Feature request : SSO with OpenID (OIDC)

[matbgn]

Would it be possible to implement a more open protocol for single sign-on like OIDC?

The open-source library Passport.js could be a solution if needed.

[heloufir]

I will put this idea on the RoadMap project, I think it would be a good idea.

[matbgn]

Based on the actual roadmap what will be a reasonable delay? With absolute no guarantee of course.

[heloufir]

There is no other high priority task, so I think I will put it as a next step. So in a week or two based on my free time

[heloufir]

FYI I think I will use this package https://github.com/jumbojett/OpenID-Connect-PHP I have pinned it a few days ago, so I will try it ASAP.

[matbgn]

😲 If you maintain this timeline I will, for sure, buy you a big coffee!

[heloufir]

What do you think, just for fun 😄

[matbgn]

🤣 ChatGPT apologies are enormous!

But personally I will go trough passport. It's a good battlefield tested library and I'm sure that you will be able to connect it with Connect2Id in one or the other way.

[heloufir]

Lol yes there I can't even ask again 🤣

Yep, passport for me too is the best choice.

[heloufir]

@matbgn any suggestions for local OIDC connect provider to make tests?

[matbgn]

An easy and straightforward solution would be to use Authentik (https://github.com/goauthentik/authentik), personally I use Keycloak.

[heloufir]

@matbgn

I just pushed the OIDC Connect function to dev branch, before merging it to master, I would like if possible that you test it in your local to check if the logic is good and match your needs.

To make it working in your local environment:

1. Clone the repo: git clone https://github.com/devaslanphp/project-management-docs.git
2. Change the branch to dev: git checkout dev
3. Install dependencies (back & front): composer install && npm install
4. Configure your .env file based on docs: https://devaslanphp.github.io/project-management/#/installation?id=configuration
5. Configure your database based on docs: https://devaslanphp.github.io/project-management/#/installation?id=database
6. Configure your OIDC environment variables: (based on this https://github.com/devaslanphp/project-management/blob/dev/docs/oidc.md)

OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_DISCOVERY_ENDPOINT=
OIDC_REDIRECT_URI="${APP_URL}/oidc/callback"
OIDC_REALM="myrealm"
OIDC_URL_AUTHORIZE="${OIDC_DISCOVERY_ENDPOINT}/realms/${OIDC_REALM}/protocol/openid-connect/auth"
OIDC_URL_ACCESS_TOKEN="${OIDC_DISCOVERY_ENDPOINT}/realms/${OIDC_REALM}/protocol/openid-connect/token"
OIDC_URL_RESOURCE_OWNER_DETAILS="${OIDC_DISCOVERY_ENDPOINT}/realms/${OIDC_REALM}/protocol/openid-connect/userinfo"
OIDC_SCOPE="openid"

Make sure you have already configured the OIDC environment variables before trying to authenticate your user based on your OIDC provider, and enabled the OIDC Connect login in your Administration General Settings

[heloufir]

FYI To enable / disable login sections (form, oidc and social) you can use the General settings.

[heloufir]

@matbgn any news about this?

[matbgn]

Finally I managed to deploy it on Caprover and made a PR on the community for its basic installation as a reward (sorry for the delay) see https://github.com/caprover/one-click-apps/pull/888

Next I'll try with OIDC and get back to you or make a new issue specifically for that if needed, but I don't mind so.

[matbgn]

As promised the coffee is on its way, enjoy! :coffee:

[heloufir]

Finally I managed to deploy it on Caprover and made a PR on the community for its basic installation as a reward (sorry for the delay) see caprover/one-click-apps#888

Next I'll try with OIDC and get back to you or make a new issue specifically for that if needed, but I don't mind so.

That's great, thanks for your help!

As promised the coffee is on its way, enjoy! ☕

Thanks a lot mate! don't hesitate if you need any help, I have a lot to do, but I can help on my free time