glance icon indicating copy to clipboard operation
glance copied to clipboard

Published 20 hours ago verified publisher icon glanceapp

FEATURE: Add auth

Open GunniBusch opened this issue 1 year ago • 6 comments

Hi, would it be possible to add some kind of auth like email/password and or oauth? Then we could host this also at a remote location.

GunniBusch avatar May 23 '24 06:05 GunniBusch

The built-in auth is complicated. Some authentication information needs to be stored within the system, and persistence needs to be considered

Shouldn't Glance be viewed as an all-around system; as an adhesive between multiple systems, it is more in line with the business positioning?

If it should be used as an adhesive, can an interface be defined to connect to an existing authentication service in the form of an interface to achieve auth

Such as

type AuthConfig struct {
	// RedirectURL is the URL to redirect the user to when they need to log in.
	LoginRedirectURL string
	// IsAuthenticatedURL is the URL to check if the user is authenticated.
	IsAuthenticatedURL string
}

type Auth interface {
	// IsAuthenticated returns true if the user is authenticated.
	IsAuthenticated(macAddress string) (bool, error)
	// JumpToLogin redirects the user to the login page.
	JumpToLogin(macAddress string) error
}

helloteemo avatar May 23 '24 09:05 helloteemo

I am not sure if glance needs auth tbh, as most of the information is public anyway. You could argue that the collection of the given information in one pot makes it kinda data sensitive. But thats up to the maintainers.

Anyways, in the meantime you can use this to get oauth up and running without glance implementing auth: https://github.com/oauth2-proxy/oauth2-proxy

flamestro avatar May 23 '24 20:05 flamestro

Hey, thanks for the suggestion!

Unfortunately I don't plan on adding auth for the time being, though you can easily overcome this limitation by using something like Authelia or Authentik.

svilenmarkov avatar May 25 '24 03:05 svilenmarkov

A BasicAuth option should be enough right? At least, a first initial option. I'm not familiar with go. So I can't help here.

adrian-goe avatar Jun 28 '24 20:06 adrian-goe

My suggestion is that authentication might be best handled by something like Authelia or KeyCloak. The former also can be made to handle basic-auth (mainly for programmatic endpoints) as well.

2q2code avatar Feb 12 '25 23:02 2q2code

Happy to see this getting traction. Would be really nice to be able to use it with something low drag like Pocket-ID as well. Thank you!

Gliese-667 avatar May 02 '25 11:05 Gliese-667