Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Single Sign-on #39

Open
dfsek opened this issue Dec 16, 2023 · 3 comments
Open

Single Sign-on #39

dfsek opened this issue Dec 16, 2023 · 3 comments
Labels
enhancement New feature or request high priority major feature
Milestone
3.0.0

Comments

@dfsek
Copy link

dfsek commented Dec 16, 2023

Hi! I am currently using this behind oauth2-proxy with Keycloak, but would love the ability to integrate directly with OpenID Connect, SAML, or plain old LDAP.
@evan-goode
Copy link
Member

Hey! Yeah, some kind of SSO, probably via OIDC, would be nice and is certainly on the roadmap. As I see it there are a couple approaches:

  1. Have the registration page locked behind SSO. After signing into to SSO, the user can pick a Minecraft username and their Drasl account will be created. The Minecraft launchers will still only do password authentication, so a "Minecraft password" will be randomly generated and can be viewed in the web interface. To log in to the game, the user must paste this password into their Minecraft launcher.
  2. Alternatively, new users can log in to the web interface directly via SSO without visiting the "registration" page. Their account username is provided by SSO provider. Minecraft usernames are limited to 16 characters (and have some additional restrictions) so this approach might not be ideal.
  3. Ideally, users wouldn't need to worry about a "Minecraft password", they would just be able to log in to the launcher through the OAUTH2 identity provider, like how MSA login works now. This would require substantial work to implement on the launcher side.

I feel like approach 1 is probably going to be the best option, although approach 3 would be pretty cool.

@dfsek
Copy link
Author

dfsek commented Jan 28, 2024
edited
Loading

I personally think the first option is ideal. Already, Minecraft username is separate from drasl login name, this would also match how MC username is separate from Microsoft/Mojang email/userid. It'd also allow people to change their usernames in SSO-managed accounts. Also, I do agree that OIDC would be the best option.

@dfsek
Copy link
Author

dfsek commented Jan 28, 2024

Additionally, an option to migrate/link existing accounts/usernames on first sign-in to SSO would be awesome! Perhaps on first SSO sign-in, if there are non-SSO accounts, there is an option to sign in with the "local" account, if that is done the user data is transferred from the local account and then the local account is deleted. That is definitely not essential, though. Could just make everyone recreate their accounts haha.

@evan-goode evan-goode mentioned this issue Sep 6, 2024
Closed
7 tasks
@evan-goode evan-goode added this to the 3.0.0 milestone Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request high priority major feature
Projects
None yet
Milestone
3.0.0
Development

No branches or pull requests
2 participants
@evan-goode @dfsek