Closed StarkZarn closed 1 year ago
I think one way to solve this would be by allowing users to generate API keys and then use them with the cli instead of username/password.
I think one way to solve this would be by allowing users to generate API keys and then use them with the cli instead of username/password.
Good idea, I like this! I assume it would be encompassed within the Authenticated decorator?
The passport guard can do a "one of these strategies" thing. So we could support jwt, cookie, API key, etc., by creating a new strategy and implementing the validate
method, which returns a user. Nothing else would have to change after that point though.
I think one way to solve this would be by allowing users to generate API keys and then use them with the cli instead of username/password.
This is what I had in mind when I was looking through things. Admittedly I am not familiar with the SSO functionality here, but a solution in my mind was reminiscent of an "app password" or something. An API key would certainly work well.
For anyone else who is running into this hurdle, you can simply login as the administrator, reset the user's password, and use local sign-in to upload the photos. The SSO hook isn't a deal breaker as it turns out. To be clear, this won't affect the SSO user's password, it's simply the local immich account.
Honestly devs, I think that is a good enough solution if you have other stuff to prioritize. A one-liner about that in the docs would satisfy me.
We implemented API keys in the last release, and the PR for CLI to use API keys just got merged.
I haven't gotten around to it, but the docs need to be updated and then we should be all set.
I haven't gotten around to it, but the docs need to be updated and then we should be all set.
I updated the doc
Sounds like it's properly handled! Thanks so much!
Describe the bug Immich-CLI does not provide a mechanism to authenticate via SSO when OIDC/OAUTH is configured.
Task List
docker-compose
file..env
file.To Reproduce Steps to reproduce the behavior:
immich upload -s http://servername:3001 -e user@domain.tld -pw 'SSO Password' -d /import
Expected behavior Additional command line flags should be provided to authenticate via the configured SSO service so that command line upload can work with users that aren't natively managed by Immich.
System
Android
1.40.0
1.40.0 build.63
Docker-compose
.ENV
Server Info Running in docker compose on Fedora 37 in a VM, x86_64 architecture.