many authentication methods
-
greetings guys.
I would like to propose there should be other ways to authenticate than just username, password, or even TOTP.
1 of the things you could do is allow for the Google oauth2.0 options, if the administrator has a Google cloud console client Id and secret. right now, as it is I'd have to configure my instence via cloudflare, and make it to where cloudflare access must be accessed first, then go through the tredissional authentication process
yes, that is my cloudflare access setup, which, lol, feel free to break into, you won't find anything. but that's becides the point.
another possibility is to intigrate something like the duo auth API, kinda like vaultwarden does.duo has many authentication options, like security key, hardware token, and SMS gateway, features cloudrons athentication doesn't have. it would also make it easier.
there should also be more oauth options, like Facebook GitHub, discord, etc.
if we had oauth options, this would allow for more authentication choice, and it would probably be more secure.
for example, suno AI, into order to log into their applications, you
must
use oauth.
I also forgot that if you used duo security, you wouldn't even have to worry about the Fido implementation. just sign up for duo, and you're good. oauth like Google also support Fido. so you're killing a couple of birds with a couple of features.
I find it a little disappointing how cloudron doesn't have much authentication options.
o another suggestion, the 2FA token option should only be presented when the correct username and password are entered.
as a hacker, if I see that, I will know you have a TOTP before even the username and password is entered, and try t exploit it.
thanks