Closed dgoodlad closed 1 month ago
NickM-27
commented
1 month ago I think you are misunderstanding how authentication works. If you are using external auth provider then you should not be creating these users inside of frigate itself. We already have plans to support user-by-user customization for proxied users
dgoodlad
commented
1 month ago Oh ok, makes sense! So they won't be tracked in the db in the same way as "internal" Frigate users, rather managed ad hoc?
NickM-27
commented
1 month ago It hasn't been implemented yet but I think they will be tracked in the DB, just automatically
Describe what you are trying to accomplish and why in non technical terms I want to be able to use the set of characters allowed in email addresses for usernames so that I can use the
Tailscale-User-Loginheader as a proxy auth header.Describe the solution you'd like I use Tailscale as a docker sidecar, along with
tailscale serve, to wrap Frigate with both a valid SSL cert and to apply Tailscale's ACLs. Tailscale serve sets identity headers, includingTailscale-User-Loginwhich act like other proxy auth headers. That value is often an email address, but characters such as@are currently disallowed by the user management UI.I'd like to relax the username format requirements to allow all the valid email address characters.
Describe alternatives you've considered I could simply disable authentication on Frigate, and assume that Tailscale ACLs will cover me. That does work but will lose out on any future user-by-user customisation in the UI.
Additional context A further improvement would be to automatically allow the Tailscale headers to function properly, and to include support for e.g. the profile picture and name headers.