[FEATURE] Generic OIDC login auth #703
Comments
|
This issue is stale because it has been open for 30 days with no activity. Remove the stale label or comment on this issue, otherwise it would be closed in 5 days. |
|
Not sure what the process to track feature requests is, but are github issues the right place? |
|
This is most definitely the place, but I'm just not sure about what OIDC Auth is well enough to implement it within Reactive Resume's current authentication system. And also, it should be known that I would prioritize to implement features that would be useful on the both versions (managed + self-hosted) of the site than just the self-hosted one. If this does have more folks peeking interest, will reconsider implementing it. |
|
Sorry late reply :) Yeah that makes sense, having a quick poke around the code what we'd be after is a similar approach to https://github.com/AmruthPillai/Reactive-Resume/blob/main/server/src/auth/auth.service.ts#L110 but just using a more generic OIDC library than google's one, so that you can plug in a few extra variables like the auth endpoint! If I get some time I can have a go, but I wouldn't hold my breath :D |
|
Hi, @AmruthPillai Have you had a chance to implement this feature? Thanks! |
|
Not going to lie, I very much want to self host this for both myself and friends, but my own rule is that I won't host anything that doesn't have the ability to use SSO, so I hope this feature gets implemented at some point. It genuinely looks like an incredibly helpful and promising web app. |
|
Also interested in a OIDC. My concern is that anyone with the public url can create an account. Or is there a way to restict that? |
|
It would be fantastic to see this feature coming in the next releases! |
|
yeah OIDC would be nice to have |
|
Would love to see generic OIDC support implemented. Existing users in IDPs (Authentik here) would be able to login immediately, without having to create an account for something they may only use a handful of times. |
|
As a Authelia user, definitely a nice feature |
|
Also keen on this feature! |
|
@AmruthPillai please have a look at the linked PR! Looks good. |
Is your feature request related to a problem? Please describe.
Anyone self hosting this would have to store yet another username/password combination for their local user(s), like many others of us who self host apps, we might be running something like Keycloak or Authelia to centralise the authentication of our users.
Describe the solution you'd like
Ability to configure a Client ID & Client Secret as well as an OIDC auth domain that is used instead of Google, users who log in with this method and are not already registered will be automatically created (similar to the Google login functionality currently).
Describe alternatives you've considered
Possibly add a OIDC proxy/login page that forces user to be authenticated before being allowed to navigate to the website, but that authentication cannot be passed in/etc to the app, so it's kinda pointless.
The text was updated successfully, but these errors were encountered: