FEAT: Add Open ID Connect authentication method

* add `oidc-config` setting allowing an admin user to configure parameters * modify login page to show another button when oidc is configured * add dependency `openid-client` `v5.4.0` * add backend route to process "OAuth2 Authorization Code" flow initialisation * add backend route to process callback of above flow * sign in the authenticated user with internal jwt token if internal user with email matching the one retrieved from oauth claims exists Note: Only Open ID Connect Discovery is supported which most modern Identity Providers offer. Tested with Authentik 2023.2.2 and Keycloak 18.0.2
2025-06-19 18:48:17 +00:00 · 2023-02-24 08:39:21 +00:00
parent 5920b0cf5e
commit caeb2934f0
17 changed files with 441 additions and 7 deletions
--- a/frontend/js/app/settings/list/item.ejs
+++ b/frontend/js/app/settings/list/item.ejs
@ -9,6 +9,14 @@
        <% if (id === 'default-site') { %>
            <%- i18n('settings', 'default-site-' + value) %>
        <% } %>
+        <% if (id === 'oidc-config' && meta && meta.name && meta.clientID && meta.clientSecret && meta.issuerURL && meta.redirectURL) { %>
+            <%- meta.name %>
+            <% if (!meta.enabled) { %>
+               (Disabled)
+            <% } %>
+        <% } else if (id === 'oidc-config') { %>
+            Not configured
+        <% } %>
    </div>
 </td>
 <td class="text-right">