OAuth Client - SSO Support

[bhartshorn]

Is your feature request related to a problem? Please describe. We already have an existing authoritative authentication platform - in our case Keycloak. I don't want to maintain two user databases or deal with synchronizing them. Keycloak and other auth platforms generally have more features and customizability.

Describe the solution you'd like I think MemberMatters should have OAuth2/OIDC client support, allowing to authenticate against other platforms.

Describe alternatives you've considered I'm looking in to "daisy chaining" Keycloak against MemberMatters, which would make MemberMatters the authoritative platform and Keycloak a "man in the middle" which allows creating app roles, group assignments, customizing OAuth options, etc. I have not yet tried this at all, and I'm mostly worried about the user interaction impacts.

I'm also considering cutting out Keycloak entirely and just using MemberMatters. I need to dig in a little deeper to see if it supports the features I need - app roles especially, we assign roles in Dokuwiki and Nextcloud based on group membership and app roles in Keycloak.

Additional context We tried out Tendenci before (probably) settling on MemberMatters. Tendenci supports using OAuth client using Authlib: https://docs.authlib.org/en/latest/client/django.html

I am not deeply familiar with MemberMatters but have starting exploring the code. With a bunch of support, I might be able to contribute this feature.

[bhartshorn]

An alternative solution could be to use something like https://oauth2-proxy.github.io/oauth2-proxy/ and simply accept the X-Auth-Request-User and related headers in MemberMatters.