Reference OAuth 2.0 configuration
In this section, you can find the configurations required for setting up integration via OAuth 2.0 between your instance of IDE Services and a third-party authentication provider. The setup is performed in both IDE Services and your authentication provider's system.
tip
Some providers may have additional configurations. Refer to provider-specific instructions for detailed guidance.
Start by configuring the integration with IDE Services on the side of your authentication provider. The exact steps will differ depending on your authentication provider.
Configure the following settings:
- Redirect URI / Callback URI
Specify the callback endpoint to redirect the end user after authentication.
Example:
https://<ide_services_server_domain.com>/api/login/authenticated
Replace
<ide_services_server_domain.com>
with your organization's public server URL. This value has to match the deployment URL set in your server configuration file.
After setting up IDE Services in your authentication provider's system, save the following data that you will later need to configure the IDE Services Server:
Client ID
Client secret
In some systems of authentication providers, you may need to create a client secret manually.
Login URL
You can obtain this URL by requesting the Well-known configuration.
Token URL
You can obtain this URL by requesting the Well-known configuration.
JWT certs URL
You can obtain this URL by requesting the Well-known configuration.
Use these examples to configure connection to your authentication server in your server configuration file — application.yaml or values.yaml (for Kubernetes installations.)
tbe:
auth:
login-url: "https://<provider-domain>/oauth2/authorize"
token-url: "https://<provider-domain>/oauth2/token"
jwt-certs-url: "https://<provider-domain>/oauth2/keys"
client-id: "application_identifier"
client-secret: "your_client_secret"
required-scopes: [ "profile", "email", "openid"]
root-admin-emails:
- "your.company.admin@example.com"
- tbe.auth.token-url
Provide a URL for obtaining an authorization token on the side of your authentication provider.
- tbe.auth.jwt-certs-url
Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).
- tbe.auth.client-id
Specify a public identifier for IDE Services that you set when configuring your authentication provider.
- tbe.auth.client-secret
Specify a secret for IDE Services that you set when configuring your authentication provider.
For a full list of authentication properties, refer to Server configuration file.
ides:
config:
auth:
login-url: "https://<provider-domain>/oauth2/authorize"
token-url: "https://<provider-domain>/oauth2/token"
jwt-certs-url: "https://<provider-domain>/oauth2/keys"
client-id: "application_identifier"
client-secret: "your_client_secret"
required-scopes: [ "profile", "email", "openid"]
root-admin-emails:
- "your.company.admin@example.com"
- ides.config.auth.token-url
Provide a URL for obtaining an authorization token on the side of your authentication provider.
- ides.config.auth.jwt-certs-url
Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).
- ides.config.auth.client-id
Specify a public identifier for IDE Services that you set when configuring your authentication provider.
- ides.config.auth.client-secret
Specify a secret for IDE Services that you set when configuring your authentication provider.
For a full list of authentication properties, refer to Values file.
Thanks for your feedback!