Open juantxorena opened 1 year ago
Related to #2359
This could be implemented in tandoor. That said the whole Auth thing is a bit of a mess with so many options and configurations. I would love to build some proper tests for all auth methods first before really getting into adding new features. You can still propose a technical concept for the implementation of you wish or you could help with the tests and get this ready as well.
Is your feature request related to a problem? Please describe.
I'm using tandoor with keycloak as SSO (provided by django-allauth, afaik), like most of my apps in my server. I'm also using a dashboard with links to my apps (https://dashy.to/, but I don't think it's relevant), in which I also login with keycloak. The problem is that tandoor doesn't recognize that I'm already logged in keycloak, so I have to click on the "Sign in using Keycloak" button, and then it's logged, which is a bit annoying.
Describe the solution you'd like
Example workflow:
The steps 5 and 6 are superfluous and quite annoying. There is no reason why they should be there.
Describe alternatives you've considered
Another self-hosted app I'm using, vikunja, solves this problem by having a parameter in the URL that automatically redirects to whatever SSO is configured if it's the only auth method available (https://github.com/go-vikunja/vikunja/issues/162). Something similar would be great. In my case I have a local admin user just in case, and the actual users via keycloak. An URL parameter, URL, or whatever that goes directly to the SSO login webpage (and bypasses it if already logged) while keeping the possibility of local login would be ideal for me, but I'm happy with any solution.
Additional context
I'm not sure if the solution would be part of tandoor, django-allauth, django, gunicorn, nginx, or whatever, but I suspect it would be on the tandoor side. I could help with the development if a solution is agreed upon.