middleware icon indicating copy to clipboard operation
middleware copied to clipboard
Published 7 months ago verified publisher icon middlewarehq

Implement SSO Login (Okta, Google, Microsoft, OAuth, SAML 2.0, Keycloak, etc)

Open flavio-araujo opened this issue 9 months ago • 8 comments

Why do we need this ?

It would be great to have Single Sign-On (SSO) options for login, such as Okta, Google, Microsoft, and generic OAuth. This would enhance security and user convenience.

flavio-araujo avatar May 29 '25 23:05 flavio-araujo

Hello @flavio-araujo @jayantbh ,

I wanted to contribute to this feature. I have work experience in cybersecurity domain and SSO.

I created a demo plugin which supports Oauth SSO with Okta and Gmail.

For both of them to work firstly an Oauth application needed to be setup on Okta and Google respectively.

I'm sharing both login flow videos below.

https://github.com/user-attachments/assets/c202328b-4f29-4e2c-bcd9-977b615a64ad https://github.com/user-attachments/assets/f6c764f5-8551-49c0-8708-a7cdeb3e3738

There are some differences in both flows

  1. Google being a public IDP can be accessed by any user which has gmail. Google oauth flow involves popup for permissions
  2. Okta is an enterprise IDP and can only be accessed with users present in Okta. Its flow is redirection to Okta based.

In both cases I have fetched email and name for now. Can look into fetching additional information based on your requirements.

Let me know your thoughts on it.

Cheers, Ritik

RitikBora avatar Jul 15 '25 12:07 RitikBora

I guess it'll be okay for users to provide their own client ID and secrets to the auth systems. That way they can configure their own login conditions.

jayantbh avatar Jul 15 '25 12:07 jayantbh

Hey @jayantbh ,

Thank you for the details.

So okta , azure and other providers allow configuration . For google oauth use a generic one. Similar to other websites Let me know if I have gotten it right. Thanks, Ritik

RitikBora avatar Jul 15 '25 13:07 RitikBora

All allow configuration. Even when creating a Google oauth app, you can configure if people from the same Google workspace can login or otherwise.

I imagine something like next-auth will work quite well.

jayantbh avatar Jul 15 '25 13:07 jayantbh

Hello @jayantbh , Thank you for the details.

Based on your description of the feature. There would be a separate configurations section for Oauth.

I tried manually setting up the project. And looked at the web server(Frontend). I could not see anything related to login there.

I looked at components from your hosted website.

Is there a different project for website or am I doing something wrong here?

Looking forward to your reply. Thanks, Ritik

RitikBora avatar Jul 16 '25 10:07 RitikBora

Hi folks, Any news about this issue? Tks

flavio-araujo avatar Aug 29 '25 12:08 flavio-araujo

Hey @flavio-araujo, At the moment this isn't in the roadmap for the open source app.

Google/MS OAuth, and Magic Links are supported in the cloud app (which offers DORA Metrics free forever) if that's something you'd be interested in. :)

I understand if that wasn't the answer you wanted, but if someone from the community wishes to implement this, they are welcome to. :)

jayantbh avatar Sep 15 '25 18:09 jayantbh

@RitikBora, yes, the cloud app (app.middlewarehq.com) is a different thing from the open source product.

jayantbh avatar Sep 15 '25 18:09 jayantbh