From 3a5e71f347bfe7f8daf96161ea1bcdda34f396ce Mon Sep 17 00:00:00 2001 From: wluyima Date: Mon, 10 Jun 2024 13:12:04 +0300 Subject: [PATCH 1/5] [IMP] auth_oidc: add end_session_endpoint field to AuthOauthProvider Co-authored-by: @konykon --- auth_oidc/models/auth_oauth_provider.py | 1 + auth_oidc/views/auth_oauth_provider.xml | 1 + 2 files changed, 2 insertions(+) diff --git a/auth_oidc/models/auth_oauth_provider.py b/auth_oidc/models/auth_oauth_provider.py index ac498a7cdb..d5d1a82772 100644 --- a/auth_oidc/models/auth_oauth_provider.py +++ b/auth_oidc/models/auth_oauth_provider.py @@ -46,6 +46,7 @@ class AuthOauthProvider(models.Model): string="Token URL", help="Required for OpenID Connect authorization code flow." ) jwks_uri = fields.Char(string="JWKS URL", help="Required for OpenID Connect.") + end_session_endpoint = fields.Char(string="End Session URL") @tools.ormcache("self.jwks_uri", "kid") def _get_keys(self, kid): diff --git a/auth_oidc/views/auth_oauth_provider.xml b/auth_oidc/views/auth_oauth_provider.xml index 90c931b417..c890fb55a8 100644 --- a/auth_oidc/views/auth_oauth_provider.xml +++ b/auth_oidc/views/auth_oauth_provider.xml @@ -18,6 +18,7 @@ + From dc2a1ceb9c06ff7762fd9539430d92c69ad76fdd Mon Sep 17 00:00:00 2001 From: oca-ci Date: Fri, 31 Oct 2025 09:27:30 +0000 Subject: [PATCH 2/5] [UPD] Update auth_oidc.pot --- auth_oidc/i18n/auth_oidc.pot | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/auth_oidc/i18n/auth_oidc.pot b/auth_oidc/i18n/auth_oidc.pot index d5aa8dd5a8..84b0114b36 100644 --- a/auth_oidc/i18n/auth_oidc.pot +++ b/auth_oidc/i18n/auth_oidc.pot @@ -28,6 +28,11 @@ msgstr "" msgid "Code Verifier" msgstr "" +#. module: auth_oidc +#: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__end_session_endpoint +msgid "End Session URL" +msgstr "" + #. module: auth_oidc #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__jwks_uri msgid "JWKS URL" From 3ef21367ae0ba0ef318b09b1f1e19b3fdc02d981 Mon Sep 17 00:00:00 2001 From: OCA-git-bot Date: Fri, 31 Oct 2025 09:33:33 +0000 Subject: [PATCH 3/5] [BOT] post-merge updates --- README.md | 2 +- auth_oidc/README.rst | 94 +++++++++++++------------ auth_oidc/__manifest__.py | 2 +- auth_oidc/static/description/index.html | 60 +++++++++------- 4 files changed, 84 insertions(+), 74 deletions(-) diff --git a/README.md b/README.md index ae460a4057..403dcf4bb5 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ addon | version | maintainers | summary [auth_jwt_demo](auth_jwt_demo/) | 18.0.1.0.0 | sbidoul | Test/demo module for auth_jwt. [auth_oauth_filter_by_domain](auth_oauth_filter_by_domain/) | 18.0.1.0.0 | natuan9 | Filter OAuth providers by domain [auth_oauth_multi_token](auth_oauth_multi_token/) | 18.0.2.0.0 | | Allow multiple connection with the same OAuth account -[auth_oidc](auth_oidc/) | 18.0.1.0.0 | sbidoul | Allow users to login through OpenID Connect Provider +[auth_oidc](auth_oidc/) | 18.0.1.1.0 | sbidoul | Allow users to login through OpenID Connect Provider [auth_oidc_environment](auth_oidc_environment/) | 18.0.1.0.0 | | This module allows to use server env for OIDC configuration [auth_saml](auth_saml/) | 18.0.1.1.0 | vincent-hatakeyama | SAML2 Authentication [auth_session_timeout](auth_session_timeout/) | 18.0.1.0.0 | | This module disable all inactive sessions since a given delay diff --git a/auth_oidc/README.rst b/auth_oidc/README.rst index 0f673d13c0..47ea133ab5 100644 --- a/auth_oidc/README.rst +++ b/auth_oidc/README.rst @@ -1,3 +1,7 @@ +.. image:: https://odoo-community.org/readme-banner-image + :target: https://odoo-community.org/get-involved?utm_source=readme + :alt: Odoo Community Association + ============================= Authentication OpenID Connect ============================= @@ -7,13 +11,13 @@ Authentication OpenID Connect !! This file is generated by oca-gen-addon-readme !! !! changes will be overwritten. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - !! source digest: sha256:cd754fc72d2039d02ab1b8aec98af43fb9543c9a70f2150ab6e482954e4e83d6 + !! source digest: sha256:d5e5a3781c5ed38c37634f69bdcfdce055fa97a302c49acd1ea9e25b4a610454 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png :target: https://odoo-community.org/page/development-status :alt: Beta -.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png +.. |badge2| image:: https://img.shields.io/badge/license-AGPL--3-blue.png :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html :alt: License: AGPL-3 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github @@ -75,18 +79,18 @@ Single tenant provider limits the access to user of your tenant, while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login without an guest account. -- Provider Name: Azure AD Single Tenant -- Client ID: Application (client) id -- Client Secret: Client secret -- Allowed: yes +- Provider Name: Azure AD Single Tenant +- Client ID: Application (client) id +- Client Secret: Client secret +- Allowed: yes or -- Provider Name: Azure AD Multitenant -- Client ID: Application (client) id -- Client Secret: Client secret -- Allowed: yes -- replace {tenant_id} in urls with your Azure tenant id +- Provider Name: Azure AD Multitenant +- Client ID: Application (client) id +- Client Secret: Client secret +- Allowed: yes +- replace {tenant_id} in urls with your Azure tenant id |image2| @@ -106,22 +110,22 @@ In Keycloak: In Odoo, create a new Oauth Provider with the following parameters: -- Provider name: Keycloak (or any name you like that identify your - keycloak provider) -- Auth Flow: OpenID Connect (authorization code flow) -- Client ID: the same Client ID you entered when configuring the client - in Keycloak -- Client Secret: found in keycloak on the client Credentials tab -- Allowed: yes -- Body: the link text to appear on the login page, such as Login with - Keycloak -- Scope: openid email -- Authentication URL: The "authorization_endpoint" URL found in the - OpenID Endpoint Configuration of your Keycloak realm -- Token URL: The "token_endpoint" URL found in the OpenID Endpoint - Configuration of your Keycloak realm -- JWKS URL: The "jwks_uri" URL found in the OpenID Endpoint - Configuration of your Keycloak realm +- Provider name: Keycloak (or any name you like that identify your + keycloak provider) +- Auth Flow: OpenID Connect (authorization code flow) +- Client ID: the same Client ID you entered when configuring the client + in Keycloak +- Client Secret: found in keycloak on the client Credentials tab +- Allowed: yes +- Body: the link text to appear on the login page, such as Login with + Keycloak +- Scope: openid email +- Authentication URL: The "authorization_endpoint" URL found in the + OpenID Endpoint Configuration of your Keycloak realm +- Token URL: The "token_endpoint" URL found in the OpenID Endpoint + Configuration of your Keycloak realm +- JWKS URL: The "jwks_uri" URL found in the OpenID Endpoint + Configuration of your Keycloak realm .. |image| image:: https://raw.githubusercontent.com/OCA/server-auth/18.0/auth_oidc/static/description/oauth-microsoft_azure-api_permissions.png .. |image1| image:: https://raw.githubusercontent.com/OCA/server-auth/18.0/auth_oidc/static/description/oauth-microsoft_azure-optional_claims.png @@ -135,10 +139,10 @@ On the login page, click on the authentication provider you configured. Known issues / Roadmap ====================== -- When going to the login screen, check for a existing token and do a - direct login without the clicking on the SSO link -- When doing a logout an extra option to also logout at the SSO - provider. +- When going to the login screen, check for a existing token and do a + direct login without the clicking on the SSO link +- When doing a logout an extra option to also logout at the SSO + provider. Changelog ========= @@ -146,52 +150,52 @@ Changelog 18.0.1.0.0 2024-10-09 --------------------- -- Odoo 18 migration +- Odoo 18 migration 17.0.1.0.0 2024-03-20 --------------------- -- Odoo 17 migration +- Odoo 17 migration 16.0.1.1.0 2024-02-28 --------------------- -- Forward port OpenID Connect fixes from 15.0 to 16.0 +- Forward port OpenID Connect fixes from 15.0 to 16.0 16.0.1.0.2 2023-11-16 --------------------- -- Readme link updates +- Readme link updates 16.0.1.0.1 2023-10-09 --------------------- -- Add AzureAD code flow provider +- Add AzureAD code flow provider 16.0.1.0.0 2023-01-27 --------------------- -- Odoo 16 migration +- Odoo 16 migration 15.0.1.0.0 2023-01-06 --------------------- -- Odoo 15 migration +- Odoo 15 migration 14.0.1.0.0 2021-12-10 --------------------- -- Odoo 14 migration +- Odoo 14 migration 13.0.1.0.0 2020-04-10 --------------------- -- Odoo 13 migration, add authorization code flow. +- Odoo 13 migration, add authorization code flow. 10.0.1.0.0 2018-10-05 --------------------- -- Initial implementation +- Initial implementation Bug Tracker =========== @@ -216,10 +220,10 @@ Authors Contributors ------------ -- Alexandre Fayolle -- Stéphane Bidoul -- David Jaen -- Andreas Perhab +- Alexandre Fayolle +- Stéphane Bidoul +- David Jaen +- Andreas Perhab Maintainers ----------- diff --git a/auth_oidc/__manifest__.py b/auth_oidc/__manifest__.py index f6897d2f7b..77363048b9 100644 --- a/auth_oidc/__manifest__.py +++ b/auth_oidc/__manifest__.py @@ -4,7 +4,7 @@ { "name": "Authentication OpenID Connect", - "version": "18.0.1.0.0", + "version": "18.0.1.1.0", "license": "AGPL-3", "author": ( "ICTSTUDIO, André Schenkels, " diff --git a/auth_oidc/static/description/index.html b/auth_oidc/static/description/index.html index 8af7befc5e..319e44bead 100644 --- a/auth_oidc/static/description/index.html +++ b/auth_oidc/static/description/index.html @@ -3,7 +3,7 @@ -Authentication OpenID Connect +README.rst -
-

Authentication OpenID Connect

+
+ + +Odoo Community Association + +
+

Authentication OpenID Connect

-

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

+

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

This module allows users to login through an OpenID Connect provider using the authorization code flow or implicit flow.

Note the implicit flow is not recommended because it exposes access @@ -408,15 +413,15 @@

Authentication OpenID Connect

-

Installation

+

Installation

This module depends on the python-jose library, not to be confused with jose which is also available on PyPI.

-

Configuration

+

Configuration

-

Setup for Microsoft Azure

+

Setup for Microsoft Azure

Example configuration with OpenID Connect authorization code flow.

  1. configure a new web application in Azure with OpenID and code flow @@ -452,7 +457,7 @@

    Setup for Microsoft Azure

    image2

-

Setup for Keycloak

+

Setup for Keycloak

Example configuration with OpenID Connect authorization code flow.

In Keycloak:

    @@ -485,11 +490,11 @@

    Setup for Keycloak

-

Usage

+

Usage

On the login page, click on the authentication provider you configured.

-

Known issues / Roadmap

+

Known issues / Roadmap

  • When going to the login screen, check for a existing token and do a direct login without the clicking on the SSO link
    • @@ -498,70 +503,70 @@

    Known issues / Roadmap

-

Changelog

+

Changelog

-

16.0.1.1.0 2024-02-28

+

16.0.1.1.0 2024-02-28

  • Forward port OpenID Connect fixes from 15.0 to 16.0
-

16.0.1.0.1 2023-10-09

+

16.0.1.0.1 2023-10-09

  • Add AzureAD code flow provider
-

13.0.1.0.0 2020-04-10

+

13.0.1.0.0 2020-04-10

  • Odoo 13 migration, add authorization code flow.
-

10.0.1.0.0 2018-10-05

+

10.0.1.0.0 2018-10-05

  • Initial implementation
-

Bug Tracker

+

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed @@ -569,9 +574,9 @@

Bug Tracker

Do not contact contributors directly about support or help with technical issues.

-

Credits

+

Credits

-

Authors

+

Authors

  • ICTSTUDIO
  • André Schenkels
    • @@ -579,7 +584,7 @@

    Authors

-

Contributors

+

Contributors

-

Maintainers

+

Maintainers

This module is maintained by the OCA.

Odoo Community Association @@ -603,5 +608,6 @@

Maintainers

+
From 69aad7b73dfe602326a0507821e32d5ee7d12bf9 Mon Sep 17 00:00:00 2001 From: Weblate Date: Fri, 31 Oct 2025 09:33:42 +0000 Subject: [PATCH 4/5] Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Translation: server-auth-18.0/server-auth-18.0-auth_oidc Translate-URL: https://translation.odoo-community.org/projects/server-auth-18-0/server-auth-18-0-auth_oidc/ --- auth_oidc/i18n/es.po | 5 +++++ auth_oidc/i18n/it.po | 5 +++++ auth_oidc/i18n/zh_CN.po | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/auth_oidc/i18n/es.po b/auth_oidc/i18n/es.po index 6cda9344b2..cc969b24ab 100644 --- a/auth_oidc/i18n/es.po +++ b/auth_oidc/i18n/es.po @@ -31,6 +31,11 @@ msgstr "Secreto del cliente" msgid "Code Verifier" msgstr "Verificador del código" +#. module: auth_oidc +#: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__end_session_endpoint +msgid "End Session URL" +msgstr "" + #. module: auth_oidc #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__jwks_uri msgid "JWKS URL" diff --git a/auth_oidc/i18n/it.po b/auth_oidc/i18n/it.po index a853800279..5f9f762346 100644 --- a/auth_oidc/i18n/it.po +++ b/auth_oidc/i18n/it.po @@ -31,6 +31,11 @@ msgstr "Chiave segreta client" msgid "Code Verifier" msgstr "Verificatore codice" +#. module: auth_oidc +#: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__end_session_endpoint +msgid "End Session URL" +msgstr "" + #. module: auth_oidc #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__jwks_uri msgid "JWKS URL" diff --git a/auth_oidc/i18n/zh_CN.po b/auth_oidc/i18n/zh_CN.po index 4914868566..fc2cffac3f 100644 --- a/auth_oidc/i18n/zh_CN.po +++ b/auth_oidc/i18n/zh_CN.po @@ -31,6 +31,11 @@ msgstr "客户端密钥" msgid "Code Verifier" msgstr "代码验证器" +#. module: auth_oidc +#: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__end_session_endpoint +msgid "End Session URL" +msgstr "" + #. module: auth_oidc #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__jwks_uri msgid "JWKS URL" From 057606b0f3d8dde0a1ea9735f649fe886e730705 Mon Sep 17 00:00:00 2001 From: mymage Date: Mon, 3 Nov 2025 07:44:09 +0000 Subject: [PATCH 5/5] Translated using Weblate (Italian) Currently translated at 100.0% (21 of 21 strings) Translation: server-auth-18.0/server-auth-18.0-auth_oidc Translate-URL: https://translation.odoo-community.org/projects/server-auth-18-0/server-auth-18-0-auth_oidc/it/ --- auth_oidc/i18n/it.po | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/auth_oidc/i18n/it.po b/auth_oidc/i18n/it.po index 5f9f762346..ad2c72c66b 100644 --- a/auth_oidc/i18n/it.po +++ b/auth_oidc/i18n/it.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: Odoo Server 16.0\n" "Report-Msgid-Bugs-To: \n" -"PO-Revision-Date: 2024-01-05 10:34+0000\n" +"PO-Revision-Date: 2025-11-03 10:07+0000\n" "Last-Translator: mymage \n" "Language-Team: none\n" "Language: it\n" @@ -14,7 +14,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: \n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Weblate 4.17\n" +"X-Generator: Weblate 5.10.4\n" #. module: auth_oidc #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__flow @@ -34,7 +34,7 @@ msgstr "Verificatore codice" #. module: auth_oidc #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__end_session_endpoint msgid "End Session URL" -msgstr "" +msgstr "URL fine sessione" #. module: auth_oidc #: model:ir.model.fields,field_description:auth_oidc.field_auth_oauth_provider__jwks_uri