Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • App Dev

    @Lonk Yeah, that's it.

  • App Dev

    @Lonk LDAP is just a directory tool. You can use it today with 2FA by storing the TOTP info there, just like you would with any other database.

    The difficulty is that the application must actually use that data.

    Alternatives would be to use methods like a proxy where you authenticate with username and password+token rather than a third field for token. This would allow implementing 2FA universally though it is unintuitive to users.


  • @iamthefij said in OAuth support:

    @Lonk LDAP is just a directory tool. You can use it today with 2FA by storing the TOTP info there, just like you would with any other database.

    The difficulty is that the application must actually use that data.

    Alternatives would be to use methods like a proxy where you authenticate with username and password+token rather than a third field for token. This would allow implementing 2FA universally though it is unintuitive to users.

    Oh, I'm quite new to this. I thought the original goal for Oauth was to accomplish SSO and LDAP is like half-SSO but mostly compatible (you just have to login again with the same credentials). I know also 2FA was a factor, in fact, you can enable it for Cloudron users rn so it's in the user DB which means it may already be available to re-use. I wonder if I should include support for the TOTP in my small PHP Cloudron-LDAP library I'm making.


  • Found another technology that is interesting in this realm. Not useful for Cloudron but I hope these types of protocols keeps growing:

    • Jamf Connect


  • I understand VERY LITTLE about this, and not sure this question even makes sense in this thread, but I'll shoot my shot anyway:

    Would it make sense maybe to make Cloudron a "proper" OpenID provider, backed by its LDAP directory, so we could maybe sign into third-party apps that support OpenID with our cloudron identities?

    I think like @nebulon said most apps nowadays are settling for google/facebook/github authentication, but maybe, just maybe, as people get more concerned about privacy, we can push to go (back) towards a decentralized identity kind of thing?

    <old-man rant>
    Sad how for a while, a decade or two back, we had this thriving hivemind of how the internet would empower us and build decentralized everything, and then all of a sudden we let a few big companies just commodify our identities and sell us as products with no regard for our privacy.
    </rant>

    Sorry about the last paragraph, but what do you guys think about being an openid provider and stuff? 🙂


  • @malvim exactly this ☝

  • App Dev

    Fyi: the Kopano Meet app includes an openid connect provider (no 2fa in Konnect as of yet, but webauthn is one of the next milestones). I have written about that in https://forum.cloudron.io/topic/2368/


  • @malvim I think that’s the perfect middle ground for this situation. Thank you for outlining it so well. ☺️


  • Since we're in it, worth having a look at the future here : IndieAuth
    specs : https://indieauth.net/
    Try it : https://indieauth.com/
    my blog support indieweb blocks by design so I can already login to a bunch of sites with my own identity, there is also indieweb pack plugins for wordpress/drupal, I hope Indieauth will catch up and become a universal decentralized method to handle identity on the web.


  • @rmdes Thanks so much for posting about this SSO decentralized is probably all of our dreams. 😂