OpenID Connect Support for Plane🔥 🔥 🔥 Open Source JIRA, Linear and Height Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
This PR closes https://github.com/makeplane/plane/pull/1319 because it was more work to pull the current develop branch into the old branch than to just rebase the code from it into this one.
I tried to clean up the commit as good as possible.
This PR enables Authentication via OpenID Connect for Self-Hosted Instances. It can be configured via the Environment Variables (here it is also possible to do a Autodiscovery for the Endpoints if you set the issuer) or via the new God-Mode.
It also enables Auto-SignIn for OIDC so that the users don't have to click anything and are redirected directly if they aren't signed in yet. This can also be switched on or off via the God-Mode Interface.
Futhermore it also implements to be logged out to the End-Session Endpoint of the OpenID Provider.
It matches the user based on the email address. If a new user is created the username is set based on the preferred_username from the Identity Provider.
It has proven to work with Authentik and Keycloak.
This PR is a replica of https://github.com/makeplane/plane/pull/3341 because a merge was not allowed.
This PR closes https://github.com/makeplane/plane/pull/1319 because it was more work to pull the current develop branch into the old branch than to just rebase the code from it into this one. I tried to clean up the commit as good as possible. This PR enables Authentication via OpenID Connect for Self-Hosted Instances. It can be configured via the Environment Variables (here it is also possible to do a Autodiscovery for the Endpoints if you set the issuer) or via the new God-Mode. It also enables Auto-SignIn for OIDC so that the users don't have to click anything and are redirected directly if they aren't signed in yet. This can also be switched on or off via the God-Mode Interface. Futhermore it also implements to be logged out to the End-Session Endpoint of the OpenID Provider.
It matches the user based on the email address. If a new user is created the username is set based on the preferred_username from the Identity Provider.
It has proven to work with Authentik and Keycloak.