Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement logging in via external identity providers #2278

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

Implement logging in via external identity providers #2278

wants to merge 14 commits into from
+862 −2

Conversation

thepaperpilot
Copy link

@thepaperpilot thepaperpilot commented Dec 8, 2023
edited

Description

Implements LemmyNet/lemmy#2930. I believe LemmyNet/lemmy#489 is a duplicate of that issue, and would also be considered implemented by this. Note that this does NOT make lemmy itself an identity provider, and thus does NOT implement LemmyNet/lemmy#1368.

External auth methods can be added via the admin settings, and then buttons are shown on the login page to use those auth methods instead of "basic" auth (username + password). The implementation supports both OAuth or OIDC auth methods, and can register non-existent users as well (if a new setting is explicitly turned on).

Other frontends that wish to support these external auth methods can use the changes in lemmy-ui as a reference. They'll need to show the buttons to go to the authorization URL with the appropriate redirect URI, and then implement the endpoint at that URI that takes the auth cookie and navigates to the redirect URI param it was passed. Optionally, frontends can also implement the new admin settings.

Future Work

Most of these are not implemented because my understanding is lemmy-ui is getting replaced soon-ish anyways and these are tasks that would take awhile to implement which is probably not worth it imo.

  • Make frontends have convenient presets for common identity providers (like Google, Github, Discord, etc.) that hides the well-known fields (i.e. just show client ID and secret).
  • PKCE support (more secure version of OAuth)
  • If auto-registration is disabled, bring non-existent users to modified version of the signup page where the email is pre-filled and readonly, and the password field is hidden
  • Improve error handling/messaging (for example if an external auth method fails to save due to a non-unique client ID)

Related PRs

Screenshots

image

image

This was referenced Dec 8, 2023
Open
Closed
@Die4Ever
Copy link
Contributor

so if you linked your Google account then Lemmy could skip email verification for new accounts? I've seen lots of people have issues with email verifications for their new accounts, new users get confused, emails get lost or sent to spam, instances have their email improperly setup, etc. This seems like it would be less error prone.

I hope this can get finished and merged in eventually.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dessalines dessalines Awaiting requested review from dessalines dessalines is a code owner

@SleeplessOne1917 SleeplessOne1917 Awaiting requested review from SleeplessOne1917 SleeplessOne1917 is a code owner

@alectrocute alectrocute Awaiting requested review from alectrocute

@jsit jsit Awaiting requested review from jsit

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@thepaperpilot @Die4Ever @SleeplessOne1917