Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Alternative to "oauth proxy"?

Scheduled Pinned Locked Moved Solved Support
6 Posts 3 Posters 888 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    wrote on last edited by
    #1

    I wanted to look into packaging https://forum.cloudron.io/topic/1438/cloud-torrent, but the progam itself only offers auth through a single username:password combination passed as an env variable and therefore was looking into ways to put auth into the nginx reverse proxy.

    https://cloudron.io/developer/packaging/ still refers to the following:

    For app that have no user management at all, the Cloudron implements an OAuth proxy that optionally lets the Cloudron admin make the app visible only for logged in users.

    but searching for more references to it end up at a gitlab ticket that states that it was removed.

    Are there any alternatives to it?

    1 Reply Last reply
    0
  • nebulonN Online
    nebulonN Online
    nebulon Staff
    wrote on last edited by
    #2

    That is correct, it was removed altogether. It was too confusing to users, as the oauth view put a non-app ui in front and it was not clear for users without explanation. We have to fix up that documentation piece, thanks for the hint.

    There is also no alternative without patching the app or contribution some kind of login view upstream. For which we prefer LDAP over OAuth for the same reason, to not have those browser redirect hops.

    fbartelsF 1 Reply Last reply
    0
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to nebulon on last edited by
    #3

    Hi @nebulon ,

    ok was already expecting something like this. I'd have to argue that the "browser redirect hops" are something that most users will probably be accustomed with by now as this is the same as all the "login with facebook", "login with google" and "login with github" buttons all over the web. But of course ldap has its benefits as well.

    I meanwhile started working to include oauth2_proxy into my take on cloud torrent. Will probably continue next weekend.

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #4

    You probably know this... but we started with OAuth integration is all our apps. Over time, we gave up on that since it is far too hard to integrate OAuth into each and every app. Given that OAuth is not really a "standard", we had to create Cloudron OAuth specific patches for each app. And then we have to fight hard with each upstream project to get Cloudron OAuth code merged. Just too much trouble and we felt we cannot win on our own 😞

    fbartelsF 1 Reply Last reply
    1
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    replied to girish on last edited by
    #5

    @girish said in Alternative to "oauth proxy"?:

    we felt we cannot win on our own 😞

    yes, the world would be a better place if all applications would properly support oauth2 or even better openid connect. I will anyways first give https://github.com/bitly/oauth2_proxy a try and if that does not work I'll configure mod_authnz_ldap in the apache bundled in the base image.

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #6

    https://forum.cloudron.io/topic/3682/proxyauth-addon is the new alternative which uses LDAP.

    1 Reply Last reply
    3

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.