Open dfsek opened 11 months ago
Hey! Yeah, some kind of SSO, probably via OIDC, would be nice and is certainly on the roadmap. As I see it there are a couple approaches:
I feel like approach 1 is probably going to be the best option, although approach 3 would be pretty cool.
I personally think the first option is ideal. Already, Minecraft username is separate from drasl login name, this would also match how MC username is separate from Microsoft/Mojang email/userid. It'd also allow people to change their usernames in SSO-managed accounts. Also, I do agree that OIDC would be the best option.
Additionally, an option to migrate/link existing accounts/usernames on first sign-in to SSO would be awesome! Perhaps on first SSO sign-in, if there are non-SSO accounts, there is an option to sign in with the "local" account, if that is done the user data is transferred from the local account and then the local account is deleted. That is definitely not essential, though. Could just make everyone recreate their accounts haha.
Hi! I am currently using this behind oauth2-proxy with Keycloak, but would love the ability to integrate directly with OpenID Connect, SAML, or plain old LDAP.