angrycuban13
commented
2 years ago I don't think this will be possible as this prevents the Plex token from being grabbed - however the development team will let you know.
Closed Jriyuu closed 2 years ago
angrycuban13
commented
2 years ago I don't think this will be possible as this prevents the Plex token from being grabbed - however the development team will let you know.
Jriyuu
commented
2 years ago I don't think this will be possible as this prevents the Plex token from being grabbed - however the development team will let you know.
I'm not a dev so please forgive, just like to understand more, but i'm not sure how allowing proxy user auth would stop Plex token? maybe my description is wrong User logs into Authelia (Handles Auth and redirects to petio with would auto login as a custom user created in petio My guess would if no custom user exists it would show the normal petio login screen
ADRFranklin
commented
2 years ago So when a user login to Petio, they have the option of logging in by plex, which makes a request to plex to grab the plex token, Authelia does not provide a username/password combination to make the request to plex to get that token.
That token is required for us to get the data from plex in order to allow verifying the account is owned by you. This is the main reason we cannot support Authelia until they have a better system in place. Right now Authelia sends us headers that contain only the username/email of the user, but there is no way to verify that Authelia was the one that sent them, and not a malicious user, and the idea that we are expected to trust random headers, is a huge security flaw.
So this is why currently we can not support them.
Jriyuu
commented
2 years ago So when a user login to Petio, they have the option of logging in by plex, which makes a request to plex to grab the plex token, Authelia does not provide a username/password combination to make the request to plex to get that token.
That token is required for us to get the data from plex in order to allow verifying the account is owned by you. This is the main reason we cannot support Authelia until they have a better system in place. Right now Authelia sends us headers that contain only the username/email of the user, but there is no way to verify that Authelia was the one that send them, and not a malicious user, and the idea that we are expected to trust random header files, is a huge security flaw.
So this is why currently we can not support them.
Thanks for getting back to me :)
Is your feature request related to a problem? Please describe. No.
Describe the solution you'd like Would like proxy auth to auto login as a user in petio Believe it is authResponseHeader - remote-user
eg, User logs into Authelia on successful login petio logs in as that user.