[BOT] post-merge updates

OCA · Oct 9, 2023 · 0513ca2 · 0513ca2
1 parent da1a764
commit 0513ca2
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -27,7 +27,7 @@ addon | version | maintainers | summary
 [auth_jwt](auth_jwt/) | 16.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | JWT bearer token authentication.
 [auth_jwt_demo](auth_jwt_demo/) | 16.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Test/demo module for auth_jwt.
 [auth_ldaps](auth_ldaps/) | 16.0.1.0.0 |  | Allows to use LDAP over SSL authentication
-[auth_oidc](auth_oidc/) | 16.0.1.0.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
+[auth_oidc](auth_oidc/) | 16.0.1.0.1 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider
 [auth_oidc_environment](auth_oidc_environment/) | 16.0.1.0.0 |  | This module allows to use server env for OIDC configuration
 [auth_saml](auth_saml/) | 16.0.1.0.2 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication
 [auth_session_timeout](auth_session_timeout/) | 16.0.1.0.0 |  | This module disable all inactive sessions since a given delay

diff --git a/auth_oidc/README.rst b/auth_oidc/README.rst
@@ -7,7 +7,7 @@ Authentication OpenID Connect
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:0e77943e35a7d7c6fb3b6f9e5753d5870e6023f5614e17f7bc0c32522086c49a
+   !! source digest: sha256:bdea2939597996bddfbd2c7949c8da2ad701b61203c3fd62c0c640bb5721eaf1
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -51,11 +51,9 @@ Configuration
 Setup for Microsoft Azure
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Example configuration with OpenID Connect implicit flow.
-This configuration is not recommended because it exposes the access token
-to the client, and in logs.
+Example configuration with OpenID Connect authorization code flow.
 
-# configure a new web application in Azure with OpenID and implicit flow (see
+# configure a new web application in Azure with OpenID and code flow (see
   the `provider documentation
   <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider)>`_)
 # in this application the redirect url must be be "<url of your
@@ -66,15 +64,29 @@ to the client, and in logs.
   <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings>`_
   for more information):
 
-* Provider Name: Azure
-* Auth Flow: OpenID Connect
-* Client ID: use the value of the OAuth2 autorization endoing (v2) from the Azure Endpoints list
-* Body: Azure SSO
-* Authentication URL: use the value of "OAuth2 autorization endpoint (v2)" from the Azure endpoints list
-* Scope: openid email
-* Validation URL: use the value of "OAuth2 token endpoint (v2)" from the Azure endpoints list
+.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png
+
+.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png
+
+Single tenant provider limits the access to user of your tenant,
+while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login
+without an guest account.
+
+* Provider Name: Azure AD Single Tenant
+* Client ID: Application (client) id
+* Client Secret: Client secret
 * Allowed: yes
 
+or
+
+* Provider Name: Azure AD Multitenant
+* Client ID: Application (client) id
+* Client Secret: Client secret
+* Allowed: yes
+* replace {tenant_id} in urls with your Azure tenant id
+
+.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png
+
 
 Setup for Keycloak
 ~~~~~~~~~~~~~~~~~~

diff --git a/auth_oidc/__manifest__.py b/auth_oidc/__manifest__.py
@@ -4,7 +4,7 @@
 
 {
     "name": "Authentication OpenID Connect",
-    "version": "16.0.1.0.0",
+    "version": "16.0.1.0.1",
     "license": "AGPL-3",
     "author": (
         "ICTSTUDIO, André Schenkels, "

diff --git a/auth_oidc/static/description/index.html b/auth_oidc/static/description/index.html
@@ -367,7 +367,7 @@ <h1 class="title">Authentication OpenID Connect</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:0e77943e35a7d7c6fb3b6f9e5753d5870e6023f5614e17f7bc0c32522086c49a
+!! source digest: sha256:bdea2939597996bddfbd2c7949c8da2ad701b61203c3fd62c0c640bb5721eaf1
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
 <p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/auth_oidc"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oidc"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>This module allows users to login through an OpenID Connect provider using the
@@ -409,11 +409,9 @@ <h1><a class="toc-backref" href="#toc-entry-1">Installation</a></h1>
 <h1><a class="toc-backref" href="#toc-entry-2">Configuration</a></h1>
 <div class="section" id="setup-for-microsoft-azure">
 <h2><a class="toc-backref" href="#toc-entry-3">Setup for Microsoft Azure</a></h2>
-<p>Example configuration with OpenID Connect implicit flow.
-This configuration is not recommended because it exposes the access token
-to the client, and in logs.</p>
+<p>Example configuration with OpenID Connect authorization code flow.</p>
 <dl class="docutils">
-<dt># configure a new web application in Azure with OpenID and implicit flow (see</dt>
+<dt># configure a new web application in Azure with OpenID and code flow (see</dt>
 <dd>the <a class="reference external" href="https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider)">provider documentation</a>)</dd>
 <dt># in this application the redirect url must be be “&lt;url of your</dt>
 <dd>server&gt;/auth_oauth/signin” and of course this URL should be reachable from
@@ -422,16 +420,26 @@ <h2><a class="toc-backref" href="#toc-entry-3">Setup for Microsoft Azure</a></h2
 <dd>parameters (see the <a class="reference external" href="https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings">portal documentation</a>
 for more information):</dd>
 </dl>
+<img alt="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png" />
+<img alt="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png" />
+<p>Single tenant provider limits the access to user of your tenant,
+while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login
+without an guest account.</p>
 <ul class="simple">
-<li>Provider Name: Azure</li>
-<li>Auth Flow: OpenID Connect</li>
-<li>Client ID: use the value of the OAuth2 autorization endoing (v2) from the Azure Endpoints list</li>
-<li>Body: Azure SSO</li>
-<li>Authentication URL: use the value of “OAuth2 autorization endpoint (v2)” from the Azure endpoints list</li>
-<li>Scope: openid email</li>
-<li>Validation URL: use the value of “OAuth2 token endpoint (v2)” from the Azure endpoints list</li>
+<li>Provider Name: Azure AD Single Tenant</li>
+<li>Client ID: Application (client) id</li>
+<li>Client Secret: Client secret</li>
+<li>Allowed: yes</li>
+</ul>
+<p>or</p>
+<ul class="simple">
+<li>Provider Name: Azure AD Multitenant</li>
+<li>Client ID: Application (client) id</li>
+<li>Client Secret: Client secret</li>
 <li>Allowed: yes</li>
+<li>replace {tenant_id} in urls with your Azure tenant id</li>
 </ul>
+<img alt="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png" src="https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png" />
 </div>
 <div class="section" id="setup-for-keycloak">
 <h2><a class="toc-backref" href="#toc-entry-4">Setup for Keycloak</a></h2>