External OAuth Provider Requests #451
Comments
Support Steam as an external OAuth ProviderCurrently, Supabase does not support Steam as an external OAuth provider. Describe the solution you'd likeSupport Steam as an external OAuth Provider. https://partner.steamgames.com/doc/features/auth Describe alternatives you've consideredN/A Additional contextThis article describes how Steam's login method works. |
Add Patreon as OAuth providerSupport Patreon oauth. Describe the solution you'd likeSee feature request netlify/gotrue#312 |
|
Add Quickbooks as an OAuth provider |
Add Orcid as an OAuth providerHi I'd like to publish an app that other researchers can contribute to without signing up to anything, just using the orcid credentials they have for publishing to journals. Could you please add Orcid to the OAuth providers? https://info.orcid.org/documentation/features/public-api/orcid-as-a-sign-in-option-to-your-system/ All the best and many thanks for the great work! |
Add global.id as OAuth ProviderIs your feature request related to a problem? Please describe.Letting users in with a privacy-friendly OAuth Provider while accessing/verifying user data in a privacy-friendly manner if required. Describe the solution you'd likeAdding global.id as sign-in/up option and storing requested data in the user metadata. Describe alternatives you've consideredDidn't really find a good alternative to this provider. Additional contextI would like to implement that but I have never used go before, nor do I have a clue on how to integrate it in the existing codebase. |
Singpass login
Note: Singapore government might move to use SGID |
Foursquare/Swam loginIs your feature request related to a problem? Please describe.Would love to be able to authenticate users with Foursquare/Swarm Describe alternatives you've consideredCurrently using passport-foursquare |
SoundCloud LoginPlease add SoundCloud OAuth provider. Is your feature request related to a problem? Please describe.To extend music streaming platform authentication. Additional contexthttps://developers.soundcloud.com/docs/api/guide#authentication Note: there is an existing PR -- #269 which contains an initial implementation |
Ethereum LoginIs your feature request related to a problem? Please describe.I'd like to let my users log in with their Eth wallet (Metamask, etc) Describe the solution you'd likeJust like Uniswap does. Describe alternatives you've consideredLooks like Redwood has an Eth login. Additional contextn/a Note: there is an existing PR -- #269 which contains an initial implementation |
Auth0Would it be possible to include Auth0 as a login provider. Would like transition over to Supabase however this is preventing me from doing so. Describe alternatives you've consideredTutorial on importing users from Auth0. Relevant resources: |
Tik TokTikTok recently published their OAuth flow Is your feature request related to a problem? Please describe.For the application that I am working on, we convert users from TikTok. Currently, we plan to authenticate them from using Phone authentication, but TikTok support could drastically improve our conversion. Describe the solution you'd likeSocial login with TikTok is supported similar to existing 3rd party providers. Describe alternatives you've consideredThe only other alternative would be to host our own authentication server and use it in tandem with Supabase. Not particularly ideal. Additional contextNote: there is an existing PR -- #269 which contains an initial implementation |
NetlifyAdditional contexthttps://twitter.com/jlengstorf/status/1429611357356187652
https://app.netlify.com/user/applications Relevant Comments:
|
Kakao [ Completed ]Requested on: supabase/supabase#5200 Developer docs: https://developers.kakao.com/product/kakaoLogin Corresponding PR: #366 |
StravaVery important integrations for any sport-related applications. Strava Docs: https://developers.strava.com/docs/authentication/ |
Garmin ConnectOptionally, another important connection for sport-related apps. I don't know it it supports OAuth2 but seems to support OAuth1 but it looks more complicated to get setup than Strava. Docs: https://developer.garmin.com/gc-developer-program/program-faq/ |
Provider request: MastodonIs your feature request related to a problem? Please describe.Mastodon is growing in popularity and could be very useful to add as an auth provider. Additional contextDue to the federated nature of mastodon, I think login can be setup per-server instance. I'm not exactly sure how to reflect that. |
Provider Request: HuaweiIt would be nice if users could authenticate with Huawei Auth. Huawei has many users in Asia-Pacific countries. Additional contextDocumentation: Huawei Auth |
## What kind of change does this PR introduce? This PR adds Kakao(https://accounts.kakao.com/) as an external provider. ## What is the current behavior? This provider did not exist before. ## What is the new behavior? Based on Kakao developer docs(https://developers.kakao.com/), this PR creates a provider & test suite for Kakao external provider. ## Additional context Please let me know if there are any changes needed, I do acknowledge that this was once mentioned in another [comment](#451 (comment)), but it seemed like the PR had been frozen since then. I wrote my own version to make sure the tests do pass and the features work properly. --------- Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
Add generic OAuth2/OIDC providerA generic OAuth2/OIDC provider similar to what Auth0 offers would cover most (if not all) of the provider requests in this thread in one hit. This would enable developers to simply provide, at a minimum:
I'm surprised this hasn't already been suggested. Is there some complexity that I'm missing? |
|
Hey @rohanliston, great question! not all social providers comply to the OIDC spec and might not have an authorization server URL. As for the mapping for claims, not all the social providers return the user data the same way (take linkedin vs workos for e.g.). Also, gotrue currently follows an automatic linking model to link 2 identities with the same email to the same user. This means that having an insecure oauth provider added could compromise logins for a user. This is also why we currently enforce the email returned from the oauth provider to be verified. |
Add Yahoo as OAuth providerSupport Yahoo oauth. Describe the solution you'd likeSee feature request #1191 |
|
@kangmingtay Thanks for your response! To address your points:
That's fine, there are still countless providers that are OIDC-compliant. The ones that aren't compliant would require a dedicated provider as they do now. I don't think this is a reason not to implement a generic provider.
Yep, we'd definitely need a mapper of some sort. A simple approach would be to have the user define a JSON object to define the mapping. Dot notation could be used to map nested fields.
Does gotrue require the user to authenticate to both accounts before linking? Relying on email verification alone isn't totally secure, because the account can still be compromised later on. Email verification only proves that the user had control of the account when it was created. Auth0 highlights this in their docs and has a secure approach to account linking in their Account Link Extension: Regardless, I think whether or not an external provider is 'secure' should be a concern of the application developer setting up the integration. Gotrue should merely provide the means to support the integration itself in a secure way within its own sphere of control. |
Support Salesforce as an OAuth ProviderCurrently, Supabase does not support Salesforce as an external OAuth provider. Describe the solution you'd likeSuport Salesforce as an OAuth provider https://login.salesforce.com/.well-known/openid-configuration Describe alternatives you've consideredN/A Additional contextWell-known config: https://login.salesforce.com/.well-known/openid-configuration NOTE: Salesforce allows users to configure custom subdomains for their environments, but support for this would not be required as the user can go to the standard login page (login.salesforce.com and login their, unless explicitly disallowed, in which case they can choose "Use Custom Domain". In order to test this flow:
|
I'd like to work on a generic OAuth2 provider. Since the comments of @rohanliston in August, @kangmingtay has updated the CONTRIBUTING.md text to suggest that such a generic provider is officially regarded as a possible way forward. By default, I would go for a generic OAuth2 client, similar to the one described by the auth0 docs. This is as opposed to a generic OIDC flow, which was previously present in gotrue but was then removed in #927, for reasons which are explained here, and which sound like the Supabase team needs to resolve things internally first. If the generic OAuth2 client is the wrong direction to head in, please let me know. Edit: See #1372 for the PR. |
|
@J0 any updates on the Telegram provider? It has been more than a year now since its request, and as far as I can see it is one of the most requested providers in this thread. |
Is there any progress on this? |
LinearI would like Linear as an OAuth Provider Documentation: https://developers.linear.app/docs/oauth/authentication |
@Mutondi I have started working on it, currently I am looking into how I can extend the database schema in order to store the additional information required for genericity, such as the field mapping. I could use this extension myself in February 2024. So if you have the time to test the feature with your own provider once I open the PR, that would be great news. Edit: See #1372 for the PR. |
Is there an ETA for Steam as an Auth Provider? Or even a Custom Provider option? |
Support Zitadel as a providerPlease consider adding support for ZITADEL. I see there is already KeyCloak support, so I could try to copy that for Zitadel, as in most instances Zitadel drops in as a replacement pretty fine as both are OIDC compliant and common self-hosted open source Identity Providers. I am not sure if I should hold off on it based on the comment in the CONTRIBUTING.md. Let me know if I should go ahead and work on this. But I did also find this in the code so maybe I don't need to do this after all?: Still happy to do the work, just need a little guidance 🙏 |
|
@Mutondi, @rohanliston, @kangmingtay, @bdelwood, @James3UK, @sannajammeh, @bluengreen, @jessebot, @chrisjh, @agrantdeakin, @mstade, @WildEgo, @kermado, @JoaquimLey, @naohiro-t, @BayTec, @jamiefolsom, @point-source, @Whats-A-MattR and everyone else who has mentioned or reacted to a generic OAuth provider: I have implemented a first version of a generic OAuth provider at #1372. If you have the means, it would help a great deal if you could test it with some real-life identity providers (even ones which are already supported by gotrue would help). I have so far tested it using an application of my own. But the more we can test this new all-purpose OAuth provider the merrier. |
|
add miniOrange as OAuth Provider |
|
Would love to see Yahoo in the list of auth providers. Would make accessing the Yahoo Fantasy API so much better. |
|
Is there any progress on the generic OAuth provider, is possible submit PR that adds another social login provider? |
Any feedback on adding Yahoo oauth? |
Epic as OAuth providerSaw this request in the discussions and thought I will bump it by posting it here as well. Would be great to see this feature being added! |
and others
This issue is for tracking requests/demand for integration with External OAuth Providers. Give a comment a thumbs up if you want the connector built or drop a comment if you wish to work on any of the providers below.
We will prioritise providers based on the number of upvotes/thumbs up so do upvote your favourite providers
The text was updated successfully, but these errors were encountered: