Login with generic oauth feature #289
Conversation
|
Thanks for submitting this, @ketudb! This looks really good so far, and will make a great addition to WriteFreely! Just one thing that stands out so far -- we'll need to add Connect / Disconnect buttons to the Account Settings page. This functionality was added in #243 and originally left out of my tutorial, but I've just updated it. Once you get that part in, we'll do a full review. |
Thanks!
Sure, I'll bounce back to that. How would you feel about that being optional, with the context that in some circumstances that it could be the required way of logging in? |
I'm absolutely open to that. Off the top of my head, I think it'd still be worth indicating that the account is connected in the UI, but just preventing people from disconnecting it. What do you think? Also, I'm not sure if this'll require reworking normal username / password auth. If so, generally speaking, I'd just say that fewer configuration fields == better. |
Hmm... yeah that makes sense. I'll have to dig into this again once I rebuild my dev instance.
I do agree with you! I mostly see the use-case here is being SSO with Keycloak etc, which is the use-case I'm testing this change for/intend to use it for. |
|
Thanks for this PR @ketudb! |
|
This is superseded by #317 -- closing this, and we'll finish up there. |
This aims to add a configurable, generic OAuth client module, so that it can be used with things like Keycloak etc, without needing a separate OAuth client configuration for every provider.
It adds the following ini settings under
oauth.generic:client_id,client_secret,CallbackProxy,CallbackProxyAPIas usualhost: The hostname/base URL for the oauth serverdisplay_name: The display name (defaults to "OAuth")token_endpoint,inspect_endpoint,auth_endpointwhich will all be different depending on the oauth implementation.