kroketio / quart-keycloak

Add Keycloak OpenID Connect support to your Quart application.
BSD 3-Clause "New" or "Revised" License
12 stars 4 forks source link

Authentik support? #7

Closed ksaadDE closed 1 year ago

ksaadDE commented 1 year ago

Hi,

The old OpenID library seems to be deprecrated.

Can we translate the openid part to support authentik as well? Not sure if both OpenID specs / code is doing the same. https://github.com/goauthentik/authentik/issues/4543

I wouldn't like to fork your code and make a entire new lib from it, without your help to speed up the process.

Regards

sanderfoobar commented 1 year ago

From the README:

Using different IdPs

Previously this extension was known as quart-session-openid and made an effort to support multiple OpenID servers but it turns out that everyone has their own interpretation of the OpenID spec so IdPs tended to vary which caused breakage. Even between Keycloak versions there are small (but breaking) changes - so it was decided to narrow the scope, rebrand to quart-keycloak and focus on modern Keycloak versions.

Will you support OIDC feature $x?

The OpenID specification is rather large (and confusing) and this extension tries to abstract the complicated parts away and makes the fair assumption that your web application wants some basic OIDC features, mostly: login and logout. Undoubtedly you may use Keycloak in various other exotic ways but this limited scope ensures the extension stays maintainable. Please keep that in mind when submitting a pull-request.

As for your question:

Can we translate the openid part to support authentik as well?

Sorry, I do not work for free on features that do not benefit me (it only benefits you). Feel free to email me for consultancy services, else just fork it.

ksaadDE commented 1 year ago

Hello my friend,

I didn't reply yet, work and private projects first.

To your comments:

I can understand that you had trouble with following the specs, implemented differently for every "ID service". Also, I understand it's a huge time investment to get everything working.

for free on features that do not benefit me

Despite the contradicting statement and a simple "no" was absolutely sufficient.

I initially offered my help and at first I was even motivated to pay you for the work. Latter changed due to the issues in your code (see below) and your (unfriendly, almost rude) words here.

People are more motivated to pay (or pay back by filing a PR / coding or docs) when they are approached friendly and wise. Usually there is the good-will and hard-work spirit of Github that is flourishing us developers.

Authentik (Python) instead of Keycloak (Java) could be of interest to you as well. Didn't you want to get rid of non-pythonic stuff (see your comp. website) ?

Please take the following advice for the future:

I had not only to fix a minor sec flaw in your code. I had to refactor it heavily, especially moving a piece of code you used over and over without putting that into a method, which I did. Prob you had trouble doing so. I had them too but with a bit google-fu that issue was easily solvable or you got lazy, which doesn't fit your description though.

I am aware that you linked to this repo on your company's website. Dear future reader: People develop and they their code. The CV of kroketio is impressive, despite this minor issue.

Good luck! I wish a great time and business.