pelican-dev
Oauth (via socialite)
https://laravel.com/docs/11.x/socialite https://socialiteproviders.com/
- [x] Backend (#386)
- [ ] Frontend
- [ ] Add more providers (e.g. authentik, google, microsoft, steam)
- [ ] Make it easier to add additional providers (without code edit)
Would be nice to see an option for JIT(Just-In-Time) provisioning added to create users upon sign-in via SSO.
Would love to see support for authentik or some kind of generic oauth2 provider in the future.
Would love to see support for authentik or some kind of generic oauth2 provider in the future.
Authentik is already supported see here https://socialiteproviders.com/Authentik/#installation-basic-usage just gotta make some changes to get it working.
Weird migration error,
INFO Running migrations.
2024_06_13_120409_add_oauth_column_to_users .............................................................................. 1.30ms FAIL
In Connection.php line 813:
SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL (Connection: sqlite, SQL: alter table "users"
add column "oauth" text not null)
In Connection.php line 571:
SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL
Weird migration error,
INFO Running migrations. 2024_06_13_120409_add_oauth_column_to_users .............................................................................. 1.30ms FAIL In Connection.php line 813: SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL (Connection: sqlite, SQL: alter table "users" add column "oauth" text not null) In Connection.php line 571: SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL
Fixed in PR #409
Would be nice to see enforce MFA as an option as well.
Using the amr attribute within the OAuth token contains the types auth the user has completed at the identity provider, an example: "amr": [ "pwd", "mfa" ],
You could use this to add an option to enforce MFA which would deny the login if the amr token doesn't contain "mfa".
Would love to see support for authentik or some kind of generic oauth2 provider in the future.
Authentik is already supported see here https://socialiteproviders.com/Authentik/#installation-basic-usage just gotta make some changes to get it working.
I've followed the couple things listed there, what else needs done to enable logging in with authentik? I'm really not seeing anything else for it
Would love to see support for authentik or some kind of generic oauth2 provider in the future.
Authentik is already supported see here https://socialiteproviders.com/Authentik/#installation-basic-usage just gotta make some changes to get it working.
I've followed the couple things listed there, what else needs done to enable logging in with authentik? I'm really not seeing anything else for it
Currently only the backend for oauth works, there is no frontend yet. So you can't use it yet.
Currently only the backend for oauth works, there is no frontend yet. So you can't use it yet.
I see. Would love to get this working, but I doubt I'll be of any help. I'll happily be a test-bed when time come though
Is there a way to use OIDC/Oauth2 as of now even without the configuration settings UI?
Edit: I got it working.
For anyone using Authentik:
put this inside your .env:
OAUTH_AUTHENTIK_ENABLED=true
OAUTH_AUTHENTIK_CLIENT_ID=client_id_from_authentik_oauth_app
OAUTH_AUTHENTIK_CLIENT_SECRET=client_secret_from_authentik_oauth_app
OAUTH_AUTHENTIK_BASE_URL=https://auth.domain.tld
and you can change the "Authentik" Label to anything here: https://github.com/pelican-dev/panel/blob/main/config/auth.php#L104C10-L104C19
after you configure those, you should see a button on /app/login and /admin/login routes.
I also have this working this way. If we could, it would be nice to define some scopes (like for groups/role claim/auto user linking). Fantastic for internal use for now!