-
-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSO support (OAuth2/OIDC, LDAP) #2379
Comments
In particular, being able to login through the Fediverse would be a good start. A combination of Mastodon OAuth and Django OAuth Toolkit would do this. |
I've built docker files to allow https://v.st/ to run mastodon, matrix, pixelfed, hedgedocs, grafana, and gitea with a common SSO and would like to also support bookwyrm. It seems that every one of those uses a different implementation language and framework for user auth, so... yeah, it's just a simple matter of programming. It looks like django has a OIDC interface that might be possible to integrate with the login flow: https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html#quick-start |
I have hacked together a draft pull request that enables SSO and works with my keycloak configuration #2464 |
The patches now support assigning roles via Keycloak, so it is now possible to administer the system via SSO created accounts. The PR is ready for deeper review from someone more familiar with django and the rest of the bookwyrm code tree. |
How is the state of this? I would love to run a BookWyrm instance which can authenticate with my local Keycloak installation. |
Is your feature request related to a problem? Please describe.
Managing users for a server which provides multiple services (Mastodon, Matrix, bookwyrm) gets tedious without a central user store. This can be solved by using exactly that and simplifying login using SSO.
Describe the solution you'd like
It would be nice to be able to Sign in (and create if needed) users using the OpenID Connect standard.
Describe alternatives you've considered
Alternatively, backing the user store using LDAP could be an option, but is less preferred because a proper SSO solution can be more secure (2FA) and streamlined.
The text was updated successfully, but these errors were encountered: