[英]Configure pgadmin4 to use Azure AD Oauth2
I'm trying to add possibility to login into pgadmin4 panel with Azure AD Oauth2.我正在尝试增加使用 Azure AD Oauth2 登录 pgadmin4 面板的可能性。 I created app in App registrations
, created secrets in Certificates & secrets
and in config_local.py
I have settings like:我在App registrations
中创建了应用程序,在Certificates & secrets
和config_local.py
中创建了秘密我有如下设置:
MASTER_PASSWORD_REQUIRED = True
AUTHENTICATION_SOURCES = ['oauth2', 'internal']
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [
{
'OAUTH2_NAME': 'azure',
'OAUTH2_DISPLAY_NAME': 'azure',
'OAUTH2_CLIENT_ID': 'Application (client) ID',
'OAUTH2_CLIENT_SECRET': '{SECRET_VALUE}',
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token',
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/authorize',
'OAUTH2_API_BASE_URL': 'https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/authorize',
'OAUTH2_USERINFO_ENDPOINT': 'userinfo',
'OAUTH2_BUTTON_COLOR': '#0000ff',
}
]
I have an option on my login page to log into the panel with azure, but when I go there I get:我的登录页面上有一个选项可以使用 azure 登录面板,但是当我使用 go 时,我得到:
AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope email profile is not valid. openid scope is required.
From where should I take the scope?我应该从哪里获取 scope?
The error AADSTS70011
usually occurs if you missed including scopes or provided invalid scopes.如果您错过了包括范围或提供了无效范围,则通常会发生错误AADSTS70011
。
You can add those scopes for your Azure AD application like below:您可以为 Azure AD 应用程序添加这些范围,如下所示:
Go to Azure Portal -> Azure Active Directory -> App registration -> Your App -> API permissions -> Add a permission Go to Azure Portal -> Azure Active Directory -> App registration -> Your App -> API permissions -> Add a permission
UPDATE:更新:
Based on the query, you need to add the scopes with spaces between them as a value for OAUTH2_SCOPE
parameter.根据查询,您需要添加它们之间有空格的范围作为OAUTH2_SCOPE
参数的值。
For suppose if you are trying to read user profile, you need to include "User.Read" also like below:假设如果您尝试读取用户配置文件,则需要包括“User.Read” ,如下所示:
'OAUTH2_SCOPE': 'User.Read openid email profile'
In addition to that, you need to change OAUTH2_API_BASE_URL
and OAUTH2_USERINFO_ENDPOINT
values too like below as Azure is your provider:除此之外,您还需要更改OAUTH2_API_BASE_URL
和OAUTH2_USERINFO_ENDPOINT
值,如下所示,因为Azure是您的提供者:
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0/', // Oauth base url 'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0/', // Oauth 基础 url
'OAUTH2_USERINFO_ENDPOINT': 'me', // Name of endpoint 'OAUTH2_USERINFO_ENDPOINT': 'me', // 端点名称
To resolve the error, you need to modify your config_local.py
file settings like below:要解决该错误,您需要修改config_local.py
文件设置,如下所示:
MASTER_PASSWORD_REQUIRED = True
AUTHENTICATION_SOURCES = ['oauth2', 'internal']
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [
{
'OAUTH2_NAME': 'azure',
'OAUTH2_DISPLAY_NAME': 'azure',
'OAUTH2_CLIENT_ID': 'Application (client) ID',
'OAUTH2_CLIENT_SECRET': '{SECRET_VALUE}',
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token',
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/authorize',
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0/',
'OAUTH2_USERINFO_ENDPOINT': 'me',
'OAUTH2_SCOPE': 'User.Read openid email profile' //Make sure to add User.Read in Portal too
'OAUTH2_BUTTON_COLOR': '#0000ff',
}
]
Make sure to add Redirect URL in your Azure AD application as https://<your pgAdmin Server URL>/oauth2/authorize
确保在 Azure AD 应用程序中将重定向 URL添加为https://<your pgAdmin Server URL>/oauth2/authorize
CREDIT: How to Configure OAuth 2.0 with Azure AD in pgAdmin4 |信用: 如何在 pgAdmin4 中使用 Azure AD 配置 OAuth 2.0 | by Asmita Thapliyal 由阿斯米塔·塔普利亚尔
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.