Guides
System Settings
Authentication
Integrate OAuth2

Integrate OAuth2 authentication

About OAuth2

Open Authorization 2.0 (OAuth2) is an open authorization protocol that allows third-party applications to access user resources stored on other service providers (such as Google, Facebook, GitHub, etc.) without exposing the user's password. OAuth2 enables users to grant third-party applications specific resource permissions without sharing their login credentials.

How to configure

1
In the upper-right corner of any page in JumpServer, click .image
2

Navigate to System settings > Authentication > OAuth2.

3

In the OAuth2 field, check to enable OAuth2 authentication.

4

In the Service provider field, type the OAuth2 service provider name, such as GitHub, Google, Facebook, etc.

5

In the Logo field, upload the OAuth2 service provider logo, recommended to use a size of 64px * 64px.

The Service provider and logo will be displayed on the login page.

image
6

In the Client ID field, type the client ID provided by the OAuth2 service provider.

7

In the Client secret field, type the client secret provided by the OAuth2 service provider.

8

In the Request method field, select a method to obtain a token.

image
Request Method
Description
GET
Use the GET method to obtain the token, with the client ID and client secret included in the request headers.
POST-DATA
Use the POST method to obtain a token, with client ID and client secret included as "raw data" in the request body.
POST-JSON
Use the POST method to obtain a token, with client ID and client secret included as "JSON data" in the request body.
9

In the Scope field, defines the range of user information that the client requests access to in an authorization request. Multiple pieces of information are separated by spaces, such as "user user:email user:login".

10

In the Authorization endpoint field, type the OAuth2 authorization endpoint, such as "https://​github.com/login/oauth/authorize".

11

In the Token endpoint field, type the OAuth2 token endpoint, such as "https://​github.com/login/oauth/access_token".

12

In the Userinfo endpoint field, type the OAuth2 userinfo endpoint, such as "https://​api.github.com/user".

13

In the End session endpoint field, type the OAuth2 end session endpoint, such as "https://​github.com/logout", when the user logs out, this endpoint will be called.

14

In the User attribute field, type the user attribute mapping. The key represents the JumpServer user attribute name (available options: name, username, email, groups, phone, comment), while the value corresponds to the OAuth2 user attribute name.

OAuth2 User Attribute Example
{
  "name": "user",
  "username": "name",
  "email": "user:email"
}
15

In the Organization field, after authentication and creation, the user will be added to the selected organization.

16

In the Always update user field, when checked, after OAuth2 user authentication, user information (only includes: name, username, email, phone, comment) will be updated each time, "groups" are only synchronized when the user is created.

17

In the Logout completely field, when checked, the user will be logged out from the OAuth2 service by calling the "End session endpoint" upon logging out.

18

Click Submit.

JumpServer OAuth2 URLs

Login URL
https://jumpserver.example.com/core/auth/oauth2/login/
Login Success Callback URL
https://jumpserver.example.com/core/auth/oauth2/callback/
Logout URL
https://jumpserver.example.com/core/auth/oauth2/logout/
Integrate SAML2Integrate WeCom