[FR] More sign-up/login options

AppFlowy-IO / AppFlowy

Bring projects, wikis, and teams together with AI. AppFlowy is an AI collaborative workspace where you achieve more without losing control of your data. The best open source alternative to Notion.

https://www.appflowy.io

GNU Affero General Public License v3.0

58.2k stars 3.83k forks source link

[FR] More sign-up/login options #4756

Open yujinio opened 8 months ago

yujinio commented 8 months ago

Description

AppFlowy is advertised as a privacy-first service, but for some reason only allows to sign-up and login through the most anti-private third-party oauth vendors available: github (microsoft), discord and google.

I'd suggest to implement a few more options to sign-up and login.

And no, using the app in offline mode only is not a solution to the problem I'm highlighting IMO.

Impact

By adding other OAuth2 providers:

More users (audience growth);
More privacy (with privacy-friendly vendors).

By adding other sign-up/login options:

Flexibility;
More privacy.

Additional Context

I couldn't find if such an issue already exists, so sorry in advance if I'm duplicating it.

moolight-seashell commented 7 months ago

this should be high priority in the things to do

annieappflowy commented 7 months ago

We've enabled the backend to support sign in with magic link or password and will work on the frontend in April What other OAuth2 options would you like to use?

moolight-seashell commented 7 months ago

first be able to connect with password and magic links on pc and android,

then maybe use 2 factors authentification with one time password like do Aegis. or even all FIDO like devices like yubikey. Probably hard to implement if superbase d'ont support them but well this app pretend to be a secure note app, right ? =P =)

Personnaly i d'ont see why you're using these these third-party OAuth2 at all and even with google mircosoft or others

yujinio commented 7 months ago

@annieappflowy

We've enabled the backend to support sign in with magic link or password and will work on the frontend in April

Hi Annie,

These are some great news, thanks! Looking forward to seeing an option to sign in with magic link or password in desktop and mobile apps.

What other OAuth2 options would you like to use?

For those who self-host it might be convenient to have an option to implement a custom OIDC OAuth2 provider support, e.g. Keycloak, Authelia, etc. Some open-source services (e.g. Gitea/Forgejo, Outline) support OIDC.

Speaking about publicly available OAuth2 providers, I'm not sure. I personally wouldn't use any because I prefer not to rely on any third-party (MITM) to access any kind of a service.

P.S. here's a wiki list of OAuth2 providers if you need it: https://en.wikipedia.org/wiki/List_of_OAuth_providers

flavienbwk commented 3 months ago

Is there any current work allowing AppFlowy to be used with SSO such as Keycloak ? (OIDC)

jernejcvek commented 3 weeks ago

Is there any current work allowing AppFlowy to be used with SSO such as Keycloak ? (OIDC)

That would be awesome since Keycloak is open source and, besides integrated auth, provides the possibility to use other identity providers as well.

yggi commented 1 week ago

:+1: Just found this when researching how to authenticate to appflowy with a different oauth provider. Would :heart: to have it playing nice with authelia