search

syncloud / platform

Run popular services on your device with one click
https://syncloud.org
GNU General Public License v3.0
400 stars 40 forks source link

[platform] add Oauth2 #496

Open klmhsb42 opened 4 years ago

klmhsb42 commented 4 years ago

Is there possibility of configuration, that if you are signed into one app, that you are also signed into all other apps and same if you sign out? I know you can just rememeber your password in the browser, but you have always to press sign in every time.

You don't need to add this to Syncloud, if you don't want to. I would be just interested to know a way for own purpose. In best case, like a configuration, which you have to change one time and which is not affected by updates...

cyberb commented 4 years ago

What we have right now is Single Sign On (SSO) implemented using LDAP as a central (on device) credential storage for all device apps.

I think what you are describing is password-less authentication to multiple apps after you login at some central location. This can be achieved using Oauth2, for example device UI can issue tokens to apps so you can access them as long as they are active/you session is active with device. In this case you only need to login to the device UI. For that we need to switch from using LDAP integration in apps to Oauth2 which requires more UI interactions.

https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2

I think we need to add Oauth2 at some point with LDAP as a fallback option.

klmhsb42 commented 3 years ago

Might be useful https://www.shibboleth.net/products/

cyberb commented 6 months ago

I have tested authelia on few apps like transmission which do not have any authentication at all and it looks very impressive by showing its own login page. Also it supports oidc/oauth2 so probably the next step is to use it on platform level and on a dedicated dns like auth.device.tld. Then we could start integrating apps. Currently I am looking at peertube which pushes me to do this.