Support for openid auth provider

[dorianim]

Hi,

I'd love to try this app, but I am unfortunately unable to login, because I'm using the openid auth provider.

Any chance to support openid login?

Regards, Dorian

[Benimautner]

This is not on top of my to-do list right now. Especially because I haven't used this and there isn't really any documentation on how the auth flow works. I'd love to implement it someday though, but that day is probably in the more distant future. Sorry! :/

[kolaente]

There's a bit of documentation here: https://try.vikunja.io/api/v1/docs#tag/auth

But yeah, the process is not very well documented. It's probably easier with knowledge about openid connect but even then it's not that easy.

[kolaente]

I'm not sure if that's possible at all, but couldn't we delegate the whole auth process to a webview accessing the frontend and grabbing the token from it at the end? That way, we could get openid Auth for free.

[Benimautner]

Sounds like a good idea. This would force people to have the frontend installed though, which is not a requirement, right? But you are right, this would probably work as an alternative, as almost everyone has it installed anyways. I might add a button saying 'login with frontend' which opens the webview.

[dorianim]

I think, that would be a nice solution. It would also work for other auth methods which are possibly added in the future :)

[dorianim]

As far as I can tell, the token is put into local storage after authentication. This looks like a possible solution on how to retrieve the token from there. Should not be too complicated :) Should also work with the official webview plugin: https://pub.dev/documentation/webview_flutter/latest/webview_flutter/WebViewController/runJavascriptReturningResult.html

[Benimautner]

I don't know a lot about the fontend, but I would have gone with overriding all post requests, waiting for one where the response includes a token and then just closing the webview.

[dorianim]

That could work too :+1:

[kolaente]

The openid auth request is this one: https://try.vikunja.io/api/v1/docs#tag/auth/paths/~1auth~1openid~1{provider}~1callback/post

And for the normal login there's this one: https://try.vikunja.io/api/v1/docs#tag/user/paths/~1login/post

Since there's a way to execute js in the context of a webview it may be the easiest to just use that until there's a token saved in local storage. That would also let use add additional Auth providers in the future without requiring a reimplantation of the authentication in the app (which would be required when intercepting requests?).

[Benimautner]

v0.0.11-alpha can now do this. However, as the webview only triggers when pages finish loading I have no way of detecting when the login succeeded. So you need to login, then leave and reopen the webview window. I haven't tried it with openid providers yet because I do not have them set up on my vikunja instance so please let me know if it works.

[dorianim]

Thanks for implementing it so fast :smile: Unfortunately, it does not seem to work. The webview opens, and I can log in, but it does not sign me into the app.

[dorianim]

If you want, I can provide you an account on my vikunja instance for testing :)

[Benimautner]

That would be amazing. I'll send you an email so you can send me the credentials!

[Benimautner]

Hi! I have now tested and fixed a lot of problems with the webview and it should work now. just press back once after you signed in and you'll be signed into the app. It works for me now with google as an openid provider but let me know if it doesn't work for you.

[dorianim]

Thanks for your efforts! Unfortunately, it does not seem to work for me. When I enter the url and press "Login with frontend" a view opens, but immediately closes again. When trying a second time, the whole app gets black and freezes. Did you receive the credentials to my instance?

Edit: I just realized, that I already signed in, so the credentials were cached in the web view. That's probably why it immediately closes again. But I cannot really explain the black screen.

[Benimautner]

I am so sorry, your email was in my spam folder and you were right, it did not work. The black screen was my fault, for some reason the variable API_URL is sometimes absolute and sometimes relative. But I fixed it in release v0.0.15-alpha.

please try it and let me know if it works.

[dorianim]

Sees to work now, thank you :D Just one small thing: When clicking Login with Frontend whithout hanving entered a Server Address, the app freezes.

[Benimautner]

Yes, you're right. Fixed that. Reopen the issue or create a new one if you find anything else. I will close this issue for now.

[dorianim]

Unfortunately, this seems to be broken since the last release. When I click, login with browser, I just get a black screen, and the app crashes.

Feel free to use my Instance for testing, your credentials should still work :)

[rafaelmathieu]

@dorianim the same thing is happening to me. Except when I re-open the app, I am logged in.