gamevault-backend icon indicating copy to clipboard operation
gamevault-backend copied to clipboard

Published 20 hours ago verified publisher icon Phalcode

Support for SSO

Open Sapd opened this issue 1 year ago • 4 comments

Cool Project :)

I want to suggest that you also support SSO for user registration and authentication. It gets more and more popular in stacks like Jellyfin (via Plugin), Jellyseerr, *arr, Portainer, Nextcloud etc. People often use Authentik, Authelia or Keycloak as software.

A standard - but probably complicated - way of implementing that would be OpenID.

An easy way is to leverage a Proxy Provider. Using Header authentficiation: https://goauthentik.io/docs/providers/proxy/header_authentication Or better, Forward auth: https://goauthentik.io/docs/providers/proxy/server_nginx With forward auth, authentik will redirect a request to its login page if not authenticated. Your app would have to open up a browser window and save the returned auth cookie, and send this cookie in further requests. When authentificated (via cookie) authentik will send a header with the username to the backend.

Overall, this makes user management of self-hosted apps much easier, especially when having many applications that are shared within the family.

Sapd avatar Jul 04 '23 09:07 Sapd

Agreed with this. A minimal proposal could be implementing a simple "import from ldap" feature to be manually run or automatically run on a schedule which would populate the internal user table.

A more thorough implementation would be oidc. Or a simpler would be forward auth.

lenaxia avatar Jul 22 '23 02:07 lenaxia

It's cool. I'd love to see a PR here since I don't use such a service and wouldn't know how to incorporate them into the existing auth system without thorough research.

Alfagun74 avatar Jul 27 '23 05:07 Alfagun74

Agreed with this. A minimal proposal could be implementing a simple "import from ldap" feature to be manually run or automatically run on a schedule which would populate the internal user table.

A more thorough implementation would be oidc. Or a simpler would be forward auth.

OIDC/Oauth2 would allow anything with the proper provider(s).

gregistech avatar Jul 06 '24 08:07 gregistech

I believe that Forward Authentication is a non-viable solution, since this application relies on client apps. As for which solution would be better, I otherwise agree with the consensus, in that OIDC/Oauth2 would be the preferable option, with LDAP remaining a potentially easier solution.

DDriggs00 avatar Oct 02 '24 15:10 DDriggs00