Generic OAuth2 authentication plugin.
- Frédéric Guillot
- License MIT
- Kanboard >= 1.0.37
You have the choice between 3 methods:
- Install the plugin from the Kanboard plugin manager in one click
- Download the zip file and decompress everything under the directory
plugins/OAuth2
- Clone this repository into the folder
plugins/OAuth2
Note: Plugin folder is case-sensitive.
Note: Also works with most OpenID Providers
Go to the application settings > integrations > OAuth2 Authentication.
Go to the third-party authentication provider and add a new application. Copy and paste the Kanboard callback URL and generate a new set of tokens.
The third-party provider will returns a Client ID and a Client Secret. Copy those values in the Kanboard's settings.
- Client ID: Unique ID that comes from the third-party provider
- Client Secret: Unique token that comes from the third-party provider
- Authorize URL: URL used for authorization
- Token URL: URL used to get tokens from third-party provider
- User API URL: URL used to fetch user profile after authentication
- Username Key: Key used to fetch the username from the user API response
- Name Key: Key used to fetch the full name
- Email Key: Key used to fetch the user email
- User ID Key: Key used to fetch the unique user ID
Example for Github OAuth2:
- Authorize URL:
https://github.com/login/oauth/authorize
- Token URL:
https://github.com/login/oauth/access_token
- User API URL:
https://api.github.com/user
- Username Key:
login
- Name Key:
name
- Email Key:
email
- User ID Key:
id
Example for Salesforce:
- Authorize URL:
https://login.salesforce.com/services/oauth2/authorize
- Token URL:
https://login.salesforce.com/services/oauth2/token
- User API URL:
https://login.salesforce.com/services/oauth2/userinfo
- Username Key:
nickname
- Name Key:
name
- Email Key:
email
- User ID Key:
user_id
Example for Discord:
- Authorize URL:
https://discord.com/api/oauth2/authorize
- Token URL:
https://discord.com/api/oauth2/token
- User API URL:
https://discordapp.com/api/users/@me
- Scopes:
email identify
- Username Key:
username
- Name Key:
username
- Email Key:
email
- User ID Key:
id
Example for Gitea:
- Authorize URL:
https://try.gitea.io/login/oauth/authorize
- Token URL:
https://try.gitea.io/login/oauth/access_token
- User API URL:
https://try.gitea.io/login/oauth/userinfo
- Scopes:
openid profile email groups
- Username Key:
preferred_username
- Name Key:
name
- Email Key:
email
- User ID Key:
sub
Example for Slack:
- Authorize URL:
https://slack.com/openid/connect/authorize
- Token URL:
https://slack.com/api/openid.connect.token
- User API URL:
https://slack.com/api/openid.connect.userInfo
- Scopes:
openid profile email
- Username Key:
name
- Name Key:
name
- Email Key:
email
- User ID Key:
sub
Example for Azure AD (find the URLs with proper UUIDs in your Azure app page):
- Authorize URL:
https://login.microsoftonline.com/<UUID>/oauth2/v2.0/authorize
- Token URL:
https://login.microsoftonline.com/<UUID>/oauth2/v2.0/token
- User API URL:
https://graph.microsoft.com/beta/me
- Scopes:
User.Read
- Username Key:
userPrincipalName
- Name Key:
displayName
- Email Key:
mail
- User ID Key:
id
Example for self-hosted Authentik:
- Authorize URL:
https://auth.domain.tld/application/o/authorize/
- Token URL:
https://auth.domain.tld/application/o/token/
- User API URL:
https://auth.domain.tld/application/o/userinfo/
- Scopes:
openid profile email
- Username Key:
preferred_username
- Name Key:
name
- Email Key:
email
- User ID Key:
sub