Add keycloak authentication by mspasiano · Pull Request #240 · lovasoa/whitebophir

mspasiano · 2022-04-14T10:59:47Z

Together with my colleague @GiorgioBart we have extended the authentication method to https://github.com/keycloak

mspasiano · 2022-04-14T11:01:21Z

We have defined some environment variables:

KEYCLOAK_ENABLE
KEYCLOAK_URL
KEYCLOAK_REALM
KEYCLOAK_CLIENTID
KEYCLOAK_USERINFO_ATTRIBUTE

lovasoa · 2022-04-14T13:12:41Z

This sounds useful! A few notes:

keycloak implements open authentication standards. I don't think there is a reason to make wbo dependant on keycloak instead of being generic and working with any openid connect provider.
If I'm not mistaken, the most important part is missing: the server side token verification logic.

client-data/tools/keycloak/keycloak.js

lovasoa · 2022-04-14T13:28:20Z

client-data/tools/keycloak/keycloak.js

+			keycloak.loadUserInfo().then(function(userInfo) {
+				if (Tools.server_config.KEYCLOAK_USERINFO_ATTRIBUTE) {
+					if (!userInfo[Tools.server_config.KEYCLOAK_USERINFO_ATTRIBUTE]) {
+						alert("Sitema non disponibile per l'utente " + userInfo.preferred_username);


We shouldn't have an "alert", and all messages should be localized

I have not found anything to replace alert that you do not think about this: https://github.com/t4t5/sweetalert

client-data/tools/keycloak/keycloak.js

lovasoa · 2022-04-14T13:29:51Z

README.md

+- `KEYCLOAK_ENABLE` is used for enable OIDC authentication
+- `KEYCLOAK_URL` is the URL of Keycloak, eg, `https://keycloak-server/auth`
+- `KEYCLOAK_REALM` is the Realm name, eg, **myrealm**
+- `KEYCLOAK_CLIENTID` is the Public Client Id, eg, **myapp**
+- `KEYCLOAK_USERINFO_ATTRIBUTE` is the attribute name for authorization, and it is not mandatory 


We shouldn't have to take more than an optional oidc discovery url

I do not think it is necessary, everything is conditioned on the KEYCLOAK_ENABLE variable

matbgn · 2022-06-07T15:07:15Z

Amy further improvements @mspasiano? I'm really looking forward to it ;-)

lovasoa · 2022-06-07T15:21:06Z

We shouldn't have to take more than an optional oidc discovery url. Keycloak implements the standard oidc protocol; I don't think this should be keycloak-specific, mention a realm, or need a "userinfo" configuration.

mspasiano · 2022-06-08T09:21:11Z

We shouldn't have to take more than an optional oidc discovery url. Keycloak implements the standard oidc protocol; I don't think this should be keycloak-specific, mention a realm, or need a "userinfo" configuration.

You could use this https://www.npmjs.com/package/openid-client what do you think? If you think it's appropriate I can take care of it, I did the same thing for PeerTube https://www.npmjs.com/package/peertube-plugin-oidc-cnr

lovasoa · 2022-06-14T21:36:05Z

Yes, we can use an external lib. But we should keep compatibility with the existing jwt authentication mechanism described in https://github.com/lovasoa/whitebophir#authentication

tilllt · 2024-10-07T05:15:33Z

Has there been any progress with this? I would love to use OIDC authentication via authentik with WBO.

Add keycloak authentication

b6b83d0

mspasiano added 2 commits April 14, 2022 13:34

Add keycloak authentication

027a3c0

On logout change redirectUri to homepage

16e7a8d

lovasoa requested changes Apr 14, 2022

View reviewed changes

FIX localizable

011d4f4

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add keycloak authentication#240

Add keycloak authentication#240
mspasiano wants to merge 4 commits intolovasoa:masterfrom
mspasiano:master

mspasiano commented Apr 14, 2022

Uh oh!

mspasiano commented Apr 14, 2022 •

edited

Loading

Uh oh!

lovasoa commented Apr 14, 2022 •

edited

Loading

Uh oh!

Uh oh!

lovasoa Apr 14, 2022

Uh oh!

mspasiano Apr 15, 2022

Uh oh!

Uh oh!

lovasoa Apr 14, 2022

Uh oh!

mspasiano Apr 15, 2022

Uh oh!

matbgn commented Jun 7, 2022

Uh oh!

lovasoa commented Jun 7, 2022

Uh oh!

mspasiano commented Jun 8, 2022 •

edited

Loading

Uh oh!

lovasoa commented Jun 14, 2022

Uh oh!

tilllt commented Oct 7, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Uh oh!

Conversation

mspasiano commented Apr 14, 2022

Uh oh!

mspasiano commented Apr 14, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

lovasoa commented Apr 14, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

lovasoa Apr 14, 2022

Choose a reason for hiding this comment

Uh oh!

mspasiano Apr 15, 2022

Choose a reason for hiding this comment

Uh oh!

Uh oh!

lovasoa Apr 14, 2022

Choose a reason for hiding this comment

Uh oh!

mspasiano Apr 15, 2022

Choose a reason for hiding this comment

Uh oh!

matbgn commented Jun 7, 2022

Uh oh!

lovasoa commented Jun 7, 2022

Uh oh!

mspasiano commented Jun 8, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

lovasoa commented Jun 14, 2022

Uh oh!

tilllt commented Oct 7, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

mspasiano commented Apr 14, 2022 •

edited

Loading

lovasoa commented Apr 14, 2022 •

edited

Loading

mspasiano commented Jun 8, 2022 •

edited

Loading