Reference OAuth 2.0 configuration
In this section, you can find the configurations required for setting up integration via OAuth 2.0 between your instance of IDE Services and a third-party authentication provider. The setup is performed in both IDE Services and your authentication provider's system.
Set up IDE Services on your authentication provider's side
Start by configuring the integration with IDE Services on the side of your authentication provider. The exact steps will differ depending on your authentication provider.
Configure the following settings:
- Redirect URI / Callback URI
Specify the callback endpoint to redirect the end user after authentication.
Example:
https://<ide_services_server_domain.com>/api/login/authenticatedReplace
<ide_services_server_domain.com>with your organization's public server URL. This value has to match the deployment URL set in your server configuration file.- Grant type: Authorization code
If applicable, select
Authorization codeas the method for obtaining access tokens from the authorization server.- Token endpoint authentication method
If applicable, specify how credentials are included in requests to the token endpoint.
Example:
client_post
After setting up IDE Services in your authentication provider's system, save the following data that you will later need to configure the IDE Services Server:
Client ID
Client secret
In some systems of authentication providers, you may need to create a client secret manually.
Login URL
You can obtain this URL by requesting the Well-known configuration.
Token URL
You can obtain this URL by requesting the Well-known configuration.
JWT certs URL
You can obtain this URL by requesting the Well-known configuration.
Configure provider details in your server configuration file
Use these examples to configure connection to your authentication server in your server configuration file — application.yaml or values.yaml (for Kubernetes installations.)
- tbe.auth.login-url
Provide a URL for logging in via your selected authentication provider.
- tbe.auth.token-url
Provide a URL for obtaining an authorization token on the side of your authentication provider.
- tbe.auth.jwt-certs-url
Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).
- tbe.auth.client-id
Specify a public identifier for IDE Services that you set when configuring your authentication provider.
- tbe.auth.client-secret
Specify a secret for IDE Services that you set when configuring your authentication provider.
- tbe.auth.required-scopes
Define scopes that will be available to IDE Services when accessing a user account.
- tbe.auth.root-admin-emails
List emails of users that will receive admin rights.
For a full list of authentication properties, refer to Server configuration file.
- ides.config.auth.login-url
Provide a URL for logging in via your selected authentication provider.
- ides.config.auth.token-url
Provide a URL for obtaining an authorization token on the side of your authentication provider.
- ides.config.auth.jwt-certs-url
Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).
- ides.config.auth.client-id
Specify a public identifier for IDE Services that you set when configuring your authentication provider.
- ides.config.auth.client-secret
Specify a secret for IDE Services that you set when configuring your authentication provider.
- ides.config.auth.required-scopes
Define scopes that will be available to IDE Services when accessing a user account.
- ides.config.auth.root-admin-emails
List emails of users that will receive admin rights.
For a full list of authentication properties, refer to Values file.