这是用户在 2024-7-9 9:47 为 https://remark42.com/docs/configuration/authorization/ 保存的双语快照页面,由 沉浸式翻译 提供双语支持。了解如何保存?
Remark42

Authorization 授权

OAuth Providers OAuth 提供商

Authentication is handled by external providers. You should set up OAuth2 for at least one to allow users to comment. It is not mandatory to have all of them, but one should be correctly configured.
身份验证由外部提供商处理。您应至少设置一个 OAuth2 以允许用户评论。并非必须全部配置,但至少应正确配置一个。

Apple 苹果

  1. Log in to the developer account.
    登录开发者账户。
  2. If you don't have an App ID yet, create one. Later on, you'll need TeamID, which is an "App ID Prefix" value.
    如果你还没有应用程序 ID,请创建一个。稍后,你将需要 TeamID,这是一个“应用程序 ID 前缀”值。
  3. Enable the "Sign in with Apple" capability for your App ID in the Certificates, Identifiers & Profiles section.
    在证书、标识符和配置文件部分为您的应用程序 ID 启用“使用 Apple 登录”功能。
  4. Create Service ID and bind with App ID from the previous step. Apple will display the description field value to end-users on sign-in. You'll need that service Identifier as a ClientID later on.
    创建服务 ID 并与上一步的应用 ID 绑定。Apple 将在登录时向终端用户显示描述字段的值。稍后您将需要该服务标识符作为 ClientID。
  5. Configure "Sign in with Apple" for created Service ID. Add the domain where you will use that auth to "Domains and subdomains" and its main page URL (like https://example.com/ to "Return URLs".
    配置“使用 Apple 登录”以创建服务 ID。将您将使用该身份验证的域添加到“域和子域”以及其主页 URL(如 https://example.com/ 到“返回 URL”)。
  6. Register a New Key (private key) for the "Sign in with Apple" feature and download it, you'll need to put it to /srv/var/apple.p8 path inside the container. Also, write down the private Key ID.
    注册一个新的密钥(私钥)用于“使用 Apple 登录”功能并下载它,你需要将其放入容器内的 /srv/var/apple.p8 路径。同时,记下私钥 ID。
  7. Add your Remark42 domain name and sender email in the Certificates, Identifiers & Profiles >> More section as a new Email Source.
    在“证书、标识符和配置文件”>>“更多”部分中,添加您的 Remark42 域名和发件人电子邮件作为新的电子邮件来源。

After completing the previous steps, you can configure the Apple auth provider. You'll need to set the following environment variables:
完成前面的步骤后,您可以配置 Apple 身份验证提供程序。您需要设置以下环境变量:

  • AUTH_APPLE_CID (required) - Client ID
    AUTH_APPLE_CID (必填)- 客户 ID
  • AUTH_APPLE_TID (required) - Team ID
    AUTH_APPLE_TID (必填)- 团队 ID
  • AUTH_APPLE_KID (required) - Private Key ID
    AUTH_APPLE_KID (必填)- 私钥 ID
  • AUTH_APPLE_PRIVATE_KEY_FILEPATH (default /srv/var/apple.p8) - Private key file location
    AUTH_APPLE_PRIVATE_KEY_FILEPATH (默认 /srv/var/apple.p8 )- 私钥文件位置

Facebook 脸书

  1. Open the list of apps on the Facebook Developers Platform
    打开 Facebook 开发者平台上的应用列表
  2. Create a new app with this manual or use an existing app
    创建一个新应用程序,或使用现有的应用程序
  3. Open your app and choose "Facebook Login" and then "Web"
    打开你的应用程序,选择“Facebook 登录”,然后选择“网页”
  4. Set "Site URL" to your domain, e.g., https://remark42.mysite.com
    将“站点 URL”设置为您的域名,例如, https://remark42.mysite.com
  5. Under "Facebook login"/"Settings" fill in "Valid OAuth redirect URIs" with your callback URL constructed as domain plus /auth/facebook/callback, e.g. https://remark42.mysite.com/auth/facebook/callback
    在“Facebook 登录”/“设置”中,将“有效的 OAuth 重定向 URI”填写为您的回调 URL,格式为域名加上 /auth/facebook/callback ,例如 https://remark42.mysite.com/auth/facebook/callback
  6. Select "App Review" and turn the public flag on. This step may ask you to provide a link to your privacy policy
    选择“应用审核”并打开公共标志。此步骤可能会要求您提供隐私政策的链接。
  7. Write down the client ID and secret as AUTH_FACEBOOK_CID and AUTH_FACEBOOK_CSEC
    将客户端 ID 和密钥写下为 AUTH_FACEBOOK_CIDAUTH_FACEBOOK_CSEC

GitHub

  1. Create a new "OAuth App": https://github.com/settings/developers
    创建一个新的“OAuth 应用”:https://github.com/settings/developers
  2. Fill "Application Name" and "Homepage URL" for your site
    填写“应用名称”和“主页网址”以供您的网站使用
  3. Under "Authorization callback URL" enter the correct URL constructed as domain + /auth/github/callback, i.e., https://remark42.mysite.com/auth/github/callback
    在“授权回调 URL”下输入正确的 URL,格式为域名 + /auth/github/callback ,即 https://remark42.mysite.com/auth/github/callback
  4. Take note of the Client ID (as AUTH_GITHUB_CID) and Client Secret (AUTH_GITHUB_CSEC)
    请注意客户端 ID(如 AUTH_GITHUB_CID )和客户端密钥( AUTH_GITHUB_CSEC

Google 谷歌

  1. Create a new project: https://console.cloud.google.com/projectcreate
    创建一个新项目:https://console.cloud.google.com/projectcreate

  2. Choose the new project from the top right project dropdown (only if another project is selected)
    从右上角的项目下拉菜单中选择新项目(仅当选择了其他项目时)

  3. In the project Dashboard center pane, choose "APIs & Services"
    在项目仪表板中心窗格中,选择“API 和服务”

  4. In the left Nav pane, choose "Credentials"
    在左侧导航窗格中,选择“凭证”

  5. In the center pane, choose the "OAuth consent screen" tab.
    在中心窗格中,选择“OAuth 同意屏幕”选项卡。

    • Select "External" and click "Create"
      选择“外部”并点击“创建”
    • Fill in "App name" and select User support email
      填写“应用名称”并选择用户支持电子邮件
    • Upload a logo, if you want to
      如果你愿意,可以上传一个标志
    • In the App Domain section:
      在应用域部分:
      • Application home page - your site URL, e.g., https://mysite.com
        应用主页 - 您的网站 URL,例如 https://mysite.com
      • Application privacy policy link - /web/privacy.html of your Remark42 installation, e.g. https://remark42.mysite.com/web/privacy.html (please check that it works)
        应用隐私政策链接 - /web/privacy.html 的 Remark42 安装,例如 https://remark42.mysite.com/web/privacy.html (请检查其是否有效)
      • Terms of service - leave empty
        服务条款 - 留空
    • Authorized domains - your site domain, e.g., mysite.com
      授权域 - 您的网站域,例如 mysite.com
    • Developer contact information - add your email, and then click Save and continue
      开发者联系信息 - 添加您的电子邮件,然后点击保存并继续
    • On the Scopes tab, just click Save and continue
      在“范围”选项卡上,只需点击“保存并继续”
    • On the Test users, add your email, then click Save and continue
      在测试用户中,添加您的电子邮件,然后点击保存并继续
    • Before going to the next step, set the app to "Production" and send it to verification
      在进行下一步之前,将应用程序设置为“生产”并发送进行验证

  6. In the center pane, choose the "Credentials" tab
    在中心窗格中,选择“凭证”选项卡

    • Open the "Create credentials" drop-down
      打开“创建凭据”下拉菜单
    • Choose "OAuth client ID" 选择“OAuth 客户端 ID”
    • Choose "Web application" 选择“Web 应用程序”
    • Application Name is freeform; choose something appropriate, like "Comments on mysite.com"
      应用名称是自由形式的;选择一些合适的,比如“mysite.com 上的评论”
    • Authorized JavaScript Origins should be your domain, e.g., https://remark42.mysite.com
      授权的 JavaScript 来源应是您的域,例如 https://remark42.mysite.com
    • Authorized redirect URIs is the location of OAuth2/callback constructed as domain + /auth/google/callback, e.g., https://remark42.mysite.com/auth/google/callback
      授权重定向 URI 是 OAuth2/callback 的位置,构造为域名 + /auth/google/callback ,例如, https://remark42.mysite.com/auth/google/callback
    • Click "Create" 点击“创建”

  7. Take note of the Client ID (AUTH_GOOGLE_CID) and Client Secret (AUTH_GOOGLE_CSEC)
    请注意客户端 ID ( AUTH_GOOGLE_CID ) 和客户端密钥 ( AUTH_GOOGLE_CSEC )

instructions for Google OAuth2 setup borrowed from oauth2_proxy
Google OAuth2 设置说明借用自 oauth2_proxy

Microsoft 微软

  1. Register a new application using the Azure portal
    在 Azure 门户中注册一个新应用程序
  2. Under "Authentication/Platform configurations/Web" enter the correct URL constructed as domain + /auth/microsoft/callback, i.e., https://example.mysite.com/auth/microsoft/callback
    在“身份验证/平台配置/网络”下,输入构建为域名 + /auth/microsoft/callback 的正确 URL,即 https://example.mysite.com/auth/microsoft/callback
  3. In "Overview" take note of the Application (client) ID (AUTH_MICROSOFT_CID)
    在“概述”中注意应用程序(客户端)ID( AUTH_MICROSOFT_CID
  4. Choose the new project from the top right project dropdown (only if another project is selected)
    从右上角的项目下拉菜单中选择新项目(仅当选择了其他项目时)
  5. Select "Certificates & secrets" and click on "+ New Client Secret" (AUTH_MICROSOFT_CSEC)
    选择“证书和机密”并点击“+ 新建客户端机密”( AUTH_MICROSOFT_CSEC

Twitter 推特

Important: Twitter developer accounts created after November 15th 2021 need "Elevated access" to use the Standard v1.1 API routes required to work properly. Apply for this access from within the Twitter developer portal.
重要提示:2021 年 11 月 15 日之后创建的 Twitter 开发者账户需要“提升访问权限”才能使用标准 v1.1 API 路由以正常工作。请在 Twitter 开发者门户中申请此访问权限。

  1. Create a new Twitter application https://developer.twitter.com/en/apps
    创建一个新的 Twitter 应用程序 https://developer.twitter.com/en/apps
  2. Fill App name, Description and URL of your site
    填写应用名称、描述和您网站的 URL
  3. In the field Callback URLs enter the correct URL of your callback handler, e.g. domain + /auth/twitter/callback
    在字段回调 URL 中输入回调处理程序的正确 URL,例如域名 + /auth/twitter/callback
  4. Under Key and tokens take note of the Consumer API Key and Consumer API Secret key. Those will be used as AUTH_TWITTER_CID and AUTH_TWITTER_CSEC
    在密钥和令牌下,记下消费者 API 密钥和消费者 API 密钥秘密。这些将用作 AUTH_TWITTER_CIDAUTH_TWITTER_CSEC

Yandex

  1. Create a new "OAuth App": https://oauth.yandex.com/client/new
    创建一个新的 "OAuth 应用程序":https://oauth.yandex.com/client/new
  2. Fill "App name" for your site
    为您的网站填写“应用名称”
  3. Under Platforms select "Web services" and enter "Callback URI #1" constructed as domain + /auth/yandex/callback, i.e., https://remark42.mysite.com/auth/yandex/callback
    在平台下选择“Web 服务”,并输入构建为域名 + /auth/yandex/callback 的“回调 URI #1”,即 https://remark42.mysite.com/auth/yandex/callback
  4. Select Permissions. You need the following permissions only from the "Yandex.Passport API" section:
    选择权限。您只需要来自“Yandex.Passport API”部分的以下权限:
  • Access to the user avatar
    访问用户头像
  • Access to username, first name and surname, gender
    访问用户名、名字和姓氏、性别
  1. Fill out the rest of the fields if needed
    如有需要,请填写其余字段
  2. Take note of the ID (AUTH_YANDEX_CID) and Password (AUTH_YANDEX_CSEC)
    请注意 ID( AUTH_YANDEX_CID )和密码( AUTH_YANDEX_CSEC

For more details refer to Yandex OAuth and Yandex.Passport API documentation.
有关更多详细信息,请参阅 Yandex OAuth 和 Yandex.Passport API 文档。

Patreon

  1. Create a new Patreon client https://www.patreon.com/portal/registration/register-clients
    创建一个新的 Patreon 客户端 https://www.patreon.com/portal/registration/register-clients
  2. Fill App Name, Description
    填写应用名称,描述
  3. In the field Redirect URIs enter the correct URI constructed as domain + /auth/patreon/callback, i.e., https://example.mysite.com/auth/patreon/callback
    在“重定向 URI”字段中输入构造为域名 + /auth/patreon/callback 的正确 URI,即 https://example.mysite.com/auth/patreon/callback
  4. Expand client details and note the Client ID and Client Secret. Those will be used as AUTH_PATREON_CID and AUTH_PATREON_CSEC
    展开客户详细信息并记下客户 ID 和客户密钥。它们将用作 AUTH_PATREON_CIDAUTH_PATREON_CSEC

Telegram 电报

  1. Contact @BotFather and follow his instructions to create your bot (call it, for example, "My site auth bot")
    联系 @BotFather 并按照他的指示创建你的机器人(例如,称它为“我的网站认证机器人”)
  2. Write down the resulting token as TELEGRAM_TOKEN into remark42 config, and also set AUTH_TELEGRAM to true to enable telegram auth for your users.
    将生成的令牌写入 remark42 配置中的 TELEGRAM_TOKEN ,并将 AUTH_TELEGRAM 设置为 true 以启用用户的电报认证。

Anonymous 匿名

Optionally, anonymous access can be turned on. In this case, an extra anonymous provider will allow logins without any social login with any name satisfying two conditions:
可选地,可以开启匿名访问。在这种情况下,一个额外的 anonymous 提供者将允许在满足两个条件的情况下使用任何名称进行登录,而无需任何社交登录。

  • the name should be at least three characters long
    名称应至少包含三个字符
  • the name has to start from the letter and contains letters, numbers, underscores and spaces only**
    名称必须以字母开头,并且只能包含字母、数字、下划线和空格**