From 8eba1e793216d2a23daeab63e23f3e6aecfaa19f Mon Sep 17 00:00:00 2001 From: "xiaojin.hxj" Date: Mon, 24 Apr 2023 14:52:45 +0800 Subject: [PATCH] connector/dingtalk:Add Alibaba Dingtalk connector document Signed-off-by: xiaojin.hxj --- content/docs/connectors/dingtalk.md | 37 +++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 content/docs/connectors/dingtalk.md diff --git a/content/docs/connectors/dingtalk.md b/content/docs/connectors/dingtalk.md new file mode 100644 index 0000000..e1bdc86 --- /dev/null +++ b/content/docs/connectors/dingtalk.md @@ -0,0 +1,37 @@ +--- +title: "Authentication Through Dingtalk" +linkTitle: "Dingtalk" +description: "" +date: 2023-04-24 +draft: false +toc: true +weight: 2130 +--- + +## Overview + +One of the login options for dex uses the Dingtalk OAuth2 flow to identify the end user through their Dingtalk account. + +When a client redeems a refresh token through dex, dex will re-query Dingtalk to update user information in the ID Token. To do this, __dex stores a readonly Dingtalk access token in its backing datastore.__ Users that reject dex's access through Dingtalk will also revoke all dex clients which authenticated them through Dingtalk. + +## Configuration + +Register a new application via [dingtalk open platform](https://open-dev.dingtalk.com/fe/app#/corp/app) ensuring the callback URL is `(dex issuer)/callback`. For example if dex is listening at the non-root path `https://auth.example.com/dex` the callback would be `https://auth.example.com/dex/callback`. + +The application requires the user to grant the `Contact.User.mobile` and `Contact.User.Read` scopes. The latter is required only if group membership is a desired claim. + +The following is an example of a configuration for `examples/config-dev.yaml`: + +```yaml +connectors: + - type: dingtalk + # Required field for connector id. + id: dingtalk + # Required field for connector name. + name: dingtalk + config: + # Credentials can be string literals or pulled from the environment. + appId: $DINGTALK_APPLICATION_ID + appSecret: $DINGTALK_CLIENT_SECRET + redirectURI: http://127.0.0.1:5556/dex/callback +``` \ No newline at end of file