Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED Alternative to "oauth proxy"?

    Support
    3
    6
    485
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • fbartels
      fbartels App Dev last edited by

      I wanted to look into packaging https://forum.cloudron.io/topic/1438/cloud-torrent, but the progam itself only offers auth through a single username:password combination passed as an env variable and therefore was looking into ways to put auth into the nginx reverse proxy.

      https://cloudron.io/developer/packaging/ still refers to the following:

      For app that have no user management at all, the Cloudron implements an OAuth proxy that optionally lets the Cloudron admin make the app visible only for logged in users.

      but searching for more references to it end up at a gitlab ticket that states that it was removed.

      Are there any alternatives to it?

      1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        That is correct, it was removed altogether. It was too confusing to users, as the oauth view put a non-app ui in front and it was not clear for users without explanation. We have to fix up that documentation piece, thanks for the hint.

        There is also no alternative without patching the app or contribution some kind of login view upstream. For which we prefer LDAP over OAuth for the same reason, to not have those browser redirect hops.

        fbartels 1 Reply Last reply Reply Quote 0
        • fbartels
          fbartels App Dev @nebulon last edited by

          Hi @nebulon ,

          ok was already expecting something like this. I'd have to argue that the "browser redirect hops" are something that most users will probably be accustomed with by now as this is the same as all the "login with facebook", "login with google" and "login with github" buttons all over the web. But of course ldap has its benefits as well.

          I meanwhile started working to include oauth2_proxy into my take on cloud torrent. Will probably continue next weekend.

          1 Reply Last reply Reply Quote 0
          • girish
            girish Staff last edited by

            You probably know this... but we started with OAuth integration is all our apps. Over time, we gave up on that since it is far too hard to integrate OAuth into each and every app. Given that OAuth is not really a "standard", we had to create Cloudron OAuth specific patches for each app. And then we have to fight hard with each upstream project to get Cloudron OAuth code merged. Just too much trouble and we felt we cannot win on our own 😞

            fbartels 1 Reply Last reply Reply Quote 1
            • fbartels
              fbartels App Dev @girish last edited by

              @girish said in Alternative to "oauth proxy"?:

              we felt we cannot win on our own 😞

              yes, the world would be a better place if all applications would properly support oauth2 or even better openid connect. I will anyways first give https://github.com/bitly/oauth2_proxy a try and if that does not work I'll configure mod_authnz_ldap in the apache bundled in the base image.

              1 Reply Last reply Reply Quote 0
              • girish
                girish Staff last edited by

                https://forum.cloudron.io/topic/3682/proxyauth-addon is the new alternative which uses LDAP.

                1 Reply Last reply Reply Quote 3
                • First post
                  Last post