successible / cleanslate

☀️ Track food without judgment
https://cleanslate.sh
Apache License 2.0
86 stars 8 forks source link

OAuth/OpenID or Header Authentication support #214

Open Pr0mises opened 2 weeks ago

Pr0mises commented 2 weeks ago

Hey, thank you for this awesome project.

Would it be possible to add OAuth/OpenID or header authentication support so people could e.g. use their existing Authentik instance for user handling? I think that would a reasonable approach as Authentik/Authelia etc is getting pretty popular and people (like me), just want to use selfhosted applications and not depend on google.

Also I'm actually not really happy with the current authentication approach using firebase (meh google) and using one token. I'd like to have another decoupled security layer (Authentik + 2FA) infront of my public applications without authenticate twice.

Again thank you for this awesome project, keep it going.

paulzakin commented 2 weeks ago

Hey!

I am pretty swamped right now, so I will not be implementing any additional authentication protocols myself right now. Happy to accept PRs though!

If you are technically inclined and do want to take a look, the authentication server is a really basic Node.js (Express.js) server in one file: https://github.com/successible/cleanslate/blob/main/src/server.ts

paulzakin commented 2 weeks ago

It is also possible this is a very easy lift with a Node library and it will not take me very long, and thus I will do it. I’m just not sure! So any information you can provide here would be very useful for orienting myself to this task.

Pr0mises commented 2 weeks ago

Thank you for your answer. I haven't done much with js and ts but I'll do some research and check some examples to at least provide information.

I already found express oauth/openid modules, so it should be rather easy

Edit: Link: https://github.com/auth0/express-openid-connect

paulzakin commented 2 weeks ago

Ok, I looked at that link. It is a good first step! However, the documentation for that is a bit sparse - what I need most is Authentik/Authelia integration guidelines, as that library heavily features Auth0

Pr0mises commented 2 weeks ago

The integration for auth0, authentik, authelia, keycloak etc should be the same. All need a generic OAuth2 or an Open ID connect. I gonna try to implement something, looks pretty simple. Maybe it's even possible to use the existing JWT for it

paulzakin commented 2 weeks ago

Go for it!