FEAT: Add Open ID Connect authentication method

* add `oidc-config` setting allowing an admin user to configure parameters * modify login page to show another button when oidc is configured * add dependency `openid-client` `v5.4.0` * add backend route to process "OAuth2 Authorization Code" flow initialisation * add backend route to process callback of above flow * sign in the authenticated user with internal jwt token if internal user with email matching the one retrieved from oauth claims exists Note: Only Open ID Connect Discovery is supported which most modern Identity Providers offer. Tested with Authentik 2023.2.2 and Keycloak 18.0.2
2025-07-04 17:06:49 +00:00 · 2023-02-24 08:39:21 +00:00
parent 5920b0cf5e
commit caeb2934f0
17 changed files with 441 additions and 7 deletions
--- a/frontend/js/app/api.js
+++ b/frontend/js/app/api.js
@ -59,6 +59,8 @@ function fetch(verb, path, data, options) {
            },

            beforeSend: function (xhr) {
+                // allow unauthenticated access to OIDC configuration
+                if (path === "settings/oidc-config") return;
                xhr.setRequestHeader('Authorization', 'Bearer ' + (token ? token.t : null));
            },