diff --git a/analyzer/tools/build-logger/ldlogger b/analyzer/tools/build-logger/ldlogger
deleted file mode 100755
index 29b170621f..0000000000
Binary files a/analyzer/tools/build-logger/ldlogger and /dev/null differ
diff --git a/analyzer/tools/build-logger/ldlogger_32.so b/analyzer/tools/build-logger/ldlogger_32.so
deleted file mode 100755
index 49e21018a2..0000000000
Binary files a/analyzer/tools/build-logger/ldlogger_32.so and /dev/null differ
diff --git a/docs/web/authentication.md b/docs/web/authentication.md
index e7a0f2cf1e..6d980d1092 100644
--- a/docs/web/authentication.md
+++ b/docs/web/authentication.md
@@ -9,23 +9,28 @@ the results stored on a server.
Table of Contents
=================
-* [Server-side configuration](#server-side-configuration)
- * [Dictionary authentication](#dictionary-authentication)
- * [External authentication methods](#external-auth-methods)
- * [PAM authentication](#pam-authentication)
- * [LDAP authentication](#ldap-authentication)
- * [Configuration options](#configuration-options)
- * Membership in custom groups with [regex_groups](#regex_groups-authentication)
-* [Client-side configuration](#client-side-configuration)
- * [Web-browser client](#web-browser-client)
- * [Command-line client](#command-line-client)
- * [Preconfigured credentials](#preconfigured-credentials)
- * [Automatic login](#automatic-login)
- * [Currently active tokens](#currently-active-tokens)
-* [Personal access token](#personal-access-token)
- * [`new`](#new-personal-access-token)
- * [`list`](#list-personal-access-token)
- * [`del`](#remove-personal-access-token)
+- [CodeChecker authentication subsystem](#codechecker-authentication-subsystem)
+- [Table of Contents](#table-of-contents)
+- [Server-side configuration ](#server-side-configuration-)
+ - [Dictionary authentication ](#dictionary-authentication-)
+ - [External authentication methods ](#external-authentication-methods-)
+ - [PAM authentication ](#pam-authentication-)
+ - [LDAP authentication ](#ldap-authentication-)
+ - [Configuration options ](#configuration-options-)
+ - [Membership in custom groups with regex\_groups](#membership-in-custom-groups-with-regex_groups)
+ - [OAUTH authentication ](#oauth-authentication-)
+ - [OAUTH Configuration options ](#oauth-configuration-options-)
+ - [Details per each provider ](#details-per-each-provider-)
+- [Client-side configuration ](#client-side-configuration-)
+ - [Web-browser client ](#web-browser-client-)
+ - [Command-line client ](#command-line-client-)
+ - [Preconfigured credentials ](#preconfigured-credentials-)
+ - [Automatic login ](#automatic-login-)
+ - [Currently active tokens ](#currently-active-tokens-)
+- [Personal access token ](#personal-access-token-)
+ - [New personal access token ](#new-personal-access-token-)
+ - [List personal access tokens ](#list-personal-access-tokens-)
+ - [Remove personal access token ](#remove-personal-access-token-)
# Server-side configuration
@@ -320,6 +325,124 @@ groups. For more information [see](permissions.md#managing-permissions).
----
+### OAUTH authentication
+
+CodeChecker also supports OAUTH-based authentication. The `authentication.method_oauth` section contains the configuration for OAUTH authentication for different OAUTH providers. The server can be configured for different Oauth `providers` .Users can be added into the `allowed_users`
+
+#### OAUTH Configuration options
+ * `enabled`
+
+ Indicated if OAUTH method is enabled
+
+ * `providers`
+
+ The provider field contains configuration details for OAuth providers. Each provider's configuration includes but may vary depending on provider:
+
+ * `enabled`
+
+ Indicates if the Oauth provider is enabled
+
+ * `oauth_client_id`
+
+ Contains client ID provided by the OAuth provider.
+
+
+ * `oauth_client_secret`
+
+ The client secret provided by the OAuth provider.
+
+ * `oauth_authorization_uri`
+
+ This link in used for redirecting user for perovider's authentication page
+
+ * `oauth_redirect_uri`
+
+ The oauth_redirect_uri URI to which the OAuth provider will redirect after authorization and in some providers used for confirming the redirection URI.
+
+ * `oauth_token_uri`
+
+ The URI to exchange the authorization code for an access token.
+
+ * `oauth_user_info_uri`
+
+ The URI to fetch the authenticated user's information.
+
+ * `oauth_scope`
+
+ The scope of access requested from the OAuth provider.
+
+ * `oauth_user_info_mapping`
+
+ A mapping of user info fields from the provider to local fields.
+
+ * `username`
+
+ Field for the username.
+ * `email`
+
+ Field for the email.
+ * `fullname`
+
+ Field for the fullname.
+ * `allowed_users`
+
+ A list of allowed users differently configured for each provider
+
+~~~{.json}
+"method_oauth": {
+ "enabled": false,
+ "providers": {
+ "github": {
+ "enabled": false,
+ "oauth_client_id": "client id",
+ "oauth_client_secret": "client secret",
+ "oauth_authorization_uri": "https://github.com/login/oauth/authorize",
+ "oauth_token_uri": "https://github.com/login/oauth/access_token",
+ "oauth_user_info_uri": "https://api.github.com/user",
+ "oauth_scope": "openid email profile",
+ "oauth_user_info_mapping": {
+ "username": "login",
+ "email": "email",
+ "fullname": "name"
+ },
+ "allowed_users": [
+ "user1",
+ "user2",
+ "user3"
+ ]
+ },
+ "google": {
+ "enabled": false,
+ "oauth_client_id": "client id",
+ "oauth_client_secret": "client secret",
+ "oauth_authorization_uri": "https://accounts.google.com/o/oauth2/auth",
+ "oauth_redirect_uri": "http://localhost:8080/login",
+ "oauth_token_uri": "https://accounts.google.com/o/oauth2/token",
+ "oauth_user_info_uri": "https://www.googleapis.com/oauth2/v1/userinfo",
+ "oauth_scope": "openid email profile",
+ "oauth_user_info_mapping": {
+ "username": "email",
+ "email": "email",
+ "fullname": "name"
+ },
+ "allowed_users": [
+ "user1",
+ "user2",
+ "user3"
+ ]
+ }
+ }
+ }
+~~~
+
+#### Details per each provider
+
+* For Google OAuth to function correctly, the `oauth_redirect_uri` in application's configuration must exactly match the `Authorized redirect URIs` specified in the Google API Console.
+
+* For GitHub to redirect correctly, set the `Authorization callback URL` to the login page of CodeChecker. This ensures proper processing of the authorization. Additionally, set the homepage URL to the homepage of CodeChecker.
+
+
+
# Client-side configuration
## Web-browser client
diff --git a/web/server/codechecker_server/api/authentication.py b/web/server/codechecker_server/api/authentication.py
index a9c49daa90..e10458a382 100644
--- a/web/server/codechecker_server/api/authentication.py
+++ b/web/server/codechecker_server/api/authentication.py
@@ -137,7 +137,6 @@ def createLinkGoogle(self):
scope = oauth_config["oauth_scope"]
authorization_uri = oauth_config["oauth_authorization_uri"]
redirect_uri = oauth_config["oauth_redirect_uri"]
- token_uri = oauth_config["oauth_token_uri"]
# Create an OAuth2Session instance
@@ -242,6 +241,7 @@ def performLogin(self, auth_method, auth_string):
scope = oauth_config["oauth_scope"]
token_url = oauth_config["oauth_token_uri"]
user_info_url = oauth_config["oauth_user_info_uri"]
+
session = OAuth2Session(client_id, client_secret, scope=scope)
token = session.fetch_token(
@@ -290,6 +290,7 @@ def performLogin(self, auth_method, auth_string):
"User is not authorized to access this service.")
session = self.__manager.create_session("google@" + email + ":" + token['access_token'])
+
return session.token
raise codechecker_api_shared.ttypes.RequestFailed(
diff --git a/web/server/config/server_config.json b/web/server/config/server_config.json
index 9a47723aa5..83bbecd060 100644
--- a/web/server/config/server_config.json
+++ b/web/server/config/server_config.json
@@ -50,13 +50,12 @@
"providers": {
"github": {
"enabled": false,
- "oauth_client_id": "example_id",
- "oauth_client_secret": "example_secret",
- "oauth_redirect_uri": "http://localhost:8001/login",
+ "oauth_client_id": "client id",
+ "oauth_client_secret": "client secret",
"oauth_authorization_uri": "https://github.com/login/oauth/authorize",
"oauth_token_uri": "https://github.com/login/oauth/access_token",
"oauth_user_info_uri": "https://api.github.com/user",
- "oauth_scope": "user:email",
+ "oauth_scope": "openid email profile",
"oauth_user_info_mapping": {
"username": "login",
"email": "email",
@@ -70,12 +69,13 @@
},
"google": {
"enabled": false,
- "oauth_client_id": "example_id",
- "oauth_client_secret": "example_secret",
+ "oauth_client_id": "client id",
+ "oauth_client_secret": "client secret",
"oauth_authorization_uri": "https://accounts.google.com/o/oauth2/auth",
- "oauth_token_uri": "https://oauth2.googleapis.com/token",
+ "oauth_redirect_uri": "http://localhost:8080/login",
+ "oauth_token_uri": "https://accounts.google.com/o/oauth2/token",
"oauth_user_info_uri": "https://www.googleapis.com/oauth2/v1/userinfo",
- "oauth_scope": "https://www.googleapis.com/auth/userinfo.email",
+ "oauth_scope": "openid email profile",
"oauth_user_info_mapping": {
"username": "email",
"email": "email",
diff --git a/web/server/vue-cli/src/views/Login.vue b/web/server/vue-cli/src/views/Login.vue
index 8abe9d3651..216678eb57 100644
--- a/web/server/vue-cli/src/views/Login.vue
+++ b/web/server/vue-cli/src/views/Login.vue
@@ -152,8 +152,10 @@ export default {
const url = new URL(window.location.href);
let code = null, state = null;
+ //get the code and state from the url
code = url.searchParams.get("code");
state = url.searchParams.get("state");
+ //get the provider from the cookie
const provider = document.cookie.split(";").find(
c => c.includes("oauth_provider")).split("=")[1];