WriteFreely supports OIDC authentication through Oauth2.
In order to configure Oauth2 for WriteFreely, you may copy then paste the following lines directly into your WriteFreely config.ini and restart.
[oauth.generic]
client_id = {{ service.config["client_id"] }}
client_secret = {{ service.config["client_secret"] }}
host = {{ url_for('account.home', _external=True).split('/account')[0] }}
display_name = Hiboo
callback_proxy =
callback_proxy_api =
token_endpoint = {{ url_for("sso.oidc_token", service_uuid=service.uuid, _external=False) }}
inspect_endpoint = {{ url_for("sso.oidc_userinfo", service_uuid=service.uuid, _external=False) }}
auth_endpoint = {{ url_for("sso.oidc_authorize", service_uuid=service.uuid, _external=False) }}
If you are running an existing WriteFreely server, you may import your existing accounts as claimable profiles under Hiboo.
Accounts are stored in the users
table of the database.
The following SQL query exports username and password hash to a CSV file.
Hiboo will recognize the hash as it use a proper crypt context hash identifier
use writefreely;
select
username, password from users
into
outfile 'usersWF.csv'
fields terminated by ',';
Run the following command to import these profiles as unclaimed:
flask profile csv-unclaimed {{ service.uuid }} /var/lib/mysql/writefreely/usersWF.csv
Now we need to attach created unclaimed profiles to Writefreely users (as writefreely don't use Oauth2
profile name but only profile uuid).
Click on "View profiles" on top of this page and click on
"Export unclaimed profiles", save the csv file in /var/lib/mysql/writefreely/unclaimedWF.csv
.
Use this script on Writefreely database:
use writefreely;
CREATE TABLE tmp_hiboo (
service_client_id VARCHAR(36) NOT NULL,
profile_name VARCHAR(36) NOT NULL,
profile_uuid VARCHAR(36) NOT NULL,
PRIMARY KEY (profile_uuid)
);
LOAD DATA INFILE 'unclaimedWF.csv'
INTO TABLE tmp_hiboo
FIELDS TERMINATED BY ','
ENCLOSED BY '"'
LINES TERMINATED BY '\n'
IGNORE 1 ROWS;
INSERT INTO oauth_users (user_id, remote_user_id, provider, client_id)
SELECT wf.id, h.profile_uuid, 'generic', h.service_client_id
FROM tmp_hiboo h
left join
users wf
ON h.profile_name = wf.username
where NOT EXISTS
(
SELECT 1
FROM oauth_users oau
WHERE wf.id = oau.user_id
);
drop table tmp_hiboo;
{% include "application_oidc.html" %}