kontron / redmine_oauth

Redmine authentication through OAuth.
GNU General Public License v2.0
61 stars 27 forks source link

Decouple self-registration and OIDC registration #39

Closed gramakri closed 4 months ago

gramakri commented 5 months ago

OIDC registration creates new users (or not) based on redmine's self registration flag. This probably makes sense if OIDC provider is some social login provider (twitter, generic Google, GitHub etc).

This does not work for situations where the OIDC provider is for an internal Directory. For example, Keycloak, Authentik, Google Workspace etc. In such a set up, we want to disable redmine's self registration but want to enable login via the OIDC provider only.

I think having a plugin specific setting instead of using redmine's self registration flag would solve this.

https://github.com/kontron/redmine_oauth/issues/18 is related , I think

gramakri commented 5 months ago

@picman if you are open to it, we can submit a patch which add a setting which would replace the use of https://github.com/kontron/redmine_oauth/blob/main/app/controllers/redmine_oauth_controller.rb#L161

picman commented 5 months ago

Of course. Create a pull request to the devel branch.

picman commented 5 months ago

Where is the patch?

gramakri commented 5 months ago

@picman ah, I missed your initial message. I can create a patch against devel tomorrow.

sgrossberndt commented 5 months ago

We at TYPO3 are missing the same feature. Great to hear there is already progress here. I will test this once a patch has been provided.

gramakri commented 5 months ago

@picman @sgrossberndt I have an initial patch working. Will test a bit more over the weekend and submit a PR. Comments welcome (I am not a ruby or a redmine dev!)

gramakri commented 5 months ago

@picman @sgrossberndt I have submitted a PR

sgrossberndt commented 5 months ago

Thanks, I did not receive a notification for the PR. I will test it in the next days.

picman commented 5 months ago

Merged. You can test it.