representation of the OAuth Provider in the Sign In / Sign Up screen.
<figure><img src="../../.gitbook/assets/Settings OAuth Meta Data.png" alt="" width="563"><figcaption><p>Enter a Displayed Name, Category, Icon and a Description</p></figcaption></figure>
{% hint style="danger" %}
In Lowcoder v2.4.0 you must set the field "Source" to GENERIC
{% endhint %}
From Lowcoder v2.4.1, the field "Source" will be hidden and filled out automatically.
### OAuth Configuration
In Step 2, you can now set up the configuration Data for your OAuth Provider. We introduced this in v2.4.0, and the screen will surely be extended with features in the upcoming versions.
<figure><img src="../../.gitbook/assets/Settings OAuth Provider Configuration.png" alt="" width="563"><figcaption></figcaption></figure>
{% hint style="danger" %}
Scopes must be set with a space character between the scopes, not comma-separated.
{% endhint %}
{% hint style="info" %}
Some providers do only support OAuth - but not (yet?) OpenID. This means that the User Introspection Endpoints /userinfo are not available. For this case you can activate or deactivate this Introspection. (This function comes into effect at Lowcoder v2.4.1)
{% endhint %}
### Provider-Side Configuration
At your IDM you would need to prepare an OAuth Client resp. a OAuth Client Application. There are multiple settings.
* Redirect URL. Here you enter your domain of your installation like **http://localhost:3000** or **https://app.lowcoder.cloud**
* Scopes: You should set the following Scopes if possible. **offline\_access** and **profile** are important.
* openid
* offline\_access
* email
* profile
* Supported OAuth2 flows: To handle User-Logins you need to activate the **Authorization Code Flow.** Also you may need to activate the **Refresh Token** possibility.
* Client authentication mechanism: Here, you can set **HTTP Body**
### OAuth Data Mapping
We introduce the possibility of mapping Data from OAuth providers to Lowcoder. We just started it in v2.4.0, and in this version, we enabled 4 attributes.
* UID (The User-ID in the IDM System)
* Email (The Email Address of the User in the IDM System)
* Username (The Name of the User)
* Avatar (The profile picture of the User)
<figure><img src="../../.gitbook/assets/Settings OAuth Data Mapping.png" alt="" width="563"><figcaption><p>OData Mapping</p></figcaption></figure>
<figure><img src="../../.gitbook/assets/Settings OAuth Data Mapping Result.png" alt=""><figcaption></figcaption></figure>
The second screen shows how the Avatar and Username come into effect after the Mapping.
{% hint style="warning" %}
In v2.4.0 we support mapping out of the JWT (access\_token) from the IDM. In future versions, we will also support the mapping of Attributes from the OpenID /userInfo endpoint.
{% endhint %}
{% hint style="info" %}
In future versions of Lowcoder, we will also support Attribute Matching of Token Claims to User Groups and Roles.
{% endhint %}

37
lowcoder/docs/workspaces-and-teamwork/oauth/github.md Normal file
View File

@@ -0,0 +1,37 @@
# GitHub
### GitHub as OAuth Identity Provider
To use GitHub as Auth Provider, you must setup a so-called "OAuth App". You can do so in your Github Profile > Settings [https://github.com/settings/developers](https://github.com/settings/developers)
<figure><img src="../../.gitbook/assets/Github OAuth Apps.png" alt=""><figcaption></figcaption></figure>
On GitHub the creation of an OAuth Client Registration is comparatively simple.
<figure><img src="../../.gitbook/assets/Github Client OAuth Settings.png" alt=""><figcaption><p>GitHub Client Registration Settings</p></figcaption></figure>
After configuring the Callback URLs, you can "Generate a new client secret".&#x20;
{% hint style="warning" %}
Make sure you copy the client secret directly, as it is displayed only once. Later you cannot copy it again.
{% endhint %}
Now you go back to Lowcoder Settings > Auth Providers and click "Add OAuth Provider" and select GitHub from the list of Auth Providers.
<figure><img src="../../.gitbook/assets/OAuth Add Provider.png" alt=""><figcaption></figcaption></figure>
You can copy and paste now the Client ID and Client Secret from the GitHub Client App Registration.
<figure><img src="../../.gitbook/assets/GitHub setup Auth Client.png" alt=""><figcaption></figcaption></figure>
Thats it! Now you can invite new Users to Lowcoder. They can choose GitHub to Sign Up (register) or Sign in / log in.
<figure><img src="../../.gitbook/assets/OAuth Register with Invite Link (1).png" alt=""><figcaption></figcaption></figure>
When users chose to Sign in or Sign up with GitHub, they will get redirected to the GitHub Login page of the registered Client App
<figure><img src="../../.gitbook/assets/Github OAuth Login.png" alt=""><figcaption></figcaption></figure>
Here they have to Authorize your registered Client App to act and impersonate your users.
<figure><img src="../../.gitbook/assets/Github OAuth Authorize.png" alt=""><figcaption></figcaption></figure>

25
lowcoder/docs/workspaces-and-teamwork/oauth/google.md Normal file
View File

@@ -0,0 +1,25 @@
# Google
### Google as OAuth Identity Provider
To use Google as Auth Provider, you must setup a so-called "OAuth 2.0 Client ID". You can do so in the Google Cloud Console. [https://console.cloud.google.com/apis/credentials](https://console.cloud.google.com/apis/credentials)
<figure><img src="../../.gitbook/assets/Google OAuth Credencials.png" alt=""><figcaption><p>You can create many OAuth 2.0 Client IDs</p></figcaption></figure>
Use the Form to create your Client ID (app registration)
<figure><img src="../../.gitbook/assets/Google create Client ID (1).png" alt=""><figcaption><p>You can set multiple redirect URLs</p></figcaption></figure>
On the right side, you will find the Client-ID and Client Secret. Now you go back to Lowcoder Settings > Auth Providers and click "Add OAuth Provider" and select Google from the list of Auth Providers.
<figure><img src="../../.gitbook/assets/OAuth Add Provider.png" alt=""><figcaption><p>select Google as Auth Provider from the List</p></figcaption></figure>
You can now copy and paste the Client ID and Client Secret from the Google Cloud Console.
<figure><img src="../../.gitbook/assets/OAuth Add Google.png" alt=""><figcaption></figcaption></figure>
Thats it! Now you can invite new Users to Lowcoder. They can choose Google to Sign Up (register) or Sign in / log in.
<figure><img src="../../.gitbook/assets/OAuth Register with Invite Link (1).png" alt=""><figcaption><p>Based on an invite Link, users can now login with the OAuth provider Google.</p></figcaption></figure>

69
lowcoder/docs/workspaces-and-teamwork/oauth/keycloak.md Normal file
View File

@@ -0,0 +1,69 @@
# KeyCloak
### KeyCloak as Identity Provider
To use KeyCloak as an Auth Provider, you must install and maintain an own installation of KeyCloak. A docker installation is fast achieved.
[https://www.keycloak.org/getting-started/getting-started-docker](https://www.keycloak.org/getting-started/getting-started-docker)&#x20;
In KeyCloak you have to set up first a "Realm". This is a tenant within KeyCloak. Select (or create) your Realm with the top left corner menu.
In your Realm, you can then create and configure a Client. We show here the most minimal configuration to enable Sign in and Sign up with KeyCloak for Lowcoder.
### Setup a KeyCloak Client
Choose a name and id for your Client.
<figure><img src="../../.gitbook/assets/KeyCloak Client setup 1.png" alt=""><figcaption></figcaption></figure>
Make sure the "Standard Flow" is activated, as also "Client authentication" and "Authorization". Only when checked these options, KeyCloak will issue the needed Client-Secret.
<figure><img src="../../.gitbook/assets/KeyCloak Client setup 2.png" alt=""><figcaption></figcaption></figure>
Configure the Lowcoder redirect URLs.
{% hint style="info" %}
For the cloud, the "Valid redirect URI" is https://app.lowcoder.cloud
{% endhint %}
<figure><img src="../../.gitbook/assets/KeyCloak Client Setup 3.png" alt=""><figcaption></figcaption></figure>
After the setup, you can now look for the generated Client-Secret.
<figure><img src="../../.gitbook/assets/KeyCloak Credencials Screen.png" alt=""><figcaption><p>copy the Client Secret for the setup of KeyCloak as Auth Provioder in Lowcoder</p></figcaption></figure>
Check the Settings to make sure the right capabilities are activated...
<figure><img src="../../.gitbook/assets/KeyCloak Capabilities Screen.png" alt=""><figcaption></figcaption></figure>
### KeyCloak as Lowcoder Auth Provider
in Lowcoder, go to Settings > OAuth Provider and select "KeyCloak" in the "Add OAuth Provider Dialogue"
<figure><img src="../../.gitbook/assets/KeyCloak select Provider.png" alt=""><figcaption></figcaption></figure>
Now you can enter all settings for KeyCloak
{% hint style="info" %}
Instance ID is the Base URL of your KeyCloak Installation
{% endhint %}
<figure><img src="../../.gitbook/assets/KeyCloak Setup.png" alt=""><figcaption></figcaption></figure>
You can also change settings later.
<figure><img src="../../.gitbook/assets/KeyCloak Settings.png" alt=""><figcaption></figcaption></figure>
{% hint style="warning" %}
The minimal scope to setup is "offline\_access openid".
{% endhint %}
Thats it! Now you can use KeyCloak to offer your Users to Sign in and Sign up with KeyCloak.
<figure><img src="../../.gitbook/assets/KeyCloak Sign in.png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/KeyCloak use Login.png" alt=""><figcaption></figcaption></figure>