Jafner/calibre-web
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

Add Generic OAuth2 Support #3

New Issue
Open
opened 2022-07-12 12:21:51 -07:00 by Jafner · 5 comments
Jafner commented 2022-07-12 12:21:51 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Building on the work from decentral1se here, we want to build OAuth2 support that replaces the GitHub and Google OAuth2 providers with a functional generic alternative.

Subtasks:

  • Build minimum viable product with support for Authentik OAuth2. The original work assumed Keycloak's relative pathing, and some values are hardcoded.
  • Strip out GitHub and Google OAuth2 support.
  • Document process for connecting Calibre-web to common self-hosted OAuth2 providers (Keycloak, Authentik) and social logins (Google, GitHub, Discord, more?)
Building on the work from decentral1se [here](https://github.com/janeczku/calibre-web/pull/2211), we want to build OAuth2 support that replaces the GitHub and Google OAuth2 providers with a functional generic alternative. Subtasks: - [x] Build minimum viable product with support for Authentik OAuth2. The original work assumed Keycloak's relative pathing, and some values are hardcoded. - [ ] Strip out GitHub and Google OAuth2 support. - [ ] Document process for connecting Calibre-web to common self-hosted OAuth2 providers (Keycloak, Authentik) and social logins (Google, GitHub, Discord, more?)
Jafner commented 2022-07-12 17:16:49 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

marked the checklist item Build minimum viable product with support for Authentik OAuth2. The original work assumed Keycloak's relative pathing, and some values are hardcoded. as completed

marked the checklist item **Build minimum viable product with support for Authentik OAuth2. The original work assumed Keycloak's relative pathing, and some values are hardcoded.** as completed
Jafner commented 2022-07-12 17:16:50 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Build minimum viable product with support for Authentik OAuth2. The original work assumed Keycloak's relative pathing, and some values are hardcoded.

Done as of c8df968e and closes #1

> Build minimum viable product with support for Authentik OAuth2. The original work assumed Keycloak's relative pathing, and some values are hardcoded. Done as of c8df968e and closes #1
Jafner commented 2022-07-12 21:05:32 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

Strip out GitHub and Google OAuth2 support.

OAuth support for Github and Google appears to have originated here: https://github.com/janeczku/calibre-web/pull/673/files

We're deliberating a new structure for supporting arbitrary OAuth2 providers.

  • Flask-dance supports an array of pre-configured providers which pre-fill the OAuth2ConsumerBlueprint base_url, token_url, and authorization_url values with those appropriate for the service.
  • We want the UI to remain tolerable, not a big mess of bizarre OAuth providers.
  • We want to support self-hosted providers such as Keycloak and Authentik. These (except Authentiq) are not supported as premade blueprints by Flask-dance. Do we want to bake these into code as much as we can, or just support them in documentation alone?
  • We can support arbitrary providers with a combination of the Custom provider and documentation.
> Strip out GitHub and Google OAuth2 support. OAuth support for Github and Google appears to have originated here: https://github.com/janeczku/calibre-web/pull/673/files We're deliberating a new structure for supporting arbitrary OAuth2 providers. - Flask-dance supports an [array of pre-configured providers](https://flask-dance.readthedocs.io/en/latest/providers.html#module-flask_dance.contrib.github) which pre-fill the OAuth2ConsumerBlueprint `base_url`, `token_url`, and `authorization_url` values with those appropriate for the service. - We want the UI to remain tolerable, not a big mess of bizarre OAuth providers. - We want to support self-hosted providers such as Keycloak and Authentik. These (except [Authentiq](https://flask-dance.readthedocs.io/en/latest/_modules/flask_dance/contrib/authentiq.html#make_authentiq_blueprint)) are not supported as premade blueprints by Flask-dance. Do we want to bake these into code as much as we can, or just support them in documentation alone? - We can support arbitrary providers with a combination of the Custom provider and documentation.
Jafner commented 2022-07-12 23:29:53 -07:00 (Migrated from gitlab.jafner.net)
Copy Link
  • Why did LSIO use a premade app.db?
  • web.py renders the oauth login button. Consider making it a little prettier.
  • Logging and error handling for OAuth flow.
  • Make the login flow pretty for users (Maybe per-provider 32x32 icon?). Redesign the login prompt. Allow admins to customize login prompt re: OAuth.
- Why did LSIO use a premade `app.db`? - `web.py` renders the oauth login button. Consider making it a little prettier. - Logging and error handling for OAuth flow. - Make the login flow pretty for users (Maybe per-provider 32x32 icon?). Redesign the login prompt. Allow admins to customize login prompt re: OAuth.
Jafner commented 2022-07-13 09:27:33 -07:00 (Migrated from gitlab.jafner.net)
Copy Link

assigned to @Jafner

assigned to @Jafner
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Jafner/calibre-web#3
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?