CorentinTh
Using Authentik for auth ??
What type of request is this?
Self-hosting improvement
Clear and concise description of the feature you are proposing
Hello, Is it possible to be authenticated by a 3rd party apps like Authentik when using it-tools ? Thx
Is their example of this tool in the wild?
Code-server, Gotify, Uptime-Kuma are all working when using Authentik (have to remove the auth)
Additional context
No response
Validations
- [x] Check the feature is not already implemented in the project.
- [x] Check that there isn't already an issue that request the same feature to avoid creating a duplicate.
- [x] Check that the feature can be implemented in a client side only app (IT-Tools is client side only, no server).
Hi @ThierryIT , it probably could be. It tools is a client side only app with really no backend. I'm curious to know why will oauth2 be useful ?
@ThierryIT i'm running it fine with authentik. whats the error or situation you're seeing? in my experience though it-tools has a lot of built in caching so you'll need to clear cache and hard reload when you're authenkating (pun intended) so that the url params are actually passed down to authentik
wrote up something about the "expired auth cached state" here: https://github.com/CorentinTh/it-tools/issues/1291#issuecomment-2625037935
Hi @gitmotion , but you patched something some were ? (in case, I will apply to my fork to)
Hi @gitmotion , but you patched something some were ? (in case, I will apply to my fork to)
hey! yeahh i think i remember that one but i closed that pr. i was trying to add the package as a direct import but i believe the real problem is actually how the caching works on IT tools. probably returns a 200 response and doesn't redirect to complete the authentik authentication. so without the authentication from authentik the tool isn't able to load because it's forbidden to access assets at that point which it laid out the workaround in my comment in #1291
so it's with the caching - pros and cons though, not really a problem. personally i like the caching just doesn't play well with authentik
some ideas of possible solutions:
- fix forwarding the response / redirect after logging in with authentik instead of presenting the cached page. this is probably the real solution but i haven't looked into it yet so not sure if it's possible
- add /assets to the unauthenticated paths in authentik - less desired but works, not sure if it's a huge issue exposing assets like that but it just depends on your threat tolerance and setup
Hi @gitmotion , ok so nothing to integrate in code to make "relation" with authentik ? may be make a build option for pwa with no cache...
Hi @gitmotion , ok so nothing to integrate in code to make "relation" with authentik ? may be make a build option for pwa with no cache...
ooh haven't had time to look at it but that makes sense that it could be related to the pwa cache i can take another look at it soon but i guess it theoretically could be no cache/forwarding or a mix 👍🏼
was there any updates on a perminant fix for this other than the double force refresh?
assuming you're already hosting it-tools behind a reverse proxy, you can configure forward-auth and enforce authentication from the reverse proxy
- Official guides with nginx. Guides with other reverse proxy setups are available
- Step-by-step setup guide with nginx-proxy-manager
I honestly question why you'd want this. The site client only and doesn't make any calls externally
Hi @jogerj , @ThierryIT , @gitmotion , @adampaynetech , added info from @jogerj to my readme fork: https://github.com/sharevb/it-tools?tab=readme-ov-file#to-add-authentication
And if you arr interested in up to date version of it-tools, I made kind of a fork here : https://github.com/sharevb/it-tools (https://sharevb-it-tools.vercel.app/ and docker images https://github.com/sharevb/it-tools/pkgs/container/it-tools)