]>
git.proxmox.com Git - pve-access-control.git/blob - src/PVE/Auth/OpenId.pm
0fbcde4428a3183d0d5f3517d4c176aa6391328f
1 package PVE
::Auth
::OpenId
;
8 use PVE
::Cluster
qw(cfs_register_file cfs_read_file cfs_write_file cfs_lock_file);
10 use base
qw(PVE::Auth::Plugin);
19 description
=> "OpenID Issuer Url",
24 description
=> "OpenID Client ID",
29 description
=> "OpenID Client Key",
35 description
=> "Automatically create users if they do not exist.",
41 description
=> "OpenID claim used to generate the unique username.",
46 description
=> "Specifies whether the Authorization Server prompts the End-User for"
47 ." reauthentication and consent.",
49 pattern
=> '(?:none|login|consent|select_account|\S+)', # \S+ is the extension variant
53 description
=> "Specifies the scopes (user details) that should be authorized and"
54 ." returned, for example 'email' or 'profile'.",
55 type
=> 'string', # format => 'some-safe-id-list', # FIXME: TODO
56 default => "email profile",
66 "client-key" => { optional
=> 1 },
67 autocreate
=> { optional
=> 1 },
68 "username-claim" => { optional
=> 1, fixed
=> 1 },
69 prompt
=> { optional
=> 1 },
70 scopes
=> { optional
=> 1 },
71 default => { optional
=> 1 },
72 comment
=> { optional
=> 1 },
76 sub authenticate_user
{
77 my ($class, $config, $realm, $username, $password) = @_;
79 die "OpenID realm does not allow password verification.\n";