tabby-web icon indicating copy to clipboard operation
tabby-web copied to clipboard

Published 20 hours ago verified publisher icon Eugeny

Keycloak support

Open ghost opened this issue 3 years ago • 5 comments

For a great open source commitment, add support for Keycloak (oidc).

ghost avatar Apr 23 '22 09:04 ghost

+1 Well, not necessarily keycloack but I suppose the ability to use custom oauth/oidc providers would make me install this in my homelab right now

nlahmi avatar Sep 30 '22 12:09 nlahmi

I have removed the default social login method and implemented OIDC in my fork. To enable this, the following environment variables should be set:

  • SOCIAL_AUTH_OIDC_OIDC_ENDPOINT: URL of your oidc provider. Please note that the other config is auto-detected, so be sure that <SOCIAL_AUTH_OIDC_OIDC_ENDPOINT>/.well-known/openid-configuration presents and contains the necessary information.
  • SOCIAL_AUTH_OIDC_KEY: Client ID
  • SOCIAL_AUTH_OIDC_SECRET: Client secrets

And the redirection URL will be: https://<Tabby>/api/1/auth/social/complete/oidc/

kaaass avatar Jan 16 '23 03:01 kaaass

Nice! why not PR it?

nlahmi avatar Jan 16 '23 23:01 nlahmi

I can only double the comment from @nlahmi, why not PR it here @kaaass?

matbgn avatar Feb 26 '23 03:02 matbgn

It's mainly because my patch removed other default social login methods (Github, Microsoft, ...) for convenience. It's okay for self-hosting, but from README, since this repository "is the exact code that runs at https://tabby.sh/," removing them might not be a good idea. I could re-add them again, but that means I need to implement something to enable/disable the login method (tabby.sh doesn't need OIDC), including the frontend stuff. Since I'm unfamiliar with angular (the frontend framework tabby-web use), I just hardcoded the OIDC login button in my fork, which is unconfigurable thus might not be a good idea to PR this.

kaaass avatar Feb 26 '23 03:02 kaaass