Codimd接入单点登录

自己搭建CodiMD的过程中;尝试了许久;才将这个应用接入到了Authing的单点登录系统中;分享一下经验;希望给有需要的人使用;如果官方可以集成为官方的模板;那么一定会锦上添花
我使用的是Authing的认证;

在线文档Codimd官方地址如下;这是一个在线协作文档的服务;对于需要协作Markdown文档的朋友们;非常有帮助。而且界面非常的简介。
CodiMD官方地址 (github.com)

第一步;选择自建一个应用

第二步;选择标准web应用

应用名称填写;您自己的webapp的名字;可以随意一些认证地址填写;一段英文字符;例如我选择的是markdown;后面是.authing.cn;可以忽略不计

第三步;在Authing官网配置相关信息

请选择OIDC默认的协议

有人会问其他的要不要改;我觉得不需要;如果有问题的话可以去更多配置里面;打开Oauth2身份提供商;看下图哈哈

格式是;下面的两种都可以;
http://<your-codimd-ip:port>/auth/oauth2/callback
http://<your-codimd-website-Domain>/auth/oauth2/callback

第五步;到你的Codimd填写环境变量;

如果不懂环境变量的到文章末尾去看环境变量怎么改hhh

      - CMD_OAUTH2_PROVIDERNAME=统一认证
      # 显示在首页的;登录按钮的文字
      - CMD_OAUTH2_CLIENT_ID=62a4**************************
      # 国际惯例ClientID
      - CMD_OAUTH2_CLIENT_SECRET=6e****************************
      # 国际惯例SECRET_ID
      - CMD_OAUTH2_BASEURL=https://********.authing.cn/oidc/
      # 填写不填写;真的无所谓BASEURL;没什么用的东西
      - CMD_OAUTH2_USER_PROFILE_URL=https://*******.authing.cn/oidc/me
      # 重要;有人会问认证地址在哪;请回忆一下最开始的时候;你填那个webapp名字的时候就已经填写了;
      - CMD_OAUTH2_AUTHORIZATION_URL=https://*******.authing.cn
      - CMD_OAUTH2_TOKEN_URL=https://*******.authing.cn/oidc/token
      # 特别重要;USERNAME_ATTR一定要配置成sub才行
      - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=sub
      - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
      - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email

找不到认证地址的回忆一下;

第六步;登录查看

有问题就查docker的日志即可;

补充;环境变量怎么配置

version: ;3;
services:
  database:
    image: postgres:11.6-alpine
    environment:
      - POSTGRES_USER=codimd
      - POSTGRES_PASSWORD=I7HHOC061U71CS9
      - POSTGRES_DB=codimd
    volumes:
      - ;database-data:/var/lib/PostgreSQL/data;
    restart: always
  codimd:
    image: hackmdio/hackmd:2.4.1
    environment:
      # 下面的就是环境变量
      - CMD_DB_URL=postgres://codimd:I7HHOC061U71CS9;database/codimd
      - CMD_USECDN=false
      - CMD_GITHUB_CLIENTID=219ba1be6c66b0d97f23
      - CMD_GITHUB_CLIENTSECRET=9fab2213486135d8ec510a643b4afa2cd8988803
       # 上面的就是环境变量
       # 注释;就是那种简单的key value的格式
    depends_on:
      - database
    ports:
      - ;51014:3000;
    volumes:
      - upload-data:/home/hackmd/app/public/uploads
    restart: always
volumes:
  database-data: {}
  upload-data: {}

---

把Codimd的官方文档的链接放上来;由于一般打不开;所以我把原文也放在这里面了;给有需要的同志们参考一下;
Generic OAuth 2.0 - HackMD

Generic OAuth 2.0 provider

CodiMD can integrate any OAuth 2.0 provider via generic oauth 2.0 provider .

Before setup OAuth 2.0 provider, you need to contact your OAuth 2.0 service to request some parameter described below.

the authorization url for OAuth 2.0 service
The first step of OAuth 2.0 is redirect user to OAuth 2.0 service, and the service will authenticate the user credential. If success, return access code to callback url (http://<your-codimd-server.example>/auth/oauth2/callback ).the access token url for backend to request a access token for OAuth 2.0 service.
The second step, CodiMD server use access code in step 1 to fetch access token for the login user.user profile api url
After CodiMD server get access token , we need to known the username, email, display name. CodiMD server use access token with user profile api to get user profile data. In this step you can also specify scope to limit OAuth 2.0 service return what message CodiMD server can see. default scope is emailCodiMD need a id for identify difference user in same auth provider, you need to provide a object path (user profile username attr ) to retrive username/id in user profile data

Setting

Environment variable namedescriptionrequired?default valueexampleCMD_OAUTH2_PROVIDERNAMEOAuth 2.0 service nametrueMyServiceCMD_OAUTH2_BASEURLOAuth 2.0 service urlfalsehttps://my-service.xyz/CMD_OAUTH2_CLIENT_IDClient ID for OAuth 2.0 protocoltrueatc93jf9vasdfasdfCMD_OAUTH2_CLIENT_SECRETClient Secret for OAuth 2.0 protocoltrueasdfasdfavvtv88v;CMD_OAUTH2_SCOPEOAuth 2.0 scope (use space to seperate)falseemailbasic emailCMD_OAUTH2_AUTHORIZATION_URLredirect to OAuth 2.0 urltruehttps://my-service.xyz/oauth/authorizeCMD_OAUTH2_TOKEN_URLbackend to fetch access token api endpointtruehttps://my-service.xyz/oauth/tokenCMD_OAUTH2_USER_PROFILE_URLbackend to fetch user profile api endpointtruehttps://my-service.xyz/oauth/user/profileCMD_OAUTH2_USER_PROFILE_USERNAME_ATTRObject path to fetch username in profile datafalseusernameuser.usernameCMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTRObject path to fetch display in profile datafalsedisplayNameuser.displaynameCMD_OAUTH2_USER_PROFILE_EMAIL_ATTRObject path to fetch email in profile datafalseemailuser[0].email