diff --git a/api/datastore/test_data/output_24_to_latest.json b/api/datastore/test_data/output_24_to_latest.json
index 65f856c5b..424921170 100644
--- a/api/datastore/test_data/output_24_to_latest.json
+++ b/api/datastore/test_data/output_24_to_latest.json
@@ -631,6 +631,7 @@
"LogoURL": "",
"OAuthSettings": {
"AccessTokenURI": "",
+ "AuthStyle": 0,
"AuthorizationURI": "",
"ClientID": "",
"DefaultTeamID": 0,
diff --git a/api/http/handler/settings/settings_update.go b/api/http/handler/settings/settings_update.go
index 574050c4d..2b9ceb5c3 100644
--- a/api/http/handler/settings/settings_update.go
+++ b/api/http/handler/settings/settings_update.go
@@ -13,6 +13,7 @@ import (
httperror "github.com/portainer/portainer/pkg/libhttp/error"
"github.com/portainer/portainer/pkg/libhttp/request"
"github.com/portainer/portainer/pkg/libhttp/response"
+ "golang.org/x/oauth2"
"github.com/asaskevich/govalidator"
"github.com/pkg/errors"
@@ -95,6 +96,9 @@ func (payload *settingsUpdatePayload) Validate(r *http.Request) error {
}
}
+ if payload.OAuthSettings.AuthStyle < oauth2.AuthStyleAutoDetect || payload.OAuthSettings.AuthStyle > oauth2.AuthStyleInHeader {
+ return errors.New("Invalid OAuth AuthStyle")
+ }
return nil
}
@@ -225,6 +229,7 @@ func (handler *Handler) updateSettings(tx dataservices.DataStoreTx, payload sett
settings.OAuthSettings = *payload.OAuthSettings
settings.OAuthSettings.ClientSecret = clientSecret
settings.OAuthSettings.KubeSecretKey = kubeSecret
+ settings.OAuthSettings.AuthStyle = payload.OAuthSettings.AuthStyle
}
if payload.EnableEdgeComputeFeatures != nil {
diff --git a/api/oauth/oauth.go b/api/oauth/oauth.go
index 678c2fff8..86c0dd148 100644
--- a/api/oauth/oauth.go
+++ b/api/oauth/oauth.go
@@ -172,8 +172,9 @@ func getResource(token string, configuration *portainer.OAuthSettings) (map[stri
func buildConfig(configuration *portainer.OAuthSettings) *oauth2.Config {
endpoint := oauth2.Endpoint{
- AuthURL: configuration.AuthorizationURI,
- TokenURL: configuration.AccessTokenURI,
+ AuthURL: configuration.AuthorizationURI,
+ TokenURL: configuration.AccessTokenURI,
+ AuthStyle: configuration.AuthStyle,
}
return &oauth2.Config{
diff --git a/api/portainer.go b/api/portainer.go
index 567e1008f..0c660524e 100644
--- a/api/portainer.go
+++ b/api/portainer.go
@@ -12,6 +12,7 @@ import (
gittypes "github.com/portainer/portainer/api/git/types"
models "github.com/portainer/portainer/api/http/models/kubernetes"
"github.com/portainer/portainer/pkg/featureflags"
+ "golang.org/x/oauth2"
v1 "k8s.io/api/core/v1"
)
@@ -758,19 +759,20 @@ type (
// OAuthSettings represents the settings used to authorize with an authorization server
OAuthSettings struct {
- ClientID string `json:"ClientID"`
- ClientSecret string `json:"ClientSecret,omitempty"`
- AccessTokenURI string `json:"AccessTokenURI"`
- AuthorizationURI string `json:"AuthorizationURI"`
- ResourceURI string `json:"ResourceURI"`
- RedirectURI string `json:"RedirectURI"`
- UserIdentifier string `json:"UserIdentifier"`
- Scopes string `json:"Scopes"`
- OAuthAutoCreateUsers bool `json:"OAuthAutoCreateUsers"`
- DefaultTeamID TeamID `json:"DefaultTeamID"`
- SSO bool `json:"SSO"`
- LogoutURI string `json:"LogoutURI"`
- KubeSecretKey []byte `json:"KubeSecretKey"`
+ ClientID string `json:"ClientID"`
+ ClientSecret string `json:"ClientSecret,omitempty"`
+ AccessTokenURI string `json:"AccessTokenURI"`
+ AuthorizationURI string `json:"AuthorizationURI"`
+ ResourceURI string `json:"ResourceURI"`
+ RedirectURI string `json:"RedirectURI"`
+ UserIdentifier string `json:"UserIdentifier"`
+ Scopes string `json:"Scopes"`
+ OAuthAutoCreateUsers bool `json:"OAuthAutoCreateUsers"`
+ DefaultTeamID TeamID `json:"DefaultTeamID"`
+ SSO bool `json:"SSO"`
+ LogoutURI string `json:"LogoutURI"`
+ KubeSecretKey []byte `json:"KubeSecretKey"`
+ AuthStyle oauth2.AuthStyle `json:"AuthStyle"`
}
// Pair defines a key/value string pair
diff --git a/app/portainer/models/settings.js b/app/portainer/models/settings.js
index e27c408df..0d1bda9fa 100644
--- a/app/portainer/models/settings.js
+++ b/app/portainer/models/settings.js
@@ -78,6 +78,7 @@ export function OAuthSettingsViewModel(data) {
this.DefaultTeamID = data.DefaultTeamID;
this.SSO = data.SSO;
this.LogoutURI = data.LogoutURI;
+ this.AuthStyle = data.AuthStyle;
}
export function EdgeSettingsViewModel(data = {}) {
diff --git a/app/portainer/oauth/components/oauth-settings/oauth-settings.controller.js b/app/portainer/oauth/components/oauth-settings/oauth-settings.controller.js
index dd2fbde56..4e23a3ccd 100644
--- a/app/portainer/oauth/components/oauth-settings/oauth-settings.controller.js
+++ b/app/portainer/oauth/components/oauth-settings/oauth-settings.controller.js
@@ -4,7 +4,6 @@ import { isLimitedToBE } from '@/react/portainer/feature-flags/feature-flags.ser
import { ModalType } from '@@/modals';
import { confirm } from '@@/modals/confirm';
import { buildConfirmButton } from '@@/modals/utils';
-
import providers, { getProviderByUrl } from './providers';
const MS_TENANT_ID_PLACEHOLDER = 'TENANT_ID';
@@ -31,6 +30,7 @@ export default class OAuthSettingsController {
this.addTeamMembershipMapping = this.addTeamMembershipMapping.bind(this);
this.removeTeamMembership = this.removeTeamMembership.bind(this);
this.onToggleAutoTeamMembership = this.onToggleAutoTeamMembership.bind(this);
+ this.onChangeAuthStyle = this.onChangeAuthStyle.bind(this);
}
onMicrosoftTenantIDChange() {
@@ -54,6 +54,7 @@ export default class OAuthSettingsController {
this.settings.LogoutURI = provider.logoutUrl;
this.settings.UserIdentifier = provider.userIdentifier;
this.settings.Scopes = provider.scopes;
+ this.settings.AuthStyle = provider.authStyle;
if (providerId === 'microsoft' && this.state.microsoftTenantID !== '') {
this.onMicrosoftTenantIDChange();
@@ -77,6 +78,12 @@ export default class OAuthSettingsController {
});
}
+ onChangeAuthStyle(val) {
+ this.$scope.$evalAsync(() => {
+ this.settings.AuthStyle = val;
+ });
+ }
+
async onChangeHideInternalAuth(checked) {
this.$async(async () => {
if (this.isLimitedToBE) {
diff --git a/app/portainer/oauth/components/oauth-settings/oauth-settings.html b/app/portainer/oauth/components/oauth-settings/oauth-settings.html
index c19654122..0c06fd564 100644
--- a/app/portainer/oauth/components/oauth-settings/oauth-settings.html
+++ b/app/portainer/oauth/components/oauth-settings/oauth-settings.html
@@ -355,6 +355,8 @@
/>
+
+
+