Open nogweii opened 6 years ago
nogweii
commented
6 years ago @degan6 would you be willing to modify the work you've done in #558 to support generic configuration rather than being Facebook and Google specific? That way it allows each person running an instance to decide who to trust based off .env.
asbiin
commented
4 years ago We should do SAML authentication also, see #3981
the-provost
commented
4 years ago Hey, can we make an oauth2 login system with passport and socialite? If I could get a clear picture of the requirement, I'd love to work on it myself.
asbiin
commented
4 years ago @the-provost That would be great indeed! Would you consider work on that? Thanks!
the-provost
commented
4 years ago Absolutely. Just give me the list of items I should check off and I'll work on it.
I'm thinking login with Google, Facebook, Twitter and linkedin.
asbiin
commented
4 years ago On key-feature is: the list of provider must be customizable per instance. I'm not sure everyone will like to integrate Google or Facebook on their instance (like our official instance?), so we have to make the list env-dependent.
I'll add "Github" to this list.
fullstackpotato
commented
3 years ago Can I just add my support for @nogweii 's request for a generic implementation? People who self-host like myself already run an OAuth provider on our systems through something like Keycloak, thus a generic approach ti OAuth would be very much welcome.
Ryonez
commented
3 years ago Can I just add my support for @nogweii 's request for a generic implementation? People who self-host like myself already run an OAuth provider on our systems through something like Keycloak, thus a generic approach ti OAuth would be very much welcome.
Very much so this. I use Keycloak myself, and I know Authelia is pretty popular as well.
tomlawesome
commented
2 years ago Another user here that hosts their own oAuth provider and would not want to include any social/external logins, as my services are intended for pre-registered users only.
mmalyska
commented
2 years ago So, is this topic dead? I'm using Keycloak(OpenID Connect) myself and would like to use it instead creating new login/password.
pmdevita
commented
1 year ago Did a little bit of testing to see what would be involved to do this. I think we can use Laravel Socialite for this, I was able to get the login flow working for it but the real problem will be connecting it to an account.
It looks like the user table needs to be changed to allow for this. I think the password field needs to be nullable because these users won't have one, and we need to add two fields, one for the name of the Socialite provider, and another for their ID on that provider.
Once we authenticate through Socialite, we need to check if the user exists. If they don't, we need to register them. We can use the same template register.blade.php, we just need to put the password fields behind a flag. If they do exist, we then manually authenticate them with their matching user.
We also need to make some adjustments to the login page, like adding a button to login with one of the enabled Socialite providers. We probably need to figure out how we want users to configure that and what providers should get added in the production builds.
While this will open up Monica to authentication through all Socialite providers, no one has made an OpenID provider yet. So we also need to do that. If someone else can take that up, you might find this to be a useful example https://github.com/jumbojett/OpenID-Connect-PHP. You can also find some help here https://socialiteproviders.com/contribute/#creating-a-provider
itzteajay-glitch
commented
4 weeks ago Any chance OpenID has been taken up? I'd love to leverage it for my use case.
A rephrasing of the now-closed #558. And a reincarnation of #39.
As a user, I would like to be able to log in with a 3rd-party identity provider and not have to maintain yet another username and password credential pair.
This is probably only going to be useful for self-hosted installations -- they can decide who they trust. For the publicly hosted version, I don't know of many OAuth2 providers that has broad community trust. (Mozilla's Firefox Accounts maybe? I don't even know if 3rd parties can use it. Gitlab and/or Github as well?)
If support is implemented in a generic fashion, then users can spin up their own OAuth2 providers (RedHat's KeyCloak, a self-hosted Gitlab instance, there are many other projects.) and trust those.