authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

✨ Generic user based application config

Open OCram85 opened this issue 1 year ago • 2 comments

Is your feature request related to a problem? Please describe.

For now there is no easy generic way to solve the following use case:

✨ Publish and secure multiple instances of the same application type with a single proxy provider (forward auth) and bind it to a single user.

Example:

  • application instances

    • https://<userA>-codes-server.mylab.com
    • https://<userB>-codes-server.mylab.com
    • https://<userC>-codes-server.mylab.com
    • https://<userN>-codes-server.mylab.com

  • users

    • userA
    • userB
    • userC
    • userN

Describe the solution you'd like

It would be awesome to have a way generic way solve the described use case with an minimal amount of repetitive config required.

Without such feature you now have to repeat these steps for each application instance like code-server:

  • create a new proxy provider
    • with single application type
    • and external host https://<userA>-codes-server.mylab.com.
  • create a new application
    • provide app details
    • select the provider
  • activate the application in the embedded outpost
  • bind the app to an individual user
    • edit the app policy and select a user

Describe alternatives you've considered Using the above described workaround

Additional context

image

OCram85 avatar Jul 26 '24 08:07 OCram85

With pure OAuth something like this could be done (have a regex in the redirect URI and modify the outgoing URL in the authorization flow), but not for the proxy provider.

BeryJu avatar Oct 10 '24 17:10 BeryJu

🤔 Is it possible to provide an example in the docs? - I guess I didn't get it fully how to solve this with a oauth / single app forward authentication provider

OCram85 avatar Oct 11 '24 10:10 OCram85