SSO Support #297
SSO Support #297
Conversation
privacyguard
requested review from
dessalines and
SleeplessOne1917
as code owners
privacyguard
force-pushed
the
sso_support
branch
from
736b1ad
to
5b6f6db
Compare
|
@dessalines We would love to use lemmy for our project, sso is a hard requirement, is there anything we can help to get this PR merged, or would you rather prefer us forking the project and implementing it on a fork? |
|
Looks like its going to get worked on soon, but it'll be a while on a lemmy release anyway. |
|
@dessalines PS. The lemmy-ui changes depend on a new release of lemmy-js-client. |
|
Cool, I'll update this now and get a test deploy out. |
|
Oh actually there are some conflicts in this PR. We'll resolve them now. |
|
I just did that, but you don't have allow edits to pull requests on this one. I'll do it in another branch. |
|
K all this is merged in #348 now. I'm not exactly sure how you enable edits by maintainers (because I think that's the default), but it got turned off somehow here. |
|
Thanks! |
|
K this should be available in a few minutes as |
|
Perfect. Can we use this version in the lemmy-ui PR or is it just for local testing? |
|
Yes you can use it for lemmy-ui. |
Implements LemmyNet/lemmy#2930.
This PR is based on LemmyNet/lemmy#4238 and #219 by @thepaperpilot.
We noticed that the original PR is outdated and has a lot of conflicts with the recent changes. We tried to keep the previous commits whenever possible (in lemmy-js-client and lemmy-ui).
How is works?
Admins can configure external OIDC providers from within the admin settings.
Once an OIDC provider is configured, users will be able to Sign In / Sign Up using external OIDC providers.
Available Configuration
The usual OIDC endpoints
auto_verify_email: When enabled, users signing up using OIDC won't need to go through email verification.
auto_approve_application: When enabled, users signing up using OIDC won't need manual approval even if applications are required.
account_linking_enabled: When enabled, users attempting with sign up with OIDC using an existing user email would link the OIDC account to the existing user.
Disclaimer
This is our first ever rust contribution.
Who we are? Why are we contributing to Lemmy?
Privacy Portal is an OIDC provider and an email aliasing service focused on privacy. We have decided to contribute to select open source projects that empower Free Speech online.
Our OIDC provider services are currently offered free of charge. In the future, we will have a generous free plan that will cover most deployments.
Using Privacy Portal as your OIDC provider offers your users great privacy benefits. User emails will automatically get replaced by single-purpose Privacy Aliases during sign up. Users will be able to enter any name (to be used as username). Users can benefit from email encryption and much more.