search

TandoorRecipes / recipes

Application for managing recipes, planning meals, building shopping lists and much much more!
https://docs.tandoor.dev
Other
5.26k stars 556 forks source link

Redirect to auth provider #2443

Open juantxorena opened 1 year ago

juantxorena commented 1 year ago

Is your feature request related to a problem? Please describe.

I'm using tandoor with keycloak as SSO (provided by django-allauth, afaik), like most of my apps in my server. I'm also using a dashboard with links to my apps (https://dashy.to/, but I don't think it's relevant), in which I also login with keycloak. The problem is that tandoor doesn't recognize that I'm already logged in keycloak, so I have to click on the "Sign in using Keycloak" button, and then it's logged, which is a bit annoying.

Describe the solution you'd like

Example workflow:

  1. I'm logged out of everything.
  2. I go to the dashboard page. Since I'm not logged in, it redirects to the keycloak login page.
  3. I log in, and it redirects back to the dashboard page.
  4. I click on the tandoor link.
  5. It goes to the login page instead of the actual logged-in homepage.
  6. I have to click the "Sign in using Keycloak button", then it redirects itself, and sees that there's already a session.
  7. It redirects again to the tandoor starting page, logged in.

The steps 5 and 6 are superfluous and quite annoying. There is no reason why they should be there.

Describe alternatives you've considered

Another self-hosted app I'm using, vikunja, solves this problem by having a parameter in the URL that automatically redirects to whatever SSO is configured if it's the only auth method available (https://github.com/go-vikunja/vikunja/issues/162). Something similar would be great. In my case I have a local admin user just in case, and the actual users via keycloak. An URL parameter, URL, or whatever that goes directly to the SSO login webpage (and bypasses it if already logged) while keeping the possibility of local login would be ideal for me, but I'm happy with any solution.

Additional context

I'm not sure if the solution would be part of tandoor, django-allauth, django, gunicorn, nginx, or whatever, but I suspect it would be on the tandoor side. I could help with the development if a solution is agreed upon.

tribut commented 6 months ago

Related to #2359

vabene1111 commented 6 months ago

This could be implemented in tandoor. That said the whole Auth thing is a bit of a mess with so many options and configurations. I would love to build some proper tests for all auth methods first before really getting into adding new features. You can still propose a technical concept for the implementation of you wish or you could help with the tests and get this ready as well.