eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-28 18:37:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

website/docs: update and rearchitect the oauth2 provider docs (#11916)

Browse Source 
* new topics

* update diagram

* more writing and sidebar entries

* fix file name

* more link fixes

* fix header level

* Optimised images with calibre/image-actions

* rewrite stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* reorganize more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* messed w/ diagram and added 3 categories

* fixed anchor

* removed whole line

* add link

* more rearrangements

* more content

* edits

* more polishes, rest of Jens' knowledge dump

* more content

* tweaks

* tweak

* argh

* synch with main

* tweaks to test merge

* cleanup

* offline_access

* polish

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Tana M Berry
2024-12-10 12:03:07 -06:00
committed by GitHub
parent cbe5a0d2c8
commit 29f53fd3a4
5 changed files with 165 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
website/docs/add-secure-apps/providers/oauth2/github-compatibility.md Normal file
View File

@@ -0,0 +1,23 @@
---
title: GitHub compatibility
---
The OAuth2 provider also exposes a GitHub-compatible endpoint. This endpoint can be used by applications, which support authenticating against GitHub Enterprise, but not generic OpenID Connect.
To use any of the GitHub Compatibility scopes, you have to use the GitHub Compatibility Endpoints.
| Endpoint | URL |
| --------------- | --------------------------- |
| Authorization | `/login/oauth/authorize` |
| Token | `/login/oauth/access_token` |
| User Info | `/user` |
| User Teams Info | `/user/teams` |
To access the user's email address, a scope of `user:email` is required. To access their groups, `read:org` is required. Because these scopes are handled by a different endpoint, they are not customisable as a Scope Mapping.
## Special scopes for GitHub compatibility
- `user`: No-op, is accepted for compatibility but does not give access to any resources
- `read:user`: Same as above
- `user:email`: Allows read-only access to `/user`, including email address
- `read:org`: Allows read-only access to `/user/teams`, listing all the user's groups as teams.