FEAT: Add Open ID Connect authentication method

* add `oidc-config` setting allowing an admin user to configure parameters * modify login page to show another button when oidc is configured * add dependency `openid-client` `v5.4.0` * add backend route to process "OAuth2 Authorization Code" flow initialisation * add backend route to process callback of above flow * sign in the authenticated user with internal jwt token if internal user with email matching the one retrieved from oauth claims exists Note: Only Open ID Connect Discovery is supported which most modern Identity Providers offer. Tested with Authentik 2023.2.2 and Keycloak 18.0.2
2025-12-19 22:03:26 +00:00 · 2023-02-24 08:39:21 +00:00
parent 5920b0cf5e
commit caeb2934f0
17 changed files with 441 additions and 7 deletions
--- a/backend/routes/api/settings.js
+++ b/backend/routes/api/settings.js
@@ -69,6 +69,17 @@ router
 				});
 			})
 			.then((row) => {
+				if (row.id === 'oidc-config') {
+					// redact oidc configuration via api
+					let m = row.meta
+					row.meta = {
+						name: m.name,
+						enabled: m.enabled === true && !!(m.clientID && m.clientSecret && m.issuerURL && m.redirectURL && m.name)
+					};
+					// remove these temporary cookies used during oidc authentication
+					res.clearCookie('npm_oidc')
+					res.clearCookie('npm_oidc_error')
+				}
 				res.status(200)
 					.send(row);
 			})