jtojnar
commented
1 year ago Something like this would be nice but I have not had time to look into this yet.
Until we implement #882, though would not it just be simpler to set public=1 and have web server proxy every request through Authelia? Then ReaderForSelfoss could use HTTP basic auth.
- I think that the API could use some improvement, and all api calls be merged into the
/apipath.
That’s the plan, I just want to clean up the API first. For example, the current API often sends unnecessarily escaped or redundant data.
- I also think that the API could make use of a seperate API key that is a seperate entity from the username/password configuration settings.
That is tracked in #1045.
desbest
I've got several self-hosted applications that use authelia as a frontend authentication method. https://github.com/authelia/authelia
Authelia allows you to use SSO/2fa credentials in front of many appications.
Using apache/nginx as a frontend, you can set
auth_requestto proxy through authelia, which handles valid/invalid credentials.Authelia works great as a web frontend for selfoss, but not so much for interfacing with ReaderForSelfoss, as the API doesn't seem to operate out of a single
/apipath./apipath.Doing the above would allow for authelia/keycloak/authentik/etc to handle web-based authentication, with selfoss still handling api authentication. Another possible perk would be a future QR code in the settings page for ReaderForSelfoss to utilize for easier connections.
Additionally, this would also take care of #848 as Authelia can connect to LDAP as a backend.