openvsx
openvsx copied to clipboard
eclipse
Support for additional Identity/Login Providers?
My team wishes to use one or more IdP that are not GitHub or Eclipse. Our immediate use case is for Azure AD, but we will likely want to use an on-prem IdP (likely Keycloak) at some point in the future as well.
We would be looking (for the time being) at making it possible to change the IdP to something other than GitHub, but not addign support for multiple IdP. Is this something that you would be interested in having us contribute back to your code base?
+1 for Keycloak. It would be nice to decouple user management from the registry.
Yes, support for more authentication providers is definitely in the scope of this project, and contributions are welcome!
There is one challenge, though: we currently have a home-grown login handling because we need to support both GitHub and Eclipse OAuth login for the public instance running at open-vsx.org. If it's possible, I would be ok with a solution that keeps the current implementation for the public instance, but switches to something more generic for other instances (this could be controlled via application.yml properties).
@zlweicoder I have a working prototype/draft for Keycloak integration. It's been a couple months since I last worked on it. I'll commit the changes and link the branch here. Maybe somebody else can pick it up.
This is the Keycloak integration branch: https://github.com/amvanbaren/openvsx/tree/feature/issue-337
Hi There,
Is there any plan to merge the keycloak branch with openvsx and there are lot of dependencies and changes has been done. If someone can pick do it then would be great.
HI Amvanbaren,
I want to know any plan in coming days to integrate the branch with keycloak support into openvsx
Hi @guddu121, no there are currently no plans to merge the keycloak branch with openvsx. AFAIK this feature is still a prototype/draft. @zlweicoder did you work on keycloak integration?
Hi @amvanbaren @zlweicoder , In my company , we were able to successfully fork the keycloak integration branch @amvanbaren had posted , run it locally and configure a simple login flow using basic auth.Our goal is to implement Gitlab Auth for OpenVSX.We have the following two options :
-
With Keycloak : If this feature branch (whihc is now quite behind "master" ) can be merged to "master" with all conflicts resolved. We will be happy to test it in our environment and fix any bugs that come up.
-
Without keycloak : IF there is no intention to bring keycloak branch upto master , then we will implement gitlab auth on top of the current "master" and will be happy to contribute that back as well.
Please let us know your recommendation
Hi @guddu121, no there are currently no plans to merge the keycloak branch with openvsx. AFAIK this feature is still a prototype/draft. @zlweicoder did you work on keycloak integration?
sorry, I haven't had a chance working on it yet.
We're very keen to host our own copy of OpenVSX and have it work with our self hosted GitLab. I'd rather not have to fork the project. Any word on when we can expect this? Auth with GitHub and Eclipse alone does not work for us.
@ChevronTango Glad to see you and your team are interested. We'd love to see you all take the work on the branch @amvanbaren mentions above and finish it off in your deployment. Comeback with your findings and possibly a PR. Right now finishing this work simply isn't a priority for us.
Also, wanted to make sure you'd seen this announcement about the future of open-vsx.org: https://blogs.eclipse.org/post/john-kellerman/help-us-sustain-open-vsxorg
Can may be somebody have a look at https://github.com/eclipse/openvsx/pull/838? This would greatly improve the support of additional providers.
