search

MDeLuise / plant-it

🪴 Self-hosted, open source gardening companion app
https://plant-it.org
GNU General Public License v3.0
453 stars 17 forks source link

Add support for additional authentication methods #204

Open j1mbl3s opened 1 month ago

j1mbl3s commented 1 month ago

Avoid duplicated feature requests

Description

I would like Plant-it to accept authentication from additional sources, such as forwarded proxy headers (X-Forwarded-User, X-Forwarded-Email, etc.), or maybe OAuth/OIDC but I know that is a larger effort and I'm not sure that whole flow is entirely necessary for this application. This would allow Plant-it to offload the storage of authentication details to another service (it would still need to keep track of user data, though). SSO would be an option for environments that support it(!).

There would need to be a few additional configs for forwarded auth:

  1. FORWARD_AUTH_ENABLED - true/false value which enables or disables the feature to accept forwarded authentication headers
  2. FORWARD_AUTH_HEADER - string specifying the HTTP header used to pass the user id (i.e. X-Forwarded-User, X-Forwarded-Email, etc)
  3. FORWARD_AUTH_TRUSTED_IP - a list of IPs to accept forwarded authentication from (i.e. from the IP of the incoming request); accept from any IP if it is empty/undefined