diff options
author | Niall Sheridan <nsheridan@gmail.com> | 2017-02-11 20:20:35 +0000 |
---|---|---|
committer | Niall Sheridan <nsheridan@gmail.com> | 2017-02-11 20:20:35 +0000 |
commit | 9c344a0a95c44ef9cebade7b8a65ac160d9eb900 (patch) | |
tree | aa3782547656b26a55527295c78aa0b8621f8676 /README.md | |
parent | 376b8f670a9c80e8ae69581a354cb989571c44c2 (diff) |
Revert "Remove the oauth_callback_url config option"
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -152,6 +152,7 @@ Obviously you should setup a role user for running in prodution. - `provider` : string. Name of the oauth provider. Valid providers are currently "google", "github" and "gitlab". - `oauth_client_id` : string. Oauth Client ID. This can be a secret stored in a [vault](https://www.vaultproject.io/) using the form `/vault/path/key` e.g. `/vault/secret/cashier/oauth_client_id`. - `oauth_client_secret` : string. Oauth secret. This can be a secret stored in a [vault](https://www.vaultproject.io/) using the form `/vault/path/key` e.g. `/vault/secret/cashier/oauth_client_secret`. +- `oauth_callback_url` : string. URL that the Oauth provider will redirect to after user authorisation. The path is hardcoded to `"/auth/callback"` in the source. - `provider_opts` : object. Additional options for the provider. - `users_whitelist` : array of strings. Optional list of whitelisted usernames. If missing, all users of your current domain/organization are allowed to authenticate against cashierd. For Google auth a user is an email address. For GitHub auth a user is a GitHub username. @@ -209,7 +210,7 @@ The server is configured using a HCL configuration file - [example](example-serv For the server you need the following: - A new ssh private key. Generate one in the usual way using `ssh-keygen -f ssh_ca` - this is your CA signing key. At this time Cashier supports RSA, ECDSA and Ed25519 keys. *Important* This key should be kept safe - *ANY* ssh key signed with this key will be able to access your machines. -- OAuth (Google, GitHub or Gitlab) credentials. Cashier's callback handler is `/auth/callback` so set the callback URL appropriately when creating the credentials. +- OAuth (Google or GitHub) credentials. You may also need to set the callback URL when creating these. ## Using cashier Once the server is up and running you'll need to configure your client. |