I was taking a look at this and saw that I can add redirectToProvider=true to the URL to automatically redirect me to my OpenID provider. Is there any way I can set this up so it will add that parameter when I navigate to just my main Vikuna frontend URL. Is this possible?
That’s not possible. We actually had it in the past, but that caused issues when you log out and it will log you back in again, causing a loop.
Oh I see. And I’m guessing changing the logout URL to redirect you to your provider wouldn’t fix that?
Openid has options in the spec to allow Auth providers to set a logout url. Using that for the redirect would be the cleanest solution.
I don’t see myself implementing this anytime soon, but would merge a PR if someone from the community wants to have a go at it.
That seems like a good solution. Should I open a feature request post to track it?
If I can get the following working, would you accept a PR ?
Usecase : from the SSO provider I have a list of app (vikunja included), i want to click vikunja and automatically login to Vikunja.
For now, it directs me to Vikunja login page and I have to click the correct SSO provider to login.
Proposal :
Either allow a parameter on the login page, something like : domain.tld/login?provider=providerId
If the parameter is supplied, automatically login the user via SSO for the given provider.
Or, something very similar, a new route domain.tld/login/:providerId with very basic component that automate the login via SSO for the given provider.
Logout could still get back to the domain.tld/login without login loop.
1 Like
Does it work for you if you add the redirectToProvider parameter?
It didn’t, so I looked at the code to see how it works… That option require :
- One and only one provider to be configured
- Local auth to be disabled
I currently have 2 providers setup (for testing purpose), and local auth enabled that I intend to keep enabled.
Maybe I can change that behaviour so that instead of passing true, I could pass the providerId (the key in the config file) to use. And maybe lift the restriction about local auth being disabled as well ?
I would love a PR that enhances that in the way you proposed.
1 Like