Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


SOLVED Alternative to "oauth proxy"?

Support
Log in to reply
  • fbartels
    App Dev

    I wanted to look into packaging https://forum.cloudron.io/topic/1438/cloud-torrent, but the progam itself only offers auth through a single username:password combination passed as an env variable and therefore was looking into ways to put auth into the nginx reverse proxy.

    https://cloudron.io/developer/packaging/ still refers to the following:

    For app that have no user management at all, the Cloudron implements an OAuth proxy that optionally lets the Cloudron admin make the app visible only for logged in users.

    but searching for more references to it end up at a gitlab ticket that states that it was removed.

    Are there any alternatives to it?

    0
  • nebulon
    Staff

    That is correct, it was removed altogether. It was too confusing to users, as the oauth view put a non-app ui in front and it was not clear for users without explanation. We have to fix up that documentation piece, thanks for the hint.

    There is also no alternative without patching the app or contribution some kind of login view upstream. For which we prefer LDAP over OAuth for the same reason, to not have those browser redirect hops.

    0 fbartels 1 Reply
  • fbartels
    App Dev

    Hi @nebulon ,

    ok was already expecting something like this. I'd have to argue that the "browser redirect hops" are something that most users will probably be accustomed with by now as this is the same as all the "login with facebook", "login with google" and "login with github" buttons all over the web. But of course ldap has its benefits as well.

    I meanwhile started working to include oauth2_proxy into my take on cloud torrent. Will probably continue next weekend.

    0
  • girish
    Staff

    You probably know this... but we started with OAuth integration is all our apps. Over time, we gave up on that since it is far too hard to integrate OAuth into each and every app. Given that OAuth is not really a "standard", we had to create Cloudron OAuth specific patches for each app. And then we have to fight hard with each upstream project to get Cloudron OAuth code merged. Just too much trouble and we felt we cannot win on our own 😞

    1 fbartels 1 Reply
  • fbartels
    App Dev

    @girish said in Alternative to "oauth proxy"?:

    we felt we cannot win on our own 😞

    yes, the world would be a better place if all applications would properly support oauth2 or even better openid connect. I will anyways first give https://github.com/bitly/oauth2_proxy a try and if that does not work I'll configure mod_authnz_ldap in the apache bundled in the base image.

    0
  • girish
    Staff

    https://forum.cloudron.io/topic/3682/proxyauth-addon is the new alternative which uses LDAP.

    3