search

sandstorm-io / sandstorm

Sandstorm is a self-hostable web productivity suite. It's implemented as a security-hardened web app package manager.
https://sandstorm.io
Other
6.72k stars 707 forks source link

Question: Can I add a custom OAuth provider? #3074

Open spyjoshx opened 6 years ago

spyjoshx commented 6 years ago

ATM, there doesn't seem to be any easy way to setup a custom login system without using SAML or LDAP (which look pretty large and hard to configure). I know Sandstorm already has support for OAuth login providers (Google, Github). I wonder if there is a way that Administrators could set up a custom OAuth provider (e.g. for use in an organization).

ocdtrekkie commented 6 years ago

There's currently no way to do it without forking Sandstorm and modifying it yourself. Presumably you'd need to modify Sandstorm everywhere that GitHub or Google logins are mentioned/referenced. Sandstorm closely follows Meteor's existing accounts system and the packages available that plug into it. Sandstorm doesn't have it's own OAuth code: It uses accounts-google and accounts-github from Meteor: https://github.com/meteor/meteor/tree/devel/packages/

FWIW, https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps is probably a lot more straightforward than modifying Sandstorm for additional login providers.

spyjoshx commented 6 years ago

Thanks a lot! This would be a nice feature to implemented eventually though...

On Fri, May 25, 2018 at 6:08 PM, Jacob Weisz notifications@github.com wrote:

There's currently no way to do it without forking Sandstorm and modifying it yourself. Presumably you'd need to modify Sandstorm everywhere that GitHub or Google logins are mentioned/referenced. Sandstorm closely follows Meteor's existing accounts system and the packages available that plug into it.

FWIW, https://www.digitalocean.com/community/tutorials/how-to- install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps is probably a lot more straightforward than modifying Sandstorm for additional login providers.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sandstorm-io/sandstorm/issues/3074#issuecomment-392200062, or mute the thread https://github.com/notifications/unsubscribe-auth/AYu_gEb3DjKHCR7iSrwEDjFnuVcyj0X_ks5t2IDwgaJpZM4UOnrq .

-- NEVER OPEN LINKS IN EMAILS WITHOUT VERIFYING THEM FIRST! Information about you can easily be gathered by following a link to a disreputable website!

ocdtrekkie commented 6 years ago

@spyjoshx I agree, though I believe the reason Kenton was pretty hesitant to just start dumping login methods/providers in is that users could forget which one they used if too many were available. (I've seen this with people I've shared stuff with.) And unfortunately, there's no way to add a Meteor login package on the fly, I believe.

ghltshubh commented 6 years ago

But we can at least have an option if we want to host our own instance.