Closed weaversam8 closed 6 months ago
Great idea. Adding an auth method that relies on HTTP Headers should be straight forward. To make this even more flexible the headers should be completly configurable.
Which Idenity Providers do support this nowadays? I know authentik does.
See #95 for a crack at solving this problem.
OtterWiki currently authenticates users based on the sqlite database it maintains. If hosted in a corporate environment, it may be beneficial to install a reverse-proxy that handles authentication (with SSO, etc...) and then grants the user access to the wiki.
This is technically possible today, but you lost the semantics of tracking which user is editing the wiki. I'd like to propose a configuration option that would allow OtterWiki to use values provided by trusted HTTP headers instead. Maybe something like:
X-OtterWiki-Email
- The email address of the userX-OtterWiki-Username
- The "name" of the user attached to the commitX-OtterWiki-Role
- The role of the user, to control access.