New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add basic OIDC integration with locally setup Authentik #1805

Open

kmoy1 wants to merge 1 commit into wger-project:master from kmoy1:OIDCSupport

Contributor

kmoy1 commented Nov 1, 2024 •

edited

Loading

NOTE: Since this requires local manual setup of an OIDC IDP, this should not be merged into master but into its own branch (e.g. 'OIDC').

Addresses #1797

Proposed Changes

Added a very basic form of OIDC Authentication support, by adding a "Login with Authentik" button to the Login page. It will authenticate with another (locally) spun-up Authentik IDP server, instead of requiring username/password combo. It will use the email of the user instead.

Please check that the PR fulfills these requirements

[] Tests for the changes have been added (for bug fixes / features) - not sure how to test this, because this code review requires manual setup of an OAuth2 provider.
Added yourself to AUTHORS.rst

Other questions

Do users need to run some commmands in their local instances due to this PR
(e.g. database migration)?

Yes. Users need to spin up an Authentik application of their own and then set these environment variables in the Django app (or hardcode them in settings_global.py: not recommended), values of which are provided by Authentik.

OIDC_RP_CLIENT_ID
OIDC_RP_CLIENT_SECRET
OIDC_OP_AUTHORIZATION_ENDPOINT
OIDC_OP_TOKEN_ENDPOINT
OIDC_OP_USER_ENDPOINT
OIDC_OP_JWKS_ENDPOINT

They also need to set
OIDC_RP_SIGN_ALGO=RS256


          Add basic OIDC integration with locally setup Authentik

6c5c981

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet