[Feature] OIDC Authentication

[CrazyWolf13]

I have searched the existing feature requests to make sure this is not a duplicate request.

• Yes

The feature

This project looks awesome, do you plan on adding support for authentik (OIDC) which is a general protocol, that allows the use of external authentication and user creation?

[johanohly]

I am not sure this is in scope for this project, but if enough people are interested, I'll obviously reconsider.

From what I understand, Authentik can act as a oauth provider?
I am a bit confused about the external user creation, which is definitely out of scope.

For authentication AirTrail uses lucia-auth, which in turn supports arctic, which in turn supports Authentik as a oauth provider.
If this feature is added, it will probably be in the form of supporting Authentik as an oauth provider, or maybe custom oauth providers.

EDIT: After further research, I can definitely see the appeal of also allowing creation of users authenticated via oauth (optional).

[CrazyWolf13]

Yes correct, I get that this may be a little out of scope, however consider the following:

The main goal of authentication providers like authentik, authelia, keycloak, is to get a dedicated auth management, for example once you set up integration via authentik, for example through SAML, OIDC or proxy auth, you can just visit the page, for example jellyfin, plex, bookstack, and you can click sign in via authentik, and you are automatically signed in with your account, this massively reduces times you need to sign in again, and also improves security, due to 2FA and even physical keys being enabled to log-into authentik.

Oh so OIDC/oath would be supported through lucia, that sounds awesome!

Otherwise oauth implementation was mostly kinda just adding a package for oidc, then baking the variables into UI/Conf, but I haven't yet looked at the code that much.

EDIT: Mostly External user creation was then just handled by that oidc/oath package/plugin.

[johanohly]

After reading up on OIDC and IAM's a bit, I can definitely see the appeal.
I have started working on this in #47!

[CrazyWolf13]

Awesome!

Thanks :)

[johanohly]

Added in v0.2.0 🎉

[CrazyWolf13]

Awesome! Thankss!

[johanohly]

No worries, I actually enjoyed learning about the OIDC flow. And now I have my own selfhosted IDP :)

[CrazyWolf13]

Hahaha awesome :)
Yeah once I heard about it I knew I had to promote this awesome protocol :)