Automatic Login for Externally Authenticated Users

crazybrad

Is there a way to present either a Cloudron username+password, username+temporary app password or web token in a GET or POST request
to allow a user to log into their Cloudron account (preferred) or individually to each app?

I have a PHP application with 2FA required to authenticate users and once they are authenticated, I would like to give them the option of navigating to their Cloudron dashboard or individual apps without a login screen. A simple use case would be presenting a navigation menu item (Email), and when the user selected this option, a new window would open {SoGo, SnappyMail or Roundcube) with the user already logged into their email account.

Any suggestions?

Other Considerations: Main PHP application does not have LDAP. Application and Cloudron accounts will be linked by same username. Cloudron API App Passwords (https://docs.cloudron.io/api.html#tag/App-Passwords) seems helpful (if login could be automatic), but there is no time-based expiration on app passwords like JWTs.

girish

I think to automatically login to SoGO/SnappyMail/Roundcube requires assistance from those apps. Currently, those apps use LDAP/IMAP authentication internally to auth a user. So, you have to implement an authentication scheme in those apps itself to let you login as the right user/mailbox .

I got a few hits for roundcube + jwt + sso , so maybe you can explore those.

crazybrad

@girish Thanks for the suggestion. Sounds like I will need to pursue this idea on an app by app basis, rather than signing on as a Cloudron user. If I am successful, I will share the results so that others can benefit as well.