nichwall
commented
1 week ago I'm confused, are you saying the documentation needs to be updated?
This reads like a bug report with the server, which should be reported in the server repository (those repos will eventually move under the Audiobookshelf organization, but hasn't happened yet) https://github.com/advplyr/audiobookshelf
Hello, I've managed with some hiccups to make authentication work together with Keycloak, including assigning of guest/user/admin privileges and password validation in LDAP (shared with Booksonic and several other LDAP-only apps). Maybe I'll write some guide for that later.
Only major problem I have with the setup right now is that when I log in as a valid user that has no relevant role I get just "Unauthorized" error message on login page (that would be OK), but only with the button to go to authenticator again, which redirects me directly back to Audiobookshelf login page (as I'm already logged in) and there is no way out of this loop (except session timeout or admin session termination in authentication provider).
Maybe a bit more specific message and a button like "OpenID logout and try again" would be much more intuitive for non-IT-admin crowd.
I have disabled a direct login after making the OpenID login work, but while testing I've found another "hiccup" - if I login with local credentials (e.g. as an admin) after logging in with OpenID as an "unauthorized" user, logout with the admin user takes me to the OpenID "really logout?" dialog even when the OpenID identity wasn't applyed. If I'm logged in with OpenID, it performs the logout directly (without asking if it should terminate the session).