Skip to content

[wip] - Use msal OIDC #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 48 commits into
base: main
Choose a base branch
from
Draft

[wip] - Use msal OIDC #153

wants to merge 48 commits into from

Conversation

ReneHezser
Copy link
Contributor

Work in progress

ReneHezser and others added 30 commits October 9, 2025 10:37
@ReneHezser
adds msal, version to 1.2.0
aa5a2ae
@dependabot
Bump peter-evans/dockerhub-description from 4 to 5 in /.github/workflows
af6fc73 
Bumps [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) from 4 to 5.
- [Release notes](https://github.com/peter-evans/dockerhub-description/releases)
- [Commits](peter-evans/dockerhub-description@v4...v5)

---
updated-dependencies:
- dependency-name: peter-evans/dockerhub-description
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump python from 3.13.7-alpine3.22 to 3.14.0-alpine3.22 in /docker
7b715af 
Bumps python from 3.13.7-alpine3.22 to 3.14.0-alpine3.22.

---
updated-dependencies:
- dependency-name: python
  dependency-version: 3.14.0-alpine3.22
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump actions/setup-python from 5 to 6 in /.github/workflows
2863309 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump node from 24.6-alpine to 24.10-alpine in /docker
40917c8 
Bumps node from 24.6-alpine to 24.10-alpine.

---
updated-dependencies:
- dependency-name: node
  dependency-version: 24.10-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump stylelint-config-standard-scss from 15.0.1 to 16.0.0 in /ui2
f6ad97c 
Bumps [stylelint-config-standard-scss](https://github.com/stylelint-scss/stylelint-config-standard-scss) from 15.0.1 to 16.0.0.
- [Release notes](https://github.com/stylelint-scss/stylelint-config-standard-scss/releases)
- [Changelog](https://github.com/stylelint-scss/stylelint-config-standard-scss/blob/main/CHANGELOG.md)
- [Commits](stylelint-scss/stylelint-config-standard-scss@v15.0.1...v16.0.0)

---
updated-dependencies:
- dependency-name: stylelint-config-standard-scss
  dependency-version: 16.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump rich from 14.1.0 to 14.2.0
f3b6366 
Bumps [rich](https://github.com/Textualize/rich) from 14.1.0 to 14.2.0.
- [Release notes](https://github.com/Textualize/rich/releases)
- [Changelog](https://github.com/Textualize/rich/blob/master/CHANGELOG.md)
- [Commits](Textualize/rich@v14.1.0...v14.2.0)

---
updated-dependencies:
- dependency-name: rich
  dependency-version: 14.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump @mantine/form from 8.2.7 to 8.3.4 in /ui2
e35b92f 
Bumps [@mantine/form](https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form) from 8.2.7 to 8.3.4.
- [Release notes](https://github.com/mantinedev/mantine/releases)
- [Changelog](https://github.com/mantinedev/mantine/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mantinedev/mantine/commits/8.3.4/packages/@mantine/form)

---
updated-dependencies:
- dependency-name: "@mantine/form"
  dependency-version: 8.3.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump react-i18next from 15.7.2 to 16.0.0 in /ui2
e698b22 
Bumps [react-i18next](https://github.com/i18next/react-i18next) from 15.7.2 to 16.0.0.
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/react-i18next@v15.7.2...v16.0.0)

---
updated-dependencies:
- dependency-name: react-i18next
  dependency-version: 16.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump @storybook/react from 9.1.3 to 9.1.10 in /ui2
f13007b 
Bumps [@storybook/react](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/react) from 9.1.3 to 9.1.10.
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v9.1.10/code/renderers/react)

---
updated-dependencies:
- dependency-name: "@storybook/react"
  dependency-version: 9.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump @vitejs/plugin-react from 5.0.1 to 5.0.4 in /ui2
6af1e43 
Bumps [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) from 5.0.1 to 5.0.4.
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/[email protected]/packages/plugin-react)

---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 5.0.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump @testing-library/jest-dom from 6.6.4 to 6.9.1 in /ui2
75f78a1 
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 6.6.4 to 6.9.1.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md)
- [Commits](testing-library/jest-dom@v6.6.4...v6.9.1)

---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
  dependency-version: 6.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@ReneHezser
Merge pull request #67 from ReneHezser/dependabot/npm_and_yarn/ui2/te…
0cd149e 
…sting-library/jest-dom-6.9.1

Bump @testing-library/jest-dom from 6.6.4 to 6.9.1 in /ui2
@ReneHezser
Merge pull request #66 from ReneHezser/dependabot/npm_and_yarn/ui2/vi…
5f6e3af 
…tejs/plugin-react-5.0.4

Bump @vitejs/plugin-react from 5.0.1 to 5.0.4 in /ui2
@ReneHezser
Merge pull request #65 from ReneHezser/dependabot/npm_and_yarn/ui2/st…
83f6c54 
…orybook/react-9.1.10

Bump @storybook/react from 9.1.3 to 9.1.10 in /ui2
@ReneHezser
Merge pull request #64 from ReneHezser/dependabot/npm_and_yarn/ui2/re…
a1da552 
…act-i18next-16.0.0

Bump react-i18next from 15.7.2 to 16.0.0 in /ui2
@ReneHezser
Merge pull request #63 from ReneHezser/dependabot/npm_and_yarn/ui2/ma…
74373e7 
…ntine/form-8.3.4

Bump @mantine/form from 8.2.7 to 8.3.4 in /ui2
@ReneHezser
Merge pull request #62 from ReneHezser/dependabot/pip/rich-14.2.0
613e39e 
Bump rich from 14.1.0 to 14.2.0
@dependabot
Bump @ianvs/prettier-plugin-sort-imports from 4.6.1 to 4.7.0 in /ui2
67c146d 
Bumps [@ianvs/prettier-plugin-sort-imports](https://github.com/ianvs/prettier-plugin-sort-imports) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/ianvs/prettier-plugin-sort-imports/releases)
- [Changelog](https://github.com/IanVS/prettier-plugin-sort-imports/blob/main/CHANGELOG.md)
- [Commits](IanVS/prettier-plugin-sort-imports@v4.6.1...v4.7.0)

---
updated-dependencies:
- dependency-name: "@ianvs/prettier-plugin-sort-imports"
  dependency-version: 4.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump pytest from 8.4.1 to 8.4.2
d5dc770 
Bumps [pytest](https://github.com/pytest-dev/pytest) from 8.4.1 to 8.4.2.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@8.4.1...8.4.2)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 8.4.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@ReneHezser
Merge pull request #61 from ReneHezser/dependabot/pip/pytest-8.4.2
61122c6 
Bump pytest from 8.4.1 to 8.4.2
@dependabot
Bump i18next from 25.4.2 to 25.5.3 in /ui2
393437c 
Bumps [i18next](https://github.com/i18next/i18next) from 25.4.2 to 25.5.3.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](i18next/i18next@v25.4.2...v25.5.3)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.5.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump pydantic-settings from 2.10.1 to 2.11.0
897e83c 
Bumps [pydantic-settings](https://github.com/pydantic/pydantic-settings) from 2.10.1 to 2.11.0.
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@2.10.1...v2.11.0)

---
updated-dependencies:
- dependency-name: pydantic-settings
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@ReneHezser
Merge pull request #60 from ReneHezser/dependabot/npm_and_yarn/ui2/ia…
c10894f 
…nvs/prettier-plugin-sort-imports-4.7.0

Bump @ianvs/prettier-plugin-sort-imports from 4.6.1 to 4.7.0 in /ui2
@ReneHezser
Merge pull request #59 from ReneHezser/dependabot/pip/pydantic-settin…
5a34b52 
…gs-2.11.0

Bump pydantic-settings from 2.10.1 to 2.11.0
@ReneHezser
Merge pull request #58 from ReneHezser/dependabot/npm_and_yarn/ui2/i1…
ab32ab7 
…8next-25.5.3

Bump i18next from 25.4.2 to 25.5.3 in /ui2
@ReneHezser
Merge pull request #56 from ReneHezser/dependabot/npm_and_yarn/ui2/st…
ee99138 
…ylelint-config-standard-scss-16.0.0

Bump stylelint-config-standard-scss from 15.0.1 to 16.0.0 in /ui2
@dependabot
Bump fastapi from 0.116.1 to 0.118.2
09d61a4 
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.116.1 to 0.118.2.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.116.1...0.118.2)

---
updated-dependencies:
- dependency-name: fastapi
  dependency-version: 0.118.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@ReneHezser
Merge pull request #57 from ReneHezser/dependabot/pip/fastapi-0.118.2
ebd3c71 
Bump fastapi from 0.116.1 to 0.118.2
@dependabot
Bump vite in /ui2 in the npm_and_yarn group across 1 directory
ca5375c 
Bumps the npm_and_yarn group with 1 update in the /ui2 directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `vite` from 7.1.3 to 7.1.5
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
ReneHezser and others added 17 commits October 10, 2025 09:09
@ReneHezser
Merge pull request #54 from ReneHezser/dependabot/npm_and_yarn/ui2/np…
d025a37 
…m_and_yarn-f5c1666f0c

Bump vite from 7.1.3 to 7.1.5 in /ui2 in the npm_and_yarn group across 1 directory
@dependabot
Bump pyyaml from 6.0.2 to 6.0.3
dc01135 
Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/6.0.3/CHANGES)
- [Commits](yaml/pyyaml@6.0.2...6.0.3)

---
updated-dependencies:
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@ReneHezser
Merge pull request #53 from ReneHezser/dependabot/pip/pyyaml-6.0.3
0b6f567 
Bump pyyaml from 6.0.2 to 6.0.3
@dependabot
Bump pytest-env from 1.1.5 to 1.2.0
89d2efb 
Bumps [pytest-env](https://github.com/pytest-dev/pytest-env) from 1.1.5 to 1.2.0.
- [Release notes](https://github.com/pytest-dev/pytest-env/releases)
- [Commits](pytest-dev/pytest-env@1.1.5...1.2.0)

---
updated-dependencies:
- dependency-name: pytest-env
  dependency-version: 1.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@ReneHezser
Merge pull request #51 from ReneHezser/dependabot/pip/pytest-env-1.2.0
b99b0dd 
Bump pytest-env from 1.1.5 to 1.2.0
@ReneHezser
Merge pull request #47 from ReneHezser/dependabot/github_actions/dot-…
01d048b 
…github/workflows/peter-evans/dockerhub-description-5

Bump peter-evans/dockerhub-description from 4 to 5 in /.github/workflows
@ReneHezser
Merge pull request #48 from ReneHezser/dependabot/docker/docker/pytho…
3750d47 
…n-3.14.0-alpine3.22

Bump python from 3.13.7-alpine3.22 to 3.14.0-alpine3.22 in /docker
@ReneHezser
Merge pull request #49 from ReneHezser/dependabot/github_actions/dot-…
0e77986 
…github/workflows/actions/setup-python-6

Bump actions/setup-python from 5 to 6 in /.github/workflows
@ReneHezser
Merge pull request #50 from ReneHezser/dependabot/docker/docker/node-…
e04aae7 
…24.10-alpine

Bump node from 24.6-alpine to 24.10-alpine in /docker
@dependabot
Bump typer from 0.16.1 to 0.19.2
6ec80f8 
Bumps [typer](https://github.com/fastapi/typer) from 0.16.1 to 0.19.2.
- [Release notes](https://github.com/fastapi/typer/releases)
- [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md)
- [Commits](fastapi/typer@0.16.1...0.19.2)

---
updated-dependencies:
- dependency-name: typer
  dependency-version: 0.19.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@ReneHezser
Merge pull request #55 from ReneHezser/dependabot/pip/typer-0.19.2
d9eee41 
Bump typer from 0.16.1 to 0.19.2
@ReneHezser
adds msal, version to 1.2.0
6bad533
@ReneHezser
Merge branch 'use-msal-oidc' of https://github.com/ReneHezser/auth-se…
07b0a6c 
…rver into use-msal-oidc
@ReneHezser
updates
a09e5dd
@ReneHezser
updates
e5c1d0d
@ReneHezser
Merge branch 'main' into use-msal-oidc
bc8ccd7
@ReneHezser
Changelog, postgres image, updates
075442d
@ciur
Copy link
Member

ciur commented Oct 17, 2025
edited
Loading

Are you sure you want to change the auth-server to use OIDC?

My idea is to keep the auth-server as minimal as possible — basic password-based authentication should be enough.

Of course, there are many other authentication options: OIDC (with different providers), LDAP, and so on — each with its own setup and requirements. Instead of putting all these options into a single component (the auth-server), we can separate them by creating an auth-free core Docker image, for example papermerge:3.5-sso, and then build custom Docker images for specific authentication methods.

For instance, if you want to use Entra authentication, you could create your own entra-auth container that includes the Entra-specific backend logic (in Go, for example) and use it together with the generic auth-free papermerge:3.5-sso Docker image.
The beauty of this approach is that you are free to write your own authentication component, the way you want and in what you want, without centralized reviews.
papermerge:<version>-sso is a docker image which contains only papermerge-core repository without auth-server or any other auth related components features. This image is not there yet (I will create one soon, as I am planing also to implement my custom SSO component).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ReneHezser @ciur