Closed slingamn closed 7 months ago
See #336 and #502 for related prior discussions.
Is anyone working on this at all? 🤔
I started a draft but didn't finish it. Is this something you're interested in? I could prioritize it for the next release.
@slingamn Yes! 👌 Please 🙏 I'm looking to potentially do the following:
This should enable me to stand up a mostly decent small team/startup chat/comms platform that is fully self-hosted without the issues I've been facing with Matrix (Synapse+Element).
Nice, I'll plan to do this soon. You could help test :-)
Absolutely! 🙏🙇♂️
@prologic sorry about the delay; I have a draft of this over at #2122. (See the changes to default.yaml
for how to enable the feature.)
I successfully tested with Gamja and a local Authelia, but I had to patch out a couple checks in Authelia's libs relating to Gamja-Authelia interactions (i.e. unrelated to Ergo's OAUTHBEARER implementation itself):
https://example.com/gamja/
but received https://example.com/gamja/?scope=
)It's very likely that one or both of these issues is caused by my misconfiguration of Gamja and/or Authelia, but be advised that things may not work out of the box.
(Ignore the jwt-auth
config block or anything related to draft/bearer
; those are for a related but distinct specification)
@prologic any thoughts on when you might be able to test this? I was thinking of doing an early release that includes this change. (Sorry to pester you after I took so long implementing it ;-)
I haven't had an opportunity to try this out yet, been very busy with my day job. But it'son my list!
Thanks! I'm pretty confident in the PR so I'm going to merge it now and you can test it from the master branch.
https://emersion.fr/blog/2022/irc-and-oauth2/
In terms of ergo, all we need to do is:
auth-script
block?) to enable advertising the OAUTHBEARER mechanismauthenticateHandler
to process OAUTHBEARER by forwarding it to an auth-scriptoauthbearer
field in the input (the output type is already sufficiently expressive)