OpenSource
/
ragflow
关注 4
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 33 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
2867 提交
7 分支
目录树: 3a43043c8a
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '3a43043c8a'
${ noResults }
ragflow/api/apps/auth/oauth.py

oauth.py 3.7KB
原始文件 普通视图 文件历史

Feat: Add support for OAuth2 and OpenID Connect (OIDC) authentication (#7379) ### What problem does this PR solve? Add support for OAuth2 and OpenID Connect (OIDC) authentication, allowing OAuth/OIDC authentication using the specified routes: - `/login/<channel>`: Initiates the OAuth flow for the specified channel - `/oauth/callback/<channel>`: Handles the OAuth callback after successful authentication The callback URL should be configured in your OAuth provider as: ``` https://your-app.com/oauth/callback/<channel> ``` For detailed instructions on configuring **service_conf.yaml.template**, see: `./api/apps/auth/README.md#usage`. - Related issues #3495 ### Type of change - [x] New Feature (non-breaking change which adds functionality) - [x] Documentation Update
6 个月前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 
  1. #

  2. #  Copyright 2025 The InfiniFlow Authors. All Rights Reserved.

  3. #

  4. #  Licensed under the Apache License, Version 2.0 (the "License");

  5. #  you may not use this file except in compliance with the License.

  6. #  You may obtain a copy of the License at

  7. #

  8. #      http://www.apache.org/licenses/LICENSE-2.0

  9. #

  10. #  Unless required by applicable law or agreed to in writing, software

  11. #  distributed under the License is distributed on an "AS IS" BASIS,

  12. #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. #  See the License for the specific language governing permissions and

  14. #  limitations under the License.

  15. #

  16. 

  17. import requests

  18. import urllib.parse

  19. 

  20. 

  21. class UserInfo:

  22.     def __init__(self, email, username, nickname, avatar_url):

  23.         self.email = email

  24.         self.username = username

  25.         self.nickname = nickname

  26.         self.avatar_url = avatar_url

  27.     

  28.     def to_dict(self):

  29.         return {key: value for key, value in self.__dict__.items()}

  30. 

  31. 

  32. class OAuthClient:

  33.     def __init__(self, config):

  34.         """

  35.         Initialize the OAuthClient with the provider's configuration.

  36.         """

  37.         self.client_id = config["client_id"]

  38.         self.client_secret = config["client_secret"]

  39.         self.authorization_url = config["authorization_url"]

  40.         self.token_url = config["token_url"]

  41.         self.userinfo_url = config["userinfo_url"]

  42.         self.redirect_uri = config["redirect_uri"]

  43.         self.scope = config.get("scope", None)

  44. 

  45.         self.http_request_timeout = 7

  46. 

  47. 

  48.     def get_authorization_url(self):

  49.         """

  50.         Generate the authorization URL for user login.

  51.         """

  52.         params = {

  53.             "client_id": self.client_id,

  54.             "redirect_uri": self.redirect_uri,

  55.             "response_type": "code",

  56.         }

  57.         if self.scope:

  58.             params["scope"] = self.scope

  59.         authorization_url = f"{self.authorization_url}?{urllib.parse.urlencode(params)}"

  60.         return authorization_url

  61. 

  62. 

  63.     def exchange_code_for_token(self, code):

  64.         """

  65.         Exchange authorization code for access token.

  66.         """

  67.         try:

  68.             payload = {

  69.                 "client_id": self.client_id,

  70.                 "client_secret": self.client_secret,

  71.                 "code": code,

  72.                 "redirect_uri": self.redirect_uri,

  73.                 "grant_type": "authorization_code"

  74.             }

  75.             response = requests.post(

  76.                 self.token_url,

  77.                 data=payload,

  78.                 headers={"Accept": "application/json"},

  79.                 timeout=self.http_request_timeout

  80.             )

  81.             response.raise_for_status()

  82.             return response.json()

  83.         except requests.exceptions.RequestException as e:

  84.             raise ValueError(f"Failed to exchange authorization code for token: {e}")

  85. 

  86. 

  87.     def fetch_user_info(self, access_token, **kwargs):

  88.         """

  89.         Fetch user information using access token.

  90.         """

  91.         try:

  92.             headers = {"Authorization": f"Bearer {access_token}"}

  93.             response = requests.get(self.userinfo_url, headers=headers, timeout=self.http_request_timeout)

  94.             response.raise_for_status()

  95.             user_info = response.json()

  96.             return self.normalize_user_info(user_info)

  97.         except requests.exceptions.RequestException as e:

  98.             raise ValueError(f"Failed to fetch user info: {e}")

  99. 

  100. 

  101.     def normalize_user_info(self, user_info):

  102.         email = user_info.get("email")

  103.         username = user_info.get("username", str(email).split("@")[0])

  104.         nickname = user_info.get("nickname", username)

  105.         avatar_url = user_info.get("picture", "")

  106.         return UserInfo(email=email, username=username, nickname=nickname, avatar_url=avatar_url)