How do you login via oidc supported apps on mobile?
-
I messed around with the admin settings in Wekan. But it doesn't seem Cloudron is respecting those choices. I don't have the option to use user/password. Only the OIDC method is visible on the login page.
-
@humptydumpty On iOS Firefox, Settings -> Block Popup Windows -> Disable . Then, clicking on the OIDC button opens a popup to login.
Another question, is it possible to disable oidc for all apps?
As in, you want it to use LDAP over OIDC ? Otherwise, when installing, do not use Cloudron User Management.
Assuming, this is related to OIDC issue here, this is only a quirk in Wekan that it shows a popup. This has to be fixed in Wekan somehow.
-
I changed the popup setting in brave but it still won’t log in. Most definitely yes, ldap over oidc any day, but better yet, plain old user/pass. It’s not a hassle with a pass manager like vault/bit warden. Can i disable oidc server wide?
For some apps, i like to have different accounts, like one user and one admin. I sometimes have more that are related to what I’m using the account for, personal vs business or business 1, business 2, etc. since not all apps have good user management features built-in. I’m not sure how i can do that with oidc (easily that is).
Popup fix worked for safari but not for brave. Good enough for me. I use Firefox focus on mobile and i don’t see any popup setting. Not surprised since it’s made for privacy from the ground up.
I’ve had wekan installed for ages. Will have to reinstall to implement the regular user management option. Is it possible to have this feature added to CR so we can switch it from the access control section?
-
@humptydumpty said in How do you login via oidc supported apps on mobile?:
Can i disable oidc server wide?
You have to choose this when installing the app. If not, then you can put in a feature request in the app section here and we can fix it up. We haven't implemented a dynamic toggle for user authentication. This is mostly because of technical reasons. Most apps cannot handle it if you switch from LDAP/OIDC to normal user mode (not in an automated fashion anyway).
-
@girish said in How do you login via oidc supported apps on mobile?:
You have to choose this when installing the app.
Most of my apps were installed pre-oidc, and it wasn't really a problem to have LDAP along with regular user management (on top of my head, WP works fine) since you could choose which cloudron account you want to log in with. When trying to reinstall Wekan, I don't see an option to select LDAP or OIDC. It says to leave management to the app or use Cloudron's.
-
so yes if Cloudron usermanagement is used, it may either be OpenID or LDAP. I guess the main issue is, that wekan OpenID does not work too well on those browsers, since it is written to use a popup window, unlike most other apps, which use redirection. Maybe worth mentioning this upstream, as other non-Cloudron users would also benefit then.
-
@nebulon I hopped on Wekan's repo and upon first search before posting, I found this thread:
Partial quoting of dev's response:
xet7 commented Aug 29, 2023 • You can select only LDAP or OAUTH2. Not both. Dropdown selection is between one external authentication and password login.
Source: https://github.com/wekan/wekan/issues/5109
Will open a new ticket regarding the pop-up vs redirection suggestion.
Issue opened: https://github.com/wekan/wekan/issues/5231
-
Quoting dev (xet7). Issue tagged as a bug.
PRs welcome. I have tried to get using redirect working, but I did not get it working.
-
I've had the unpleasant surprise of being blocked from login on my TT-RSS instance, because suddenly OIDC is a thing, after an automatic update.
The TT-RSS app only allows to enter a username and password, and my Cloudron account requires to use 2FA for login.
What are my options now?