From a505995f49317472f2e468e030493c81887273ba Mon Sep 17 00:00:00 2001
From: Bai <bugatti_it@163.com>
Date: Mon, 27 Apr 2020 11:36:11 +0800
Subject: [PATCH] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9config=5Fexample(o?=
 =?UTF-8?q?penid)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../backends/{oidc/__init__.py => openid.py}  |  0
 config_example.yml                            | 40 +++++++++++++++++--
 2 files changed, 36 insertions(+), 4 deletions(-)
 rename apps/authentication/backends/{oidc/__init__.py => openid.py} (100%)

diff --git a/apps/authentication/backends/oidc/__init__.py b/apps/authentication/backends/openid.py
similarity index 100%
rename from apps/authentication/backends/oidc/__init__.py
rename to apps/authentication/backends/openid.py
diff --git a/config_example.yml b/config_example.yml
index a2e7ccf1a..3f99d609f 100644
--- a/config_example.yml
+++ b/config_example.yml
@@ -53,16 +53,48 @@ REDIS_PORT: 6379
 # REDIS_DB_CELERY: 3
 # REDIS_DB_CACHE: 4
 
-# Use OpenID authorization
-# 使用OpenID 来进行认证设置
+# Use OpenID Authorization
+# 使用 OpenID 进行认证设置
+#
+# 配置方式1:
+# 1. 版本 <= 1.5.8
+# 2. OpenID Provider 是 Keycloak
+#
 # BASE_SITE_URL: http://localhost:8080
-# AUTH_OPENID: false  # True or False
+# AUTH_OPENID: False  # True or False
 # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
 # AUTH_OPENID_REALM_NAME: realm-name
 # AUTH_OPENID_CLIENT_ID: client-id
 # AUTH_OPENID_CLIENT_SECRET: client-secret
-# AUTH_OPENID_IGNORE_SSL_VERIFICATION: True
 # AUTH_OPENID_SHARE_SESSION: True
+# AUTH_OPENID_IGNORE_SSL_VERIFICATION: True
+#
+# 配置方式2: (version >=1.5.8)
+# 1. 版本 >= 1.5.8
+# 2. 支持标准 OpenID Connect Provider
+#
+# AUTH_OPENID: False # True or False
+# AUTH_OPENID_CLIENT_ID: client-id
+# AUTH_OPENID_CLIENT_SECRET: client-secret
+# AUTH_OPENID_SHARE_SESSION: True
+# AUTH_OPENID_IGNORE_SSL_VERIFICATION: True
+# AUTH_OPENID_PROVIDER_ENDPOINT: https://op-example.com/
+# AUTH_OPENID_PROVIDER_AUTHORIZATION_ENDPOINT: https://op-example.com/authorize
+# AUTH_OPENID_PROVIDER_TOKEN_ENDPOINT: https://op-example.com/token
+# AUTH_OPENID_PROVIDER_JWKS_ENDPOINT: https://op-example.com/jwks
+# AUTH_OPENID_PROVIDER_USERINFO_ENDPOINT: https://op-example.com/userinfo
+# AUTH_OPENID_PROVIDER_END_SESSION_ENDPOINT: https://op-example.com/logout
+# AUTH_OPENID_PROVIDER_SIGNATURE_ALG: HS256
+# AUTH_OPENID_PROVIDER_SIGNATURE_KEY: None
+# AUTH_OPENID_PROVIDER_CLAIMS_NAME: None
+# AUTH_OPENID_PROVIDER_CLAIMS_USERNAME: None
+# AUTH_OPENID_PROVIDER_CLAIMS_EMAIL: None
+# AUTH_OPENID_SCOPES: "openid profile email"
+# AUTH_OPENID_ID_TOKEN_MAX_AGE: 60
+# AUTH_OPENID_ID_TOKEN_INCLUDE_USERINFO: True
+# AUTH_OPENID_USE_STATE: True
+# AUTH_OPENID_USE_NONCE: True
+# AUTH_OPENID_ALWAYS_UPDATE_USER_INFORMATION: True
 
 # Use Radius authorization
 # 使用Radius来认证