chukfinley
commented
2 months ago +1
Open RoblKyogre opened 6 months ago
chukfinley
commented
2 months ago +1
cubic3d
commented
2 months ago As far as I understand your request, this is already possible: https://docs.goauthentik.io/docs/providers/oauth2/device_code
The device would receive a URL to show via a QR code which you can scan with another device and login. This is used by e.g. Netflix on the TV app.
RoblKyogre
commented
2 months ago As far as I understand your request, this is already possible: https://docs.goauthentik.io/docs/providers/oauth2/device_code
The device would receive a URL to show via a QR code which you can scan with another device and login. This is used by e.g. Netflix on the TV app.
From what I can interpret (the docs seem unclear on this), the code would be shown in the app that's using authentik to authenticate, as opposed to authentik itself.
I was thinking more about something where the identification stage within authentik itself could have the option to scan a QR code or device code of some kind and log in that way (like how you can use a passwordless flow or an external source like Discord to log in).
I can't tell if the device code flow does this or not, but when I made a Stage Configuration flow for it (nothing in it yet) and set as the Device Code Flow, I didn't see anything in the identification stage inidcating I could log in using a device code or such.
ensignavenger
commented
1 month ago It sounds like what you are wanting is the flow as described in this video - https://www.youtube.com/watch?v=aEpT2fYGwLw
Does that look like what you are wanting?
I haven't tried it yet myself, but I plan too.
RoblKyogre
commented
1 month ago It sounds like what you are wanting is the flow as described in this video - https://www.youtube.com/watch?v=aEpT2fYGwLw
Does that look like what you are wanting?
I haven't tried it yet myself, but I plan too.
I do have the flow configured, but it’s not quite what I’m looking for. First, the QR Code prompt shown there is a feature specific to Chrome (and I assume other chromium-based browsers as well), and it doesn’t pop up in Firefox. Second, it relies on being able to use passkeys in the browser, which I mentioned may not be an option when initially posting the issue.
For a good demonstration, I’d say Steam and Discord are good examples of what I’m looking for. They both provide a QR code to scan on the login page itself, which can be scanned on another device so that it can be used to authenticate the initial device.
Meimax
commented
4 weeks ago I think what @RoblKyogre wants is this: https://www.rfc-editor.org/rfc/rfc8628
Is your feature request related to a problem? Please describe. In certain situations, typing out a username and password is too cumbersome (especially on devices like consoles and smart TVs and/or if using a long password), and logging in passwordless on that device is not an option.
Describe the solution you'd like I'd like to be able to identify/log into an account by scanning a QR code and using another device to log into the account, similar to how Discord and Steam let the user log in by scanning a QR code.
Describe alternatives you've considered Currently, I'm using social login via Discord to solve this problem since as mentioned, it allows the user to sign in with a QR code. However, it requires me to have a Discord account and log into it on the other device, but I would prefer if I could skip the Discord login and stick entirely to Authentik instead.
Additional context I took a look at #9642 since it aligned most closely with what I'm looking for based on searching the issues for "QR Code," but it seems to request the opposite of what I want: "This would kinda work like the QR Code Auth in WhatsApp Web, Steam or Discord but in reverse." In contrast, I'd like it to work pretty much exactly how Steam or Discord work.