This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.

Joseph Schorr 2c35383724 Allow OAuth and OIDC login engines to bind to fields in internal auth ... This feature is subtle but very important: Currently, when a user logs in via an "external" auth system (such as Github), they are either logged into an existing bound account or a new account is created for them in the database. While this normally works jut fine, it hits a roadblock when the *internal* auth system configured is not the database, but instead something like LDAP. In that case, *most* Enterprise customers will prefer that logging in via external auth (like OIDC) will also *automatically* bind the newly created account to the backing *internal* auth account. For example, login via PingFederate OIDC (backed by LDAP) should also bind the new QE account to the associated LDAP account, via either username or email. This change allows for this binding field to be specified, and thereafter will perform the proper lookups and bindings.		2017-02-16 16:27:53 -05:00
..
services	Add comment clarifying how we validate client {ID, secret} in Gitlab	2017-01-24 15:20:19 -05:00
test	Fix missed tests and revert conftest change (breaks docker build)	2017-01-30 17:28:25 -05:00
__init__.py	Lay foundation for truly dynamic external logins	2017-01-20 15:21:08 -05:00
base.py	Allow OAuth and OIDC login engines to bind to fields in internal auth	2017-02-16 16:27:53 -05:00
login.py	Switch base classes in OAuth to use ABC	2017-01-24 15:20:03 -05:00
loginmanager.py	Have external login always make an API request to get the authorization URL	2017-01-23 19:06:19 -05:00
oidc.py	Change verify param in OIDC to read better	2017-01-26 12:00:43 -05:00