plankanban
login with OAuth2
Is it possible to login if just oauth2 is available? We are bound to use https://github.com/thephpleague/oauth2-server and it is just offers Oauth2 and no OIDC. The client used by planka panva/node-openid-client can deal with it, likewise its not implemented in planka yet.
According to https://github.com/plankanban/planka/pull/524/commits/4db8f3e23e73c737189dc97d770a0e34151e2427 it sounds like it could work but sadly lacks the details.
This implementation should work with any OIDC-compliant IDP and even
OAuth 2.0-only IDPs as long as they serve and OIDC discovery document.
It sounds like it could work if I create a stub .well-known/openid-configuration file with some content ?
Hi! We haven't tested this possibility and it's hard to say what exactly is required, but probably with .well-known/openid-configuration it should work.
I created a fake file at the webserver and planka starts at least and seems to try to login.
I needed to create a valid response file otherwise planka would crash. added this to my nginx config
# openid_connect stub
location /oauth/authorize/.well-known/openid-configuration {
return 200 '
{
"issuer":"https://www.myurl.com",
"authorization_endpoint":"https://www.myurl.com/oauth/authorize/",
"token_endpoint":"https://www.myurl.com/oauth/token",
"scopes_supported":[
"openid",
"email",
"profile"
]
}
';
}
The resonse from the webserver if I try to login is
{"error":"invalid_client","error_description":"Client authentication failed","message":"Client authentication failed"}
Checked ids etc and it should work. At both ends no errors received so likewise it tries something that is not working. Just to clarify I have no real idea about OIDC so maybe I made some basic mistake at the json above already.
You will need at least the userinfo & logout endpoint.
{
"userinfo_endpoint": "http://<webserver>/userinfo",
"end_session_endpoint": "http://<webserver>/logout",
}
