-
-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP/SSO/IdP for authentication #47
Comments
This is probably several different features as there are many different things that could be implemented and self-hosters likely already have their own preferred solution. It is probably crazy to try to implement everything, but here is some brainstorming of things I have used/considered that could be implemented as part of this:
|
For broadest coverage with least implementation effort, Based on my pretty light understanding of the code, this would be a pretty straightforward alteration to |
Moving a related request over here – having the ability to disable signups for now would be a great first step. I'd like to expose my Fasten instance to family members without risking some random person attempting to load their health data into the NUC in my office. 😂 |
Hm… so just to clarify: OpenID Connect (OIDC) is directly based on OAuth 2.0 and probably the best option for SSO nowadays. Older application have certain providers separately but mostly this shouldn't be necessary. See for instance how Mattermost describes this:
Modern applications just allow to set all parameters and they don't care about who's well known and who isn't (i.e. Stalwart, Nextcloud, Vikunja, Tolgee or Penpot). So having all configuration parameters available (maybe even just via ENV variables like Penpot does it) will enable 1., 2. and 3. out of the box.
TL:DR: I don't see any point in implementing anything else than generic OIDC as a start. Everything else can be connected via other application that are already matured and secure. There are also quite a few OIDC packages for Go available (i.e. go-oidc or this one). |
https://discord.com/channels/1023634406935642223/1023634407480885400/1099367475184926740
The text was updated successfully, but these errors were encountered: