ibotty
commented
2 years ago We'd also like this functionality.
Open jonkerj opened 2 years ago
ibotty
commented
2 years ago We'd also like this functionality.
adrha
commented
2 years ago I've just disabled the public registration on the frontend, which hides the signup but you should still be able to log-in via OIDC, including account-generation if it doesn't exist yet. Maybe it's even possible to modify the nginx-proxy to block requests from external onto the signup-API controller.
Long time user(s) of taiga-contrib-openid-auth here. Our use case is a self hosted Taiga in an enterprise environment. We only want OIDC users to be able to access Taiga due to security and compliancy constraints.
We have one issue we'd like to address, however: the OIDC plugin insists on having
PUBLIC_REGISTER_ENABLED, which makes it possible for users to create local (non-OIDC) accounts in Taiga. We think this requirement is (from a Taiga backend point of view) not necessary and wonder if a PR removing this dependency has any chance to get accepted. Or, if there are other options to make TCOA fit our use case.In the meanwhile, we have worked around the issue by L7-blocking (through Kubernetes ingress) API access to registration.