search

BookStackApp / BookStack

A platform to create documentation/wiki content built with PHP & Laravel
https://www.bookstackapp.com/
MIT License
14.67k stars 1.85k forks source link

Third Party Authentication via Telegram #4702

Closed sysadminpower2019 closed 8 months ago

sysadminpower2019 commented 8 months ago

Describe the feature you'd like

Allow users to login and edit articles using telegram as authentication source

Describe the benefits this would bring to existing BookStack users

Our community is very heavily integrated into telegram and any bookstack provides a source for maintaining our historical record. Almost all of the future users of the wiki are telegram account holders and this would simplify management

Can the goal of this request already be achieved via other means?

not as far as i know of

Have you searched for an existing open/closed issue?

How long have you been using BookStack?

1 to 5 years

Additional context

No response

ssddanbrown commented 8 months ago

Hi @sysadminpower2019, Thanks for the suggestion.

These days I don't like to add service-specific support where possible, especially where the service is not following a typical common auth option. Since Telegram does not seem to work with SAML2/OIDC/LDAP, or even a normal OAuth flow, adding support for it is not something I'd be interested in within the core project.

sysadminpower2019 commented 8 months ago

sure i totally understand. thank you for your reply.

i know that telegram might seem like an edge case as well especially in certain settings however Telegram is the lifeblood for many communities especially in europe. Millions of users particularly around this part of the world are rather dependent on telegram not just for chat but also news and other use cases.

If there is a way for me to help to support this along i'd be happy to do so. I do believe the benefit for the users of bookstack would be rather huge.

thank you once again

ssddanbrown commented 8 months ago

If telegram is that crucial, it might be worth attempting to advocate/request Telegram to add support for common standards so each application does not have to build specific support.

Ultimately the request for this has been low, so I think the benefit to the existing BookStack audience will be very minimal. Therefore I don't think the maintenance and support required for a service-specific custom authentication option would be worth it, so I wouldn't look to increase our scope to support it.

I'm going to therefore close this off.

If you have some development resource, then we do provide a way to register custom OAuth providers via the logical theme system. It might be possible to use this and adapt potential Telegram options to work for this, but I have not looked at Telegram auth in depth so I have no idea of feasibility. Another option is to look for some kind of "Telegram Auth Bridge", which can sit in the middle and translate custom authentication into a common standard. I have not looked, but have seen these for other services so might be something out there for Telegram.

sysadminpower2019 commented 8 months ago

i understand.

I will try to ask telegram to see if they wil provide support for oauth. in the past they seem to have been open to user requests. yea something like a telegram bridge might be possible, i'm sure it has already been done.

in any case the authentication target here would be SAML or oauth?

ssddanbrown commented 8 months ago

in any case the authentication target here would be SAML or oauth?

Not sure, depends on the context. BookStack supports SAML2/LDAP/OIDC and specific platforms via OAuth. My preferences out of them is OIDC, since it's simple and modern while being a complete identity standard.

sysadminpower2019 commented 8 months ago

I was looking at what they call the login widget.

they have some sample php code.

it seems it is easy enough to implement my question is where does this hook into the bookstack authentication interface.

it is enough to pass credentials somewhere to bookstack and then continue the normal flow?

https://core.telegram.org/widgets/login https://gist.github.com/anonymous/6516521b1fb3b464534fbc30ea3573c2

ssddanbrown commented 8 months ago

Like that sample, You'd need some front-end code on the login side to get the user details, then some back-end code to verify & use them, before logging in the user. You'd could look over the existing auth flows to get an idea of what they're doing, there can be a lot of things to consider (User creation, existing user matching, MFA/email-confirmation interruptions, use with existing active auth). Don't really want to advise on hacking around auth too much since there's risk there.

sysadminpower2019 commented 8 months ago

would something like auth0 also be an option as some kind of bridge?

sysadminpower2019 commented 8 months ago

just for future reference if anyone else with more experience wants ts pick this project up, there is a great youtube video that shows an example of how to use telegram to create login and authorization for users in php.

here is the link to the video

https://www.youtube.com/watch?v=62o5rk4439U

ssddanbrown commented 8 months ago

Just to confirm following the above, if anyone did implement this and offer it as a PR, it's still not something I'd accept into the core project. Initial implementation effort is not my concern.

would something like auth0 also be an option as some kind of bridge?

Only if it supports telegram as an upstream provider. Not sure if that's the case though.

sysadminpower2019 commented 8 months ago

understood, maybe it could be offered as a plugin or some sort, but i havent seen if bookstack supports plugins or has documents for that option