├── .gitignore
├── LICENSE
├── README.md
├── external-oauth-1.1-5.rockspec
└── src
├── access.lua
├── handler.lua
└── schema.lua
/.gitignore:
--------------------------------------------------------------------------------
1 | # Compiled Lua sources
2 | luac.out
3 |
4 | # luarocks build files
5 | *.src.rock
6 | *.zip
7 | *.tar.gz
8 |
9 | # Object files
10 | *.o
11 | *.os
12 | *.ko
13 | *.obj
14 | *.elf
15 |
16 | # Precompiled Headers
17 | *.gch
18 | *.pch
19 |
20 | # Libraries
21 | *.lib
22 | *.a
23 | *.la
24 | *.lo
25 | *.def
26 | *.exp
27 |
28 | # Shared objects (inc. Windows DLLs)
29 | *.dll
30 | *.so
31 | *.so.*
32 | *.dylib
33 |
34 | # Executables
35 | *.exe
36 | *.out
37 | *.app
38 | *.i*86
39 | *.x86_64
40 | *.hex
41 |
42 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "{}"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright {yyyy} {name of copyright owner}
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Kong External OAUTH 2.0
2 |
3 | A Kong plugin, that let you use an external Oauth 2.0 provider to protect your API.
4 |
5 | ## Description
6 |
7 | KONG has bundled a plugin to implement a full OAUTH 2.0 provider. This plugin instead let you use a
8 | third party OAUTH 2.0 provider to protect your API/site implementing the full flow, it will automatically
9 | expose a callback uri, and request an access token.
10 |
11 | It will then request user info (specified in the configuration) and add some header to let be used
12 | by your `upstream` service.
13 |
14 | The plugin will periodically check for token validity. You can configure the time period through
15 | a configuration parameter, in seconds.
16 |
17 | If configured, it can also check the provided email address and make sure it belongs to a particular
18 | domain, so you can use the plugin also for thirty party services.
19 |
20 | ## Installation
21 |
22 | $ luarocks install external-oauth
23 |
24 | To make Kong aware that it has to look for the new plugin, you'll have to add it to the custom_plugins
25 | property in your configuration file.
26 |
27 | ```yaml
28 | custom_plugins:
29 | - external-oauth
30 | ```
31 |
32 | Remember to restart Kong.
33 |
34 |
35 |
36 | ## Configuration
37 |
38 | You can add the plugin with the following request:
39 |
40 | ```bash
41 | $ curl -X POST http://kong:8001/apis/{api}/plugins \
42 | --data "name=external-oauth" \
43 | --data "config.authorize_url=https://oauth.something.net/openid-connect/authorize" \
44 | --data "config.scope=openid+profile+email" \
45 | --data "config.token_url=https://oauth.something.net/openid-connect/token" \
46 | --data "config.client_id=SOME_CLEINT_ID" \
47 | --data "config.client_secret=SOME_SECRET_KEY" \
48 | --data "config.user_url=https://oauth.something.net/openid-connect/userinfo" \
49 | --data "config.user_keys=email,name,sub"
50 | --data "config.hosted_domain=mycompany.com"
51 | --data "config.email_key=email"
52 | ```
53 |
54 | | Form Parameter | default | description |
55 | | --- | --- | --- |
56 | | `name` | | plugin name `external-oauth` |
57 | | `config.authorize_url` | | authorization url of the OAUTH provider (the one to which you will be redirected when not authenticated) |
58 | | `config.scope` | | OAUTH scope of the authorization request |
59 | | `config.token_url` | | url of the Oauth provider to request the access token |
60 | | `config.client_id` | | OAUTH Client Id |
61 | | `config.client_secret` | | OAUTH Client Secret |
62 | | `config.user_url` | | url of the oauth provider used to retrieve user information and also check the validity of the access token |
63 | | `config.user_keys`
Optional | `username,email` | keys to extract from the `user_url` endpoint returned json, they will also be added to the headers of the upstream server as `X-OAUTH-XXX` |
64 | | `config.hosted_domain` | | domain whose users must belong to in order to get logged in. Ignored if empty |
65 | | `config.email_key` | | key to be checked for hosted domain, taken from userinfo endpoint |
66 | | `config.user_info_periodic_check` | 60 | time in seconds between token checks |
67 |
68 | In addition to the `user_keys` will be added a `X-OAUTH-TOKEN` header with the access token of the provider.
69 |
70 | ## Author
71 | Niko Usai
72 |
73 | ## License
74 |
75 | Copyright 2016 Niko Usai
76 |
77 | Licensed under the Apache License, Version 2.0 (the "License");
78 | you may not use this file except in compliance with the License.
79 | You may obtain a copy of the License at
80 |
81 | http://www.apache.org/licenses/LICENSE-2.0
82 |
83 | Unless required by applicable law or agreed to in writing, software
84 | distributed under the License is distributed on an "AS IS" BASIS,
85 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
86 | See the License for the specific language governing permissions and
87 | limitations under the License.
88 |
--------------------------------------------------------------------------------
/external-oauth-1.1-5.rockspec:
--------------------------------------------------------------------------------
1 | package = "external-oauth"
2 | version = "1.1-5"
3 | source = {
4 | url = "git://github.com/mogui/kong-external-oauth"
5 | }
6 | description = {
7 | summary = "A Kong plugin, that let you use an external Oauth 2.0 provider to protect your API",
8 | license = "Apache 2.0"
9 | }
10 | dependencies = {
11 | "lua >= 5.1"
12 | -- If you depend on other rocks, add them here
13 | }
14 | build = {
15 | type = "builtin",
16 | modules = {
17 | ["kong.plugins.external-oauth.access"] = "src/access.lua",
18 | ["kong.plugins.external-oauth.handler"] = "src/handler.lua",
19 | ["kong.plugins.external-oauth.schema"] = "src/schema.lua"
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/src/access.lua:
--------------------------------------------------------------------------------
1 |
2 | -- Copyright 2016 Niko Usai
3 |
4 | -- Licensed under the Apache License, Version 2.0 (the "License");
5 | -- you may not use this file except in compliance with the License.
6 | -- You may obtain a copy of the License at
7 |
8 | -- http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | -- Unless required by applicable law or agreed to in writing, software
11 | -- distributed under the License is distributed on an "AS IS" BASIS,
12 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | -- See the License for the specific language governing permissions and
14 | -- limitations under the License.
15 |
16 | local _M = {}
17 | local cjson = require "cjson.safe"
18 | local pl_stringx = require "pl.stringx"
19 | local http = require "resty.http"
20 | local crypto = require "crypto"
21 |
22 | local OAUTH_CALLBACK = "^%s/oauth2/callback(/?(\\?[^\\s]*)*)$"
23 |
24 | function _M.run(conf)
25 | -- Check if the API has a request_path and if it's being invoked with the path resolver
26 | local path_prefix = ""
27 |
28 | if ngx.ctx.api.uris ~= nil then
29 | for index, value in ipairs(ngx.ctx.api.uris) do
30 | if pl_stringx.startswith(ngx.var.request_uri, value) then
31 | path_prefix = value
32 | break
33 | end
34 | end
35 |
36 | if pl_stringx.endswith(path_prefix, "/") then
37 | path_prefix = path_prefix:sub(1, path_prefix:len() - 1)
38 | end
39 |
40 | end
41 |
42 | local callback_url = ngx.var.scheme .. "://" .. ngx.var.host .. ":" .. ngx.var.server_port .. path_prefix .. "/oauth2/callback"
43 |
44 | -- check if we're calling the callback endpoint
45 | if ngx.re.match(ngx.var.request_uri, string.format(OAUTH_CALLBACK, path_prefix)) then
46 | handle_callback(conf, callback_url)
47 | else
48 | local encrypted_token = ngx.var.cookie_EOAuthToken
49 | -- check if we are authenticated already
50 | if encrypted_token then
51 | ngx.header["Set-Cookie"] = "EOAuthToken=" .. encrypted_token .. "; path=/;Max-Age=3000;HttpOnly"
52 |
53 | local access_token = decode_token(encrypted_token, conf)
54 | if not access_token then
55 | -- broken access token
56 | return redirect_to_auth( conf, callback_url )
57 | end
58 |
59 | -- Get user info
60 | if not ngx.var.cookie_EOAuthUserInfo then
61 | local httpc = http:new()
62 | local res, err = httpc:request_uri(conf.user_url, {
63 | method = "GET",
64 | ssl_verify = false,
65 | headers = {
66 | ["Authorization"] = "Bearer " .. access_token,
67 | }
68 | })
69 |
70 | if res then
71 | -- redirect to auth if user result is invalid not 200
72 | if res.status ~= 200 then
73 | return redirect_to_auth( conf, callback_url )
74 | end
75 |
76 | local json = cjson.decode(res.body)
77 |
78 | if conf.hosted_domain ~= "" and conf.email_key ~= "" then
79 | if not pl_stringx.endswith(json[conf.email_key], conf.hosted_domain) then
80 | ngx.say("Hosted domain is not matching")
81 | ngx.exit(ngx.HTTP_UNAUTHORIZED)
82 | return
83 | end
84 | end
85 |
86 | for i, key in ipairs(conf.user_keys) do
87 | ngx.header["X-Oauth-".. key] = json[key]
88 | ngx.req.set_header("X-Oauth-".. key, json[key])
89 | end
90 | ngx.header["X-Oauth-Token"] = access_token
91 |
92 | if type(ngx.header["Set-Cookie"]) == "table" then
93 | ngx.header["Set-Cookie"] = { "EOAuthUserInfo=0; Path=/;Max-Age=" .. conf.user_info_periodic_check .. ";HttpOnly", unpack(ngx.header["Set-Cookie"]) }
94 | else
95 | ngx.header["Set-Cookie"] = { "EOAuthUserInfo=0; Path=/;Max-Age=" .. conf.user_info_periodic_check .. ";HttpOnly", ngx.header["Set-Cookie"] }
96 | end
97 |
98 | else
99 | ngx.say(err)
100 | ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
101 | return
102 | end
103 | end
104 |
105 |
106 | else
107 | return redirect_to_auth( conf, callback_url )
108 | end
109 | end
110 |
111 | end
112 |
113 | function redirect_to_auth( conf, callback_url )
114 | -- Track the endpoint they wanted access to so we can transparently redirect them back
115 | ngx.header["Set-Cookie"] = "EOAuthRedirectBack=" .. ngx.var.request_uri .. "; path=/;Max-Age=120"
116 | -- Redirect to the /oauth endpoint
117 | local oauth_authorize = conf.authorize_url .. "?response_type=code&client_id=" .. conf.client_id .. "&redirect_uri=" .. callback_url .. "&scope=" .. conf.scope
118 | return ngx.redirect(oauth_authorize)
119 | end
120 |
121 | function encode_token(token, conf)
122 | return ngx.encode_base64(crypto.encrypt("aes-128-cbc", token, crypto.digest('md5',conf.client_secret)))
123 | end
124 |
125 | function decode_token(token, conf)
126 | status, token = pcall(function () return crypto.decrypt("aes-128-cbc", ngx.decode_base64(token), crypto.digest('md5',conf.client_secret)) end)
127 | if status then
128 | return token
129 | else
130 | return nil
131 | end
132 | end
133 |
134 | -- Callback Handling
135 | function handle_callback( conf, callback_url )
136 | local args = ngx.req.get_uri_args()
137 |
138 | if args.code then
139 | local httpc = http:new()
140 | local res, err = httpc:request_uri(conf.token_url, {
141 | method = "POST",
142 | ssl_verify = false,
143 | body = "grant_type=authorization_code&client_id=" .. conf.client_id .. "&client_secret=" .. conf.client_secret .. "&code=" .. args.code .. "&redirect_uri=" .. callback_url,
144 | headers = {
145 | ["Content-Type"] = "application/x-www-form-urlencoded",
146 | }
147 | })
148 |
149 | if not res then
150 | ngx.say("failed to request: ", err)
151 | ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
152 | end
153 |
154 | local json = cjson.decode(res.body)
155 | local access_token = json.access_token
156 | if not access_token then
157 | ngx.say(json.error_description)
158 | ngx.exit(ngx.HTTP_BAD_REQUEST)
159 | end
160 |
161 |
162 | ngx.header["Set-Cookie"] = "EOAuthToken="..encode_token( access_token, conf ) .. "; path=/;Max-Age=3000;HttpOnly"
163 | -- Support redirection back to your request if necessary
164 | local redirect_back = ngx.var.cookie_EOAuthRedirectBack
165 | if redirect_back then
166 | return ngx.redirect(redirect_back)
167 | else
168 | return ngx.redirect(ngx.ctx.api.request_path)
169 | end
170 | else
171 | ngx.say("User has denied access to the resources.")
172 | ngx.exit(ngx.HTTP_UNAUTHORIZED)
173 | end
174 | end
175 |
176 | return _M
177 |
--------------------------------------------------------------------------------
/src/handler.lua:
--------------------------------------------------------------------------------
1 |
2 | -- Copyright 2016 Niko Usai
3 |
4 | -- Licensed under the Apache License, Version 2.0 (the "License");
5 | -- you may not use this file except in compliance with the License.
6 | -- You may obtain a copy of the License at
7 |
8 | -- http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | -- Unless required by applicable law or agreed to in writing, software
11 | -- distributed under the License is distributed on an "AS IS" BASIS,
12 | -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | -- See the License for the specific language governing permissions and
14 | -- limitations under the License.
15 |
16 | local BasePlugin = require "kong.plugins.base_plugin"
17 | local access = require "kong.plugins.external-oauth.access"
18 |
19 | local ExtOauthPlugin = BasePlugin:extend()
20 |
21 | function ExtOauthPlugin:new()
22 | ExtOauthPlugin.super.new(self, "external-oauth")
23 | end
24 |
25 | function ExtOauthPlugin:access(conf)
26 | ExtOauthPlugin.super.access(self)
27 | access.run(conf)
28 | end
29 |
30 | return ExtOauthPlugin
31 |
--------------------------------------------------------------------------------
/src/schema.lua:
--------------------------------------------------------------------------------
1 | local url = require "socket.url"
2 |
3 | local function validate_url(value)
4 | local parsed_url = url.parse(value)
5 | if parsed_url.scheme and parsed_url.host then
6 | parsed_url.scheme = parsed_url.scheme:lower()
7 | if not (parsed_url.scheme == "http" or parsed_url.scheme == "https") then
8 | return false, "Supported protocols are HTTP and HTTPS"
9 | end
10 | end
11 |
12 | return true
13 | end
14 |
15 | return {
16 | fields = {
17 | authorize_url = {type = "url", required = true, func = validate_url},
18 | token_url = {type = "url", required = true, func = validate_url},
19 | user_url = {type = "url", required = true, func = validate_url},
20 | client_id = {type = "string", required = true},
21 | client_secret = {type = "string", required = true},
22 | scope = {type = "string", default = ""},
23 | user_keys = {type = "array", default = {"username", "email"}},
24 | user_info_periodic_check = {type = "number", required = true, default = 60},
25 | hosted_domain = {type = "string", default = ""},
26 | email_key = {type = "string", default = ""}
27 | }
28 | }
29 |
--------------------------------------------------------------------------------