Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Alternative to "oauth proxy"?

Alternative to "oauth proxy"?

Scheduled Pinned Locked Moved Solved Support
6 Posts 3 Posters 2.0k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • fbartelsF Offline
    fbartelsF Offline
    fbartels
    App Dev
    wrote on last edited by
    #1

    I wanted to look into packaging https://forum.cloudron.io/topic/1438/cloud-torrent, but the progam itself only offers auth through a single username:password combination passed as an env variable and therefore was looking into ways to put auth into the nginx reverse proxy.

    https://cloudron.io/developer/packaging/ still refers to the following:

    For app that have no user management at all, the Cloudron implements an OAuth proxy that optionally lets the Cloudron admin make the app visible only for logged in users.

    but searching for more references to it end up at a gitlab ticket that states that it was removed.

    Are there any alternatives to it?

    1 Reply Last reply
    0
    • nebulonN Offline
      nebulonN Offline
      nebulon
      Staff
      wrote on last edited by
      #2

      That is correct, it was removed altogether. It was too confusing to users, as the oauth view put a non-app ui in front and it was not clear for users without explanation. We have to fix up that documentation piece, thanks for the hint.

      There is also no alternative without patching the app or contribution some kind of login view upstream. For which we prefer LDAP over OAuth for the same reason, to not have those browser redirect hops.

      fbartelsF 1 Reply Last reply
      0
      • nebulonN nebulon

        That is correct, it was removed altogether. It was too confusing to users, as the oauth view put a non-app ui in front and it was not clear for users without explanation. We have to fix up that documentation piece, thanks for the hint.

        There is also no alternative without patching the app or contribution some kind of login view upstream. For which we prefer LDAP over OAuth for the same reason, to not have those browser redirect hops.

        fbartelsF Offline
        fbartelsF Offline
        fbartels
        App Dev
        wrote on last edited by
        #3

        Hi @nebulon ,

        ok was already expecting something like this. I'd have to argue that the "browser redirect hops" are something that most users will probably be accustomed with by now as this is the same as all the "login with facebook", "login with google" and "login with github" buttons all over the web. But of course ldap has its benefits as well.

        I meanwhile started working to include oauth2_proxy into my take on cloud torrent. Will probably continue next weekend.

        1 Reply Last reply
        0
        • girishG Do not disturb
          girishG Do not disturb
          girish
          Staff
          wrote on last edited by
          #4

          You probably know this... but we started with OAuth integration is all our apps. Over time, we gave up on that since it is far too hard to integrate OAuth into each and every app. Given that OAuth is not really a "standard", we had to create Cloudron OAuth specific patches for each app. And then we have to fight hard with each upstream project to get Cloudron OAuth code merged. Just too much trouble and we felt we cannot win on our own 😞

          fbartelsF 1 Reply Last reply
          1
          • girishG girish

            You probably know this... but we started with OAuth integration is all our apps. Over time, we gave up on that since it is far too hard to integrate OAuth into each and every app. Given that OAuth is not really a "standard", we had to create Cloudron OAuth specific patches for each app. And then we have to fight hard with each upstream project to get Cloudron OAuth code merged. Just too much trouble and we felt we cannot win on our own 😞

            fbartelsF Offline
            fbartelsF Offline
            fbartels
            App Dev
            wrote on last edited by
            #5

            @girish said in Alternative to "oauth proxy"?:

            we felt we cannot win on our own 😞

            yes, the world would be a better place if all applications would properly support oauth2 or even better openid connect. I will anyways first give https://github.com/bitly/oauth2_proxy a try and if that does not work I'll configure mod_authnz_ldap in the apache bundled in the base image.

            1 Reply Last reply
            0
            • girishG Do not disturb
              girishG Do not disturb
              girish
              Staff
              wrote on last edited by
              #6

              https://forum.cloudron.io/topic/3682/proxyauth-addon is the new alternative which uses LDAP.

              1 Reply Last reply
              3
              Reply
              • Reply as topic
              Log in to reply
              • Oldest to Newest
              • Newest to Oldest
              • Most Votes


              • Login

              • Don't have an account? Register

              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search