If you are a developer you can send a Pull Request.
Also, If you are adding one more provider to Social Login Keys, I’ll suggest to refactor the singles DocType Social Login Keys, such that users can add any providers with ease.
When pressing the custom ID login the window pops up correctly and one can identify. However the user does not get a session, as a result we see Missing parameter with login: Status: 417.
@revant_one It seems the token is not parsed by frappe. What is the correct Redirect URL parameter for custom oAuth?
Note: The provider name is converted to the_snake_case slug. If you name the provider Redhat Keycloak the redirect_url will be /api/method/frappe.integrations.oauth2_logins.custom/redhat_keycloak
Which permissions are needed for oAuth login and where can we define it? Also we need to define somewhere the standard role for new users (like in the LDAP settings).
Do you have anything on /login query param? e.g. /login?redirect-to=/api/method/ping
After social login or normal login the redirect-to query param will be respected.
if redirect-to has certain doctype in query and the new openid connect user does not have required role in the system this may happen.
Still no clue where I could set the default login permissions.
Nothing is appended on the /login query parameter.
After authenticating in keycloak and returning to ERPnext we have the URL https://erp.ourdomain.net/api/method/frappe.integrations.oauth2_logins/fairlogin?state=longkeyhere
The redirect URI needs to be here: https://erp.ourdomain.net/api/method/frappe.integrations.oauth2_logins/fairlogin (not as in your example without base URL and with oauth2_logins.custom)
What is the User ID Property field for in the Social Login Key settings? Could I set a default role there?
EDIT: after upgrade from frappe/ERPnext v11 to v12 I get:
AttributeError: ‘module’ object has no attribute ‘custom’ when using
I think new users are Website User. There is no default role assigned to new users created via Social Login like LDAP
fairlogin provider is part of selection, you don’t need to modify anything.
Custom provider is used to add any provider which is not available in selection.
It is the openid profile (userinfo_endpoint) property which identifies the user’s id. It is sub by default. It has nothing to do with user roles.
It seems this custom outh code did not make it into v12. At least there is no /api/method/frappe.integrations.custom and def custom(code, state) in social_login_key.py.
Else we need another "redirect_url": "/api/method/frappe.integrations.oauth2_logins.custom/keycloak"
There is no default role assigned to new users created via Social Login like LDAP
Web site user role is not sufficient for our users, who should also have the role customer to be able to do a purchase in the webshop.