feat: OpenID Connect for Self Hosted Instance with God-Mode Implementation #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ation via the GodMode Interface
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is a replica of makeplane#3341 because a merge was not allowed.
This PR closes makeplane#1319 because it was more work to pull the current develop branch into the old branch than to just rebase the code from it into this one.
I tried to clean up the commit as good as possible.
This PR enables Authentication via OpenID Connect for Self-Hosted Instances. It can be configured via the Environment Variables (here it is also possible to do a Autodiscovery for the Endpoints if you set the issuer) or via the new God-Mode.
It also enables Auto-SignIn for OIDC so that the users don't have to click anything and are redirected directly if they aren't signed in yet. This can also be switched on or off via the God-Mode Interface.
Futhermore it also implements to be logged out to the End-Session Endpoint of the OpenID Provider.
It matches the user based on the email address. If a new user is created the username is set based on the preferred_username from the Identity Provider.
It has proven to work with Authentik and Keycloak.