netmaker/docs/_build/html/oauth.html

<!DOCTYPE html>

<html>
  <head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <meta name="viewport" content="width=device-width,initial-scale=1">
  <meta http-equiv="x-ua-compatible" content="ie=edge">
  <meta name="lang:clipboard.copy" content="Copy to clipboard">
  <meta name="lang:clipboard.copied" content="Copied to clipboard">
  <meta name="lang:search.language" content="en">
  <meta name="lang:search.pipeline.stopwords" content="True">
  <meta name="lang:search.pipeline.trimmer" content="True">
  <meta name="lang:search.result.none" content="No matching documents">
  <meta name="lang:search.result.one" content="1 matching document">
  <meta name="lang:search.result.other" content="# matching documents">
  <meta name="lang:search.tokenizer" content="[\s\-]+">

  
    <link href="https://fonts.gstatic.com/" rel="preconnect" crossorigin>
    <link href="https://fonts.googleapis.com/css?family=Roboto+Mono:400,500,700|Roboto:300,400,400i,700&display=fallback" rel="stylesheet">

    <style>
      body,
      input {
        font-family: "Roboto", "Helvetica Neue", Helvetica, Arial, sans-serif
      }

      code,
      kbd,
      pre {
        font-family: "Roboto Mono", "Courier New", Courier, monospace
      }
    </style>
  

  <link rel="stylesheet" href="_static/stylesheets/application.css"/>
  <link rel="stylesheet" href="_static/stylesheets/application-palette.css"/>
  <link rel="stylesheet" href="_static/stylesheets/application-fixes.css"/>
  
  <link rel="stylesheet" href="_static/fonts/material-icons.css"/>
  
  <meta name="theme-color" content="#3f51b5">
  <script src="_static/javascripts/modernizr.js"></script>
  
  
  
    <title>Integrating OAuth &#8212; Netmaker 0.10.0 documentation</title>
    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
    <link rel="stylesheet" type="text/css" href="_static/material.css" />
    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
    <script src="_static/jquery.js"></script>
    <script src="_static/underscore.js"></script>
    <script src="_static/doctools.js"></script>
    <link rel="author" title="About these documents" href="about.html" />
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="External Guides" href="usage.html" />
    <link rel="prev" title="Advanced Client Installation" href="client-installation.html" />
  
   

  </head>
  <body dir=ltr
        data-md-color-primary=indigo data-md-color-accent=light-blue>
  
  <svg class="md-svg">
    <defs data-children-count="0">
      
      <svg xmlns="http://www.w3.org/2000/svg" width="416" height="448" viewBox="0 0 416 448" id="__github"><path fill="currentColor" d="M160 304q0 10-3.125 20.5t-10.75 19T128 352t-18.125-8.5-10.75-19T96 304t3.125-20.5 10.75-19T128 256t18.125 8.5 10.75 19T160 304zm160 0q0 10-3.125 20.5t-10.75 19T288 352t-18.125-8.5-10.75-19T256 304t3.125-20.5 10.75-19T288 256t18.125 8.5 10.75 19T320 304zm40 0q0-30-17.25-51T296 232q-10.25 0-48.75 5.25Q229.5 240 208 240t-39.25-2.75Q130.75 232 120 232q-29.5 0-46.75 21T56 304q0 22 8 38.375t20.25 25.75 30.5 15 35 7.375 37.25 1.75h42q20.5 0 37.25-1.75t35-7.375 30.5-15 20.25-25.75T360 304zm56-44q0 51.75-15.25 82.75-9.5 19.25-26.375 33.25t-35.25 21.5-42.5 11.875-42.875 5.5T212 416q-19.5 0-35.5-.75t-36.875-3.125-38.125-7.5-34.25-12.875T37 371.5t-21.5-28.75Q0 312 0 260q0-59.25 34-99-6.75-20.5-6.75-42.5 0-29 12.75-54.5 27 0 47.5 9.875t47.25 30.875Q171.5 96 212 96q37 0 70 8 26.25-20.5 46.75-30.25T376 64q12.75 25.5 12.75 54.5 0 21.75-6.75 42 34 40 34 99.5z"/></svg>
      
    </defs>
  </svg>
  
  <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer">
  <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search">
  <label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
  <a href="#oauth" tabindex="1" class="md-skip"> Skip to content </a>
  <header class="md-header" data-md-component="header">
  <nav class="md-header-nav md-grid">
    <div class="md-flex navheader">
      <div class="md-flex__cell md-flex__cell--shrink">
        <a href="index.html" title="Netmaker 0.10.0 documentation"
           class="md-header-nav__button md-logo">
          
            <i class="md-icon">&#xe869</i>
          
        </a>
      </div>
      <div class="md-flex__cell md-flex__cell--shrink">
        <label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
      </div>
      <div class="md-flex__cell md-flex__cell--stretch">
        <div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
          <span class="md-header-nav__topic">Netmaker Docs</span>
          <span class="md-header-nav__topic"> Integrating OAuth </span>
        </div>
      </div>
      <div class="md-flex__cell md-flex__cell--shrink">
        <label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
        
<div class="md-search" data-md-component="search" role="dialog">
  <label class="md-search__overlay" for="__search"></label>
  <div class="md-search__inner" role="search">
    <form class="md-search__form" action="search.html" method="get" name="search">
      <input type="text" class="md-search__input" name="q" placeholder="Search"
             autocapitalize="off" autocomplete="off" spellcheck="false"
             data-md-component="query" data-md-state="active">
      <label class="md-icon md-search__icon" for="__search"></label>
      <button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
        &#xE5CD;
      </button>
    </form>
    <div class="md-search__output">
      <div class="md-search__scrollwrap" data-md-scrollfix>
        <div class="md-search-result" data-md-component="result">
          <div class="md-search-result__meta">
            Type to start searching
          </div>
          <ol class="md-search-result__list"></ol>
        </div>
      </div>
    </div>
  </div>
</div>

      </div>
      
        <div class="md-flex__cell md-flex__cell--shrink">
          <div class="md-header-nav__source">
            <a href="https://github.com/gravitl/netmaker/" title="Go to repository" class="md-source" data-md-source="github">

    <div class="md-source__icon">
      <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 24 24" width="28" height="28">
        <use xlink:href="#__github" width="24" height="24"></use>
      </svg>
    </div>
  
  <div class="md-source__repository">
    Netmaker
  </div>
</a>
          </div>
        </div>
      
      
  
  <script src="_static/javascripts/version_dropdown.js"></script>
  <script>
    var json_loc = ""versions.json"",
        target_loc = "../",
        text = "Versions";
    $( document ).ready( add_version_dropdown(json_loc, target_loc, text));
  </script>
  

    </div>
  </nav>
</header>

  
  <div class="md-container">
    
    
    
  <nav class="md-tabs" data-md-component="tabs">
    <div class="md-tabs__inner md-grid">
      <ul class="md-tabs__list">
          <li class="md-tabs__item"><a href="index.html" class="md-tabs__link">Netmaker 0.10.0 documentation</a></li>
      </ul>
    </div>
  </nav>
    <main class="md-main">
      <div class="md-main__inner md-grid" data-md-component="container">
        
          <div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
            <div class="md-sidebar__scrollwrap">
              <div class="md-sidebar__inner">
                <nav class="md-nav md-nav--primary" data-md-level="0">
  <label class="md-nav__title md-nav__title--site" for="__drawer">
    <a href="index.html" title="Netmaker 0.10.0 documentation" class="md-nav__button md-logo">
      
        <i class="md-icon">&#xe869</i>
      
    </a>
    <a href="index.html"
       title="Netmaker 0.10.0 documentation">Netmaker Docs</a>
  </label>
    <div class="md-nav__source">
      <a href="https://github.com/gravitl/netmaker/" title="Go to repository" class="md-source" data-md-source="github">

    <div class="md-source__icon">
      <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 24 24" width="28" height="28">
        <use xlink:href="#__github" width="24" height="24"></use>
      </svg>
    </div>
  
  <div class="md-source__repository">
    Netmaker
  </div>
</a>
    </div>
  
  

  
  <ul class="md-nav__list">
    <li class="md-nav__item">
    
    
      <a href="about.html" class="md-nav__link">About</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="architecture.html" class="md-nav__link">Architecture</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="install.html" class="md-nav__link">Install</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="quick-start.html" class="md-nav__link">Quick Install</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="getting-started.html" class="md-nav__link">Getting Started</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="https://k8s.netmaker.org" class="md-nav__link">Kubernetes</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
    <input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
    <label class="md-nav__link md-nav__link--active" for="__toc"> Integrating OAuth </label>
    
      <a href="#" class="md-nav__link md-nav__link--active">Integrating OAuth</a>
      
        
<nav class="md-nav md-nav--secondary">
    <label class="md-nav__title" for="__toc">Contents</label>
  <ul class="md-nav__list" data-md-scrollfix="">
        <li class="md-nav__item"><a href="#oauth--page-root" class="md-nav__link">Integrating OAuth</a><nav class="md-nav">
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
        </li>
        <li class="md-nav__item"><a href="#configuring-your-provider" class="md-nav__link">Configuring your provider</a>
        </li>
        <li class="md-nav__item"><a href="#configuring-netmaker" class="md-nav__link">Configuring Netmaker</a>
        </li>
        <li class="md-nav__item"><a href="#configuring-user-permissions" class="md-nav__link">Configuring User Permissions</a>
        </li></ul>
            </nav>
        </li>
  </ul>
</nav>
      <ul class="md-nav__list"> 
    <li class="md-nav__item">
    
    
      <a href="#introduction" class="md-nav__link">Introduction</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="#configuring-your-provider" class="md-nav__link">Configuring your provider</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="#configuring-netmaker" class="md-nav__link">Configuring Netmaker</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="#configuring-user-permissions" class="md-nav__link">Configuring User Permissions</a>
      
    
    </li></ul>
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="usage.html" class="md-nav__link">External Guides</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="ui-reference.html" class="md-nav__link">UI Reference</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="api.html" class="md-nav__link">API Reference</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="upgrades.html" class="md-nav__link">Upgrades</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="troubleshoot.html" class="md-nav__link">Troubleshooting</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="support.html" class="md-nav__link">Support</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="conduct.html" class="md-nav__link">Code of Conduct</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
      <a href="license.html" class="md-nav__link">License</a>
      
    
    </li>
  </ul>
  

</nav>
              </div>
            </div>
          </div>
          <div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
            <div class="md-sidebar__scrollwrap">
              <div class="md-sidebar__inner">
                
<nav class="md-nav md-nav--secondary">
    <label class="md-nav__title" for="__toc">Contents</label>
  <ul class="md-nav__list" data-md-scrollfix="">
        <li class="md-nav__item"><a href="#oauth--page-root" class="md-nav__link">Integrating OAuth</a><nav class="md-nav">
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
        </li>
        <li class="md-nav__item"><a href="#configuring-your-provider" class="md-nav__link">Configuring your provider</a>
        </li>
        <li class="md-nav__item"><a href="#configuring-netmaker" class="md-nav__link">Configuring Netmaker</a>
        </li>
        <li class="md-nav__item"><a href="#configuring-user-permissions" class="md-nav__link">Configuring User Permissions</a>
        </li></ul>
            </nav>
        </li>
  </ul>
</nav>
              </div>
            </div>
          </div>
        
        <div class="md-content">
          <article class="md-content__inner md-typeset" role="main">
            
  
<h1 id="oauth--page-root">Integrating OAuth<a class="headerlink" href="#oauth--page-root" title="Permalink to this headline">¶</a></h1>

<h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
<p>As of v0.8.5, Netmaker offers integration with the following OAuth providers:</p>
<ul class="simple">
<li><p>GitHub</p></li>
<li><p>Google</p></li>
<li><p>Microsoft Azure AD</p></li>
</ul>
<p>By integrating with an OAuth provider, your Netmaker users can log in via the provider, rather than the default simple auth.</p>


<h2 id="configuring-your-provider">Configuring your provider<a class="headerlink" href="#configuring-your-provider" title="Permalink to this headline">¶</a></h2>
<p>In order to use OAuth, configure your OAuth provider (GitHub, Google, Azure AD).</p>
<p>You must configure your provider (except for Azure AD) to use the Netmaker Dashboard URI dashboard.&lt;netmaker.base.domain&gt; as the origin URL.</p>
<p>For example: <cite>https://dashboard.netmaker.mydomain.com</cite></p>
<p>You must configure your provider to use the Netmaker API URI redirect route with the following format: <a class="reference external" href="https://api">https://api</a>.&lt;netmaker base domain&gt;/api/oauth/callback.</p>
<p>For example: <cite>https://api.netmaker.mydomain.com/api/oauth/callback</cite></p>
<p>General provider instructions can be found with the following links:</p>
<p>Instructions for GitHub: <a class="reference external" href="https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#github-auth-provider">https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#github-auth-provider</a>
Instructions for Google: <a class="reference external" href="https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#google-auth-provider">https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#google-auth-provider</a>
Instructions for Microsoft Azure AD: <a class="reference external" href="https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#microsoft-azure-ad-provider">https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/#microsoft-azure-ad-provider</a></p>


<h2 id="configuring-netmaker">Configuring Netmaker<a class="headerlink" href="#configuring-netmaker" title="Permalink to this headline">¶</a></h2>
<p>After you have configured your OAuth provider, take note of the CLIENT_ID and CLIENT_SECRET. If you are using Azure for oauth, you may also want to note down the Azure tenant ID you wish to use.</p>
<p>Next, Configure Netmaker with the following environment variables. If any are left blank, OAuth will fail.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">AUTH_PROVIDER</span><span class="p">:</span> <span class="s2">"&lt;azure-ad|github|google&gt;"</span>
<span class="n">CLIENT_ID</span><span class="p">:</span> <span class="s2">"&lt;client id of your oauth provider&gt;"</span>
<span class="n">CLIENT_SECRET</span><span class="p">:</span> <span class="s2">"&lt;client secret of your oauth provider&gt;"</span>
<span class="n">SERVER_HTTP_HOST</span><span class="p">:</span> <span class="s2">"api.&lt;netmaker base domain&gt;"</span>
<span class="n">FRONTEND_URL</span><span class="p">:</span> <span class="s2">"https://dashboard.&lt;netmaker base domain&gt;"</span>
<span class="n">AZURE_TENANT</span><span class="p">:</span> <span class="s2">"&lt;only for azure, you may optionally specify the tenant for the OAuth&gt;"</span>
</pre></div>
</div>
<p>After restarting your server, the Netmaker logs will indicate if the OAuth provider was successfully initialized:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">sudo</span> <span class="n">docker</span> <span class="n">logs</span> <span class="n">netmaker</span>
</pre></div>
</div>
<p>Once successful, users can click the key symbol on the login page to sign-in with your configured OAuth provider.</p>
<a class="reference internal image-reference" href="_images/oauth1.png"><img alt="Login Oauth" class="align-center" src="_images/oauth1.png" style="width: 80%;"/></a>


<h2 id="configuring-user-permissions">Configuring User Permissions<a class="headerlink" href="#configuring-user-permissions" title="Permalink to this headline">¶</a></h2>
<p>All users logging in will have zero permissions on first sign-in. An admin must configure all user permissions.</p>
<p>Admins must navigate to the “Users” screen to configure permissions.</p>
<p>For each user, an admin must specify which networks that user has access to configure. Additionally, an Admin can elevate a user to Admin permissions.</p>
<a class="reference internal image-reference" href="_images/oauth3.png"><img alt="Edit User 2" class="align-center" src="_images/oauth3.png" style="width: 80%;"/></a>
<a class="reference internal image-reference" href="_images/oauth2.png"><img alt="Edit User" class="align-center" src="_images/oauth2.png" style="width: 80%;"/></a>




          </article>
        </div>
      </div>
    </main>
  </div>
  <footer class="md-footer">
    <div class="md-footer-nav">
      <nav class="md-footer-nav__inner md-grid">
          
            <a href="client-installation.html" title="Advanced Client Installation"
               class="md-flex md-footer-nav__link md-footer-nav__link--prev"
               rel="prev">
              <div class="md-flex__cell md-flex__cell--shrink">
                <i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
              </div>
              <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
                <span class="md-flex__ellipsis">
                  <span
                      class="md-footer-nav__direction"> Previous </span> Advanced Client Installation </span>
              </div>
            </a>
          
          
            <a href="usage.html" title="External Guides"
               class="md-flex md-footer-nav__link md-footer-nav__link--next"
               rel="next">
            <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"><span
                class="md-flex__ellipsis"> <span
                class="md-footer-nav__direction"> Next </span> External Guides </span>
            </div>
            <div class="md-flex__cell md-flex__cell--shrink"><i
                class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
            </div>
          
        </a>
        
      </nav>
    </div>
    <div class="md-footer-meta md-typeset">
      <div class="md-footer-meta__inner md-grid">
        <div class="md-footer-copyright">
          <div class="md-footer-copyright__highlight">
              &#169; Copyright 2021, Alex Feiszli.
              
          </div>
            Created using
            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.3.0.
             and
            <a href="https://github.com/bashtage/sphinx-material/">Material for
              Sphinx</a>
        </div>
      </div>
    </div>
  </footer>
  <script src="_static/javascripts/application.js"></script>
  <script>app.initialize({version: "1.0.4", url: {base: ".."}})</script>
  </body>
</html>