Unable to configure in YunoHost due to missing documentation

jahway603 commented 1 year ago

Describe the bug

Unable to find documentation to configure this for YunoHost

Context

N/A

Steps to reproduce

If the error occurs in your browser, explain what you did:
1. Go to Apps Catalog
2. Search for OpenID
3. Click on Install on Dex
4. Get confused as unable to find documentation to configure this on YunoHost

Expected behavior

There would be documentation explaining what the following fields are so that the user can configure this for their YunoHost instance:

Choose the URL path (after the domain) where this app should be installed
Name of the app you want to connect to the OIDC auth flow
OIDC secret of the app you want to connect to the OIDC auth flow
Callback URI required by the app you want to connect to the OIDC auth flow

Logs

N/A

Limezy commented 1 year ago

Hi, thanks for your feedback. I'm very busy these days... I may try to find a minute to write a tutorial. May I know your usecase ? Dex is a kind of low level app, not really inteded to be installed "by hand" to be honest.

brockhaus commented 1 year ago

Same "problem" here. I tried to find an OpenID provider installed on my yunohost. Searching for "openid" this dex package ist the only result. Maybe this is no OpenID provider but "something else"? The openid provider I installed on another host (prairie) did not have any settings named like this and I can not see what these settings are in the openid process.

P.S.: And if it is not meant to be set "by hand" how is it meant to be set up? What is this yunohost package about?

Limezy commented 1 year ago

@brockhaus there is no documentation yet, but there is still a description, such as "setup a canonical OpenID Connect provider for your YunoHost instance, based on the LDAP user base, that can then be used as an authentification server for other YunoHost apps", which i believe to be pretty clear, at least if you understand what is OpenID Connect (OIDC) and how it works...

This is a server, which means that it will remain useless unless a client app is configured to use this particular OIDC server. Hence my remark above :

Either you install a Yunohost app that explicitely uses OIDC as part of its Auth workflow, and that will install and configure Dex as per your needs (to this day, the only one I know is the Outline app)
Either you install a client app (on your Yunohost or not...), that acts as an OIDC client for its auth workflow, and for which you are able to configure the OIDC server (a lot of private apps will not let you chose the server and will force you onto Facebook, Github, Slack or others). In that case you install Dex, you chose your URL, the name of your app, the secret and the callback, and then you configure your client app accordingly, with that same name, secret, callback and URL. Then you'll be able to connect to that app using your Yunohost credentials.

In a nutshell, I feel that there is a big misunderstanding about what that app is doing (and what it doesn't). If you can't setup which OIDC server you can use on your client app side, Dex is useless to you.

If you can and if you know what you are doing, you can read the Dex documentation and think of that app as "Dex installed on Yunohost with a ready to use LDAP connector to Yunohost userbase" You can also read the install script of Outline app and/or install Outline, then look around inside /opt/yunohost/dex/config.yaml and /var/www/outline/.env how it works.

YunoHost-Apps / dex_ynh