SSO into 3rd party plex apps

goauthentik / authentik

The authentication glue you need.

https://goauthentik.io

Other

13.02k stars 866 forks source link

SSO into 3rd party plex apps #1255

Closed PotentialIngenuity closed 2 years ago

PotentialIngenuity commented 3 years ago

Is your feature request related to a problem? Please describe.

I would like to be able to pull the token from the plex source and then sso with any 3rd party plex app. All the apps have an endpoint that is hit with your username, password, and plex token.

The apps are: Plex itself Tautulli Petio Overseerr Ombi

Organizr does this here

GeorgeGedox commented 3 years ago

You can add Plex as a source so you can login to authentik via plex and then go to other apps. If you mean in the sense that authentik should act as a plex provider and allow you to authenticate via the plex button in other apps without having plex, then that's a bit more complicated.

BeryJu commented 3 years ago

With https://github.com/goauthentik/authentik/commit/84c45470053dabb0376d2a275b49b99f5b4b0499 (and 2021.8), there'll be an API where you can retrieve the user connections from plex sources, including the Plex token.

PotentialIngenuity commented 3 years ago

This works well on its own. I was thinking it would be integrated withing authentik too. We should be able to choose which apps to send our user, pass, and token to. We would also have to specify the apps api endpoint to receive this data and log us in.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

PotentialIngenuity commented 2 years ago

@BeryJu can we reopen?

BeryJu commented 2 years ago

Hi, just to be sure, what you want is to be able to send a User's plex token via the Outpost to an application as an HTTP Header?

PotentialIngenuity commented 2 years ago

Yes sir. Also each app has a specific endpoint that accepts the header so we would need to be able to specify that per app

BeryJu commented 2 years ago

So this is already possible, kinda.

You can create a custom Scope mapping with an expression something like this

from authentik.sources.plex.models import PlexSourceConnection

connection = PlexSourceConnection.objects.filter(user=request.user).first()
if not connection:
    return {}
return {
    "ak_proxy": {
        "user_attributes": {
            "additionalHeaders": {
                "X-Plex-Token": connection.plex_token
            }
        }
    }
}

which will add the X-Plex-Token to requests, if the user has a Plex connection.

However, you can't currently select custom scopes on the Proxy provider, but I'll add that shortly.