Considerations when using Cloudron as an OpenID provider for external services

ccfu

I am in the process of deciding whether or not we can use Cloudron as an OpenID provider also for external apps. The authentication works in principle by creating new clients, but in order for it to be a feasible option in the long run, there are a few logistical questions / issues I need to resolve:

• I know it is possible to create custom-branded pages, but is it also possible to customise the emails (invitation, password reset) in a way that is update safe? The problem (for us) is that the default text of the invitations assume the recipient is expecting a Cloudron account to be set up for them, which is not always true in our use case. We need to be able to customise the text to provide the user with this information - also to conform with data protection requirements.

• Is there a way to change the language of the login screen (e.g. through a URL parameter)? It is not currently possible to set the users language when creating the user account (this would, incidentally, also be a feature request) and currently the invitation emails can only go out in the default Cloudron language and the login screen will show in this language as well, which is not always desirable.

• It is possible to import users via csv or json files. What effect does a later (re-)import have on existing user accounts? I assume there is some checking for duplicates, but are these then skipped or will they be updated if, for example, the email address in the import file is different from the one in Cloudron?

girish

Currently:

• No way to create custom branded pages or invite mails which are update safe
• No translations for the login screen see below
• Import/export has to be done with the API for the moment. We are in fact removing the import functionality in the next release (the one we already have) because it's quite flawed wrt duplicate handling and it's hard to write a generic user importer and it has no real error reporting either.

I think there are feature requests already for 1 and 2 and it's in our roadmap but I don't have a ETA for this.

ccfu

OK, thanks. That answers the question whether or not we can use Cloudron as an OpenID provider also for external apps with a no then. Looks like I will have to go with Keycloak or Authentik instead.

nebulon

For the translation issue, if the Cloudron itself is set to a different language (in the settings, not profile view) then the login view is already translated.

girish

Oops, I stand corrected about the login screen translation.