Multi User support

[arielmoraes]

Does listmonk support multi users (each one with its own Dashboard)?

If not, is it feasible to fork it and do the required changes?

[knadh]

It doesn't right now, but it has been on the to-do since the beginning. Some context here #125.

The requirements are:

• A lightweight authentication lib.
• Support for native credentials (e-mail / password).
• Support for oAuth.
• Granular permissions per user that control API calls and the corresponding UI interactions.

I wrote some pseudocode here a while ago, but never got a chance to focus on this. If you would like to take this up as a project, please feel free to propose a spec. Thanks!

[arielmoraes]

I see, but is that for multi users accessing a shared set of resources or each own user with separate data?

[knadh]

There could be lists that are user owned (this is tricky to do), but multi-user here is not intended to be multi-tenancy, but permission'd access to the same instance.

[jooola]

What about using tools such as ory/kratos or keratin/authn-server, so a powerful user management is shipped in no time and listmonk only has to build the bridge ?

I am not suggesting something like an external auth service, but really a full featured user management system embed into listmonk.

And if one wants to extend this, building multi tenancy would simply mean, spinning another listmonk but still having user management in a single place ?

[charlesmudy]

+1 to this ... infact, it might solve #499 ... its almost unusable now since every email is unique. Quite limiting.

[knadh]

What about using tools such as ory/kratos or keratin/authn-server, so a powerful user management is shipped in no time and listmonk only has to build the bridge ?

These are full fledged, standalone auth servers, programs bigger than listmonk even. Embedding them into listmonk may not be ideal. I'll take a closer look at them though. The auth system will have oAuth support to plugin external providers.

But, multi-user scopes and views vs. multi-tenancy are two different beasts. Multi-tenancy is not on the roadmap.

+1 to this ... infact, it might solve #499 ... its almost unusable now since every email is unique. Quite limiting.

This is unrelated. Subscribers (and by extension, their primary ID, e-mails) being globally unique first-class citizens won't change.

[RKVodde]

Multi User Support is a much needed feature which boosts the usage of a wonderful platform like "listmonk" in an organizational setting.

[bryceprutsos]

I agree that multi-user support would be a great enhancement. However, like the developer said it's tricky because of which user has access to what. Just pointing out that if multi-user support is a thing LDAP or SSO (SAML, CAS, OpenID) should be supported.

[NicoHood]

For me it would be great to have a minimal multi user mode: Just have multiple logins, all with the same access. The reason why this is important, because you can withdraw permissions of the user (aka delete or block a user), when someone leaves the team. We also then do not need to share passwords (this is so bad) and can use multiple accounts and do password reset via email oink. As a first step, this would help to get feedback and set the start for multiple logins.

[knadh]

+1 @NicoHood. There should be a simple native permission based multi-user system. Once that's in place, plugging in OAuth, LDAP should be straight forward.

[RKVodde]

Any progress on the multi user support.

[knadh]

@RKVodde nothing yet, unfortunately. I was looking at this again last week and came across this new lib: https://github.com/go-pkgz/auth

Haven't had a chance to look at it up close yet.

[RKVodde]

I am not into go-lang but this is what I found, might help. https://github.com/volatiletech/authboss

[c-nv-s]

@RKVodde nothing yet, unfortunately. I was looking at this again last week and came across this new lib: https://github.com/go-pkgz/auth

Haven't had a chance to look at it up close yet.

I used this library before for a custom OAuth setup and it was fairly straightforward which is nice.
I actually switched to it after failing to get authboss working which was actually a painful experience.

[rpmcoding]

Sounds good!

[titansmc]

Hi,
I am interested on it but found no multi-user support. Is it something being worked on? Before we start evaluating alternatives.
Cheers.

[knadh]

It's on the to-do, but haven't started working on it yet. Unable to give a timeline, unfortunately.

[pwnoobz]

I'm also interested in this. I just want to stay subbed on the topic.

[jmaisonneuve01]

Hi I'm gonna start working on this function so if anybody got something already running message me plz!

[knadh]

@jmaisonneuve01 please share a plan/proposal/spec of what and how you're planning to implement.

[jmaisonneuve01]

@jmaisonneuve01 please share a plan/proposal/spec of what and how you're planning to implement.

Still gathering and analyzing your code for the moment ill keep you updated

[samuk]

Any news on this one @jmaisonneuve01

[titansmc]

https://github.com/coreos/go-oidc

Any chance the OIDC could be used ?

[floridarangers]

For what it's worth until this feature is available. I use caddy and forward_auth as a work around (nginx supports something like this as well). It's not perfect but it allows me to give multiple people access to the server without having this feature in place.

[knadh]

I've finally started working on this. Ref: #1701 (comment)

[knadh]

Update:

• User management on the UI and backend is done.
• WIP: Frontend authentication, user permissions, permissions per list.

[chrislbrown84]

Great news - thanks for sorting this @knadh

[bryceprutsos]

Great news @knadh I will be more than happy to test.

[shanrahul]

@knadh when will be the feature the available ?