[DOC] auth_oidc: fix images and convert to md

auth_oidc/README.rst

@@ -7,7 +7,7 @@ Authentication OpenID Connect
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:bdea2939597996bddfbd2c7949c8da2ad701b61203c3fd62c0c640bb5721eaf1
+   !! source digest: sha256:a54c4126f9873d2af17b9228f9afa844806a2541b42dc7945ec41be08379a915
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -28,11 +28,11 @@ Authentication OpenID Connect
 
 |badge1| |badge2| |badge3| |badge4| |badge5|
 
-This module allows users to login through an OpenID Connect provider using the
-authorization code flow or implicit flow.
+This module allows users to login through an OpenID Connect provider
+using the authorization code flow or implicit flow.
 
-Note the implicit flow is not recommended because it exposes access tokens to
-the browser and in http logs.
+Note the implicit flow is not recommended because it exposes access
+tokens to the browser and in http logs.
 
 **Table of contents**
 
@@ -42,80 +42,90 @@ the browser and in http logs.
 Installation
 ============
 
-This module depends on the `python-jose <https://pypi.org/project/python-jose/>`__
-library, not to be confused with ``jose`` which is also available on PyPI.
+This module depends on the
+`python-jose <https://pypi.org/project/python-jose/>`__ library, not to
+be confused with ``jose`` which is also available on PyPI.
 
 Configuration
 =============
 
 Setup for Microsoft Azure
-~~~~~~~~~~~~~~~~~~~~~~~~~
+-------------------------
 
 Example configuration with OpenID Connect authorization code flow.
 
-# configure a new web application in Azure with OpenID and code flow (see
-  the `provider documentation
-  <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider)>`_)
-# in this application the redirect url must be be "<url of your
-  server>/auth_oauth/signin" and of course this URL should be reachable from
-  Azure
-# create a new authentication provider in Odoo with the following
-  parameters (see the `portal documentation
-  <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings>`_
-  for more information):
+1. configure a new web application in Azure with OpenID and code flow
+   (see the `provider
+   documentation <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider>`__))
 
-.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png
+2. in this application the redirect url must be be "<url of your
+   server>/auth_oauth/signin" and of course this URL should be reachable
+   from Azure
 
-.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png
+3. create a new authentication provider in Odoo with the following
+   parameters (see the `portal
+   documentation <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings>`__
+   for more information):
 
-Single tenant provider limits the access to user of your tenant,
-while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login
-without an guest account.
+|image|
 
-* Provider Name: Azure AD Single Tenant
-* Client ID: Application (client) id
-* Client Secret: Client secret
-* Allowed: yes
+|image1|
 
-or
+Single tenant provider limits the access to user of your tenant, while
+Multitenants allow access for all AzureAD users, so user of foreign
+companies can use their AzureAD login without an guest account.
+
+-  Provider Name: Azure AD Single Tenant
+-  Client ID: Application (client) id
+-  Client Secret: Client secret
+-  Allowed: yes
 
-* Provider Name: Azure AD Multitenant
-* Client ID: Application (client) id
-* Client Secret: Client secret
-* Allowed: yes
-* replace {tenant_id} in urls with your Azure tenant id
+or
 
-.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png
+-  Provider Name: Azure AD Multitenant
+-  Client ID: Application (client) id
+-  Client Secret: Client secret
+-  Allowed: yes
+-  replace {tenant_id} in urls with your Azure tenant id
 
+|image2|
 
 Setup for Keycloak
-~~~~~~~~~~~~~~~~~~
+------------------
 
 Example configuration with OpenID Connect authorization code flow.
 
 In Keycloak:
 
-# configure a new Client
-# make sure Authorization Code Flow is Enabled.
-# configure the client Access Type as "confidential" and take note of the client secret in the Credentials tab
-# configure the redirect url to be "<url of your server>/auth_oauth/signin"
+1. configure a new Client
+2. make sure Authorization Code Flow is Enabled.
+3. configure the client Access Type as "confidential" and take note of
+   the client secret in the Credentials tab
+4. configure the redirect url to be "<url of your
+   server>/auth_oauth/signin"
 
 In Odoo, create a new Oauth Provider with the following parameters:
 
-* Provider name: Keycloak (or any name you like that identify your keycloak
-  provider)
-* Auth Flow: OpenID Connect (authorization code flow)
-* Client ID: the same Client ID you entered when configuring the client in Keycloak
-* Client Secret: found in keycloak on the client Credentials tab
-* Allowed: yes
-* Body: the link text to appear on the login page, such as Login with Keycloak
-* Scope: openid email
-* Authentication URL: The "authorization_endpoint" URL found in the
-  OpenID Endpoint Configuration of your Keycloak realm
-* Token URL: The "token_endpoint" URL found in the
-  OpenID Endpoint Configuration of your Keycloak realm
-* JWKS URL: The "jwks_uri" URL found in the
-  OpenID Endpoint Configuration of your Keycloak realm
+-  Provider name: Keycloak (or any name you like that identify your
+   keycloak provider)
+-  Auth Flow: OpenID Connect (authorization code flow)
+-  Client ID: the same Client ID you entered when configuring the client
+   in Keycloak
+-  Client Secret: found in keycloak on the client Credentials tab
+-  Allowed: yes
+-  Body: the link text to appear on the login page, such as Login with
+   Keycloak
+-  Scope: openid email
+-  Authentication URL: The "authorization_endpoint" URL found in the
+   OpenID Endpoint Configuration of your Keycloak realm
+-  Token URL: The "token_endpoint" URL found in the OpenID Endpoint
+   Configuration of your Keycloak realm
+-  JWKS URL: The "jwks_uri" URL found in the OpenID Endpoint
+   Configuration of your Keycloak realm
+
+.. |image| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-api_permissions.png
+.. |image1| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-optional_claims.png
+.. |image2| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/odoo-azure_ad_multitenant.png
 
 Usage
 =====
@@ -125,26 +135,28 @@ On the login page, click on the authentication provider you configured.
 Known issues / Roadmap
 ======================
 
-* When going to the login screen, check for a existing token and do a direct login without the clicking on the SSO link
-* When doing a logout an extra option to also logout at the SSO provider.
+-  When going to the login screen, check for a existing token and do a
+   direct login without the clicking on the SSO link
+-  When doing a logout an extra option to also logout at the SSO
+   provider.
 
 Changelog
 =========
 
 14.0.1.0.0 2021-12-10
-~~~~~~~~~~~~~~~~~~~~~
+---------------------
 
-* Odoo 14 migration
+-  Odoo 14 migration
 
 13.0.1.0.0 2020-04-10
-~~~~~~~~~~~~~~~~~~~~~
+---------------------
 
-* Odoo 13 migration, add authorization code flow.
+-  Odoo 13 migration, add authorization code flow.
 
 10.0.1.0.0 2018-10-05
-~~~~~~~~~~~~~~~~~~~~~
+---------------------
 
-* Initial implementation
+-  Initial implementation
 
 Bug Tracker
 ===========
@@ -160,21 +172,21 @@ Credits
 =======
 
 Authors
-~~~~~~~
+-------
 
 * ICTSTUDIO
 * André Schenkels
 * ACSONE SA/NV
 
 Contributors
-~~~~~~~~~~~~
+------------
 
-* Alexandre Fayolle <[email protected]>
-* Stéphane Bidoul <[email protected]>
-* David Jaen <[email protected]>
+-  Alexandre Fayolle <[email protected]>
+-  Stéphane Bidoul <[email protected]>
+-  David Jaen <[email protected]>
 
 Maintainers
-~~~~~~~~~~~
+-----------
 
 This module is maintained by the OCA.
 

auth_oidc/__manifest__.py

@@ -4,7 +4,7 @@
 
 {
     "name": "Authentication OpenID Connect",
-    "version": "16.0.1.0.1",
+    "version": "16.0.1.0.2",
     "license": "AGPL-3",
     "author": (
         "ICTSTUDIO, André Schenkels, "

auth_oidc/readme/CONFIGURE.md

@@ -0,0 +1,72 @@
+## Setup for Microsoft Azure
+
+Example configuration with OpenID Connect authorization code flow.
+
+1. configure a new web application in Azure with OpenID and code flow (see
+the [provider
+documentation](https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider)))
+
+2. in this application the redirect url must be be "\<url of your
+server\>/auth_oauth/signin" and of course this URL should be reachable
+from Azure
+
+3. create a new authentication provider in Odoo with the following
+parameters (see the [portal
+documentation](https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings)
+for more information):
+
+![image](../static/description/oauth-microsoft_azure-api_permissions.png)
+
+![image](../static/description/oauth-microsoft_azure-optional_claims.png)
+
+Single tenant provider limits the access to user of your tenant, while
+Multitenants allow access for all AzureAD users, so user of foreign
+companies can use their AzureAD login without an guest account.
+
+- Provider Name: Azure AD Single Tenant
+- Client ID: Application (client) id
+- Client Secret: Client secret
+- Allowed: yes
+
+or
+
+- Provider Name: Azure AD Multitenant
+- Client ID: Application (client) id
+- Client Secret: Client secret
+- Allowed: yes
+- replace {tenant_id} in urls with your Azure tenant id
+
+![image](../static/description/odoo-azure_ad_multitenant.png)
+
+## Setup for Keycloak
+
+Example configuration with OpenID Connect authorization code flow.
+
+In Keycloak:
+
+1. configure a new Client
+2. make sure Authorization Code Flow is
+Enabled.
+3. configure the client Access Type as "confidential" and take
+note of the client secret in the Credentials tab
+4. configure the
+redirect url to be "\<url of your server\>/auth_oauth/signin"
+
+In Odoo, create a new Oauth Provider with the following parameters:
+
+- Provider name: Keycloak (or any name you like that identify your
+  keycloak provider)
+- Auth Flow: OpenID Connect (authorization code flow)
+- Client ID: the same Client ID you entered when configuring the client
+  in Keycloak
+- Client Secret: found in keycloak on the client Credentials tab
+- Allowed: yes
+- Body: the link text to appear on the login page, such as Login with
+  Keycloak
+- Scope: openid email
+- Authentication URL: The "authorization_endpoint" URL found in the
+  OpenID Endpoint Configuration of your Keycloak realm
+- Token URL: The "token_endpoint" URL found in the OpenID Endpoint
+  Configuration of your Keycloak realm
+- JWKS URL: The "jwks_uri" URL found in the OpenID Endpoint
+  Configuration of your Keycloak realm

auth_oidc/readme/CONTRIBUTORS.md

@@ -0,0 +1,3 @@
+- Alexandre Fayolle \<<[email protected]>\>
+- Stéphane Bidoul \<<[email protected]>\>
+- David Jaen \<<[email protected]>\>

auth_oidc/readme/DESCRIPTION.rst → auth_oidc/readme/DESCRIPTION.md

@@ -1,5 +1,5 @@
-This module allows users to login through an OpenID Connect provider using the
-authorization code flow or implicit flow.
+This module allows users to login through an OpenID Connect provider
+using the authorization code flow or implicit flow.
 
-Note the implicit flow is not recommended because it exposes access tokens to
-the browser and in http logs.
+Note the implicit flow is not recommended because it exposes access
+tokens to the browser and in http logs.