Outline - a Notion-like open source app
-
@luckow Ey luckow! You already added the client to the realm Cloudron. Look at the navigation on the right side. Because if you click on the triangle, you can see you are right there. The Cloudron realm.
But that is no explanation for your user experience.
@luckow you need to find out why your client was not found.
luckow @ luckow not today. tomorrow is another day. -
@luckow Without the tomatoes on my eyes, the solution is obvious.
Keycloak - Clients - Credentials:
Client Id and Secret does not mean that you take
ZIDdK...
for both. Secret is secret. Where do you find theClient Id
? This is also simple.Keycload - Clients
Yes. It's the name.Sorry for hijacking this thread for my noob questions.
-
Thank you very much @luckow. I got the email and thought "what is this email?!". But then thought it might be you. I appreciate you giving me this account.
This is an interesting app. It's another riff on Notion/Anytype friendly mark-up note taking/knowledge management/database app.
My main personal complaint with all these apps is they require always online access. There is no realistic way to use it offline.
I'm going to stay with it and see how it all works. As a wiki-type collaboration app it's certainly a very nice alternative to having to learn yet another markdown flavour.
-
@jdaviescoates Give me an email address to send the invitation link to
-
@luckow said in Outline - a Notion-like open source app:
@jdaviescoates Give me an email address to send the invitation link to
Sent via chat dm on here
-
@nj I found this post yesterday. Well written. Most of my problems (including the minio) were tomatoes on my eyes. And to be fair, misleading error messages in log files & browser console didn't make it any easier.
Let's see what the app packaging staff can tweak themselves. IMHO minio only for image storage is a big cannon as a solution. -
@nj Wow that's great!
The blog post installs keycloak as an app, but it might work better as a built-in addon that provides ODIC to any app that requests it. I suspect that there are more apps that authenticate via ODIC exclusively, and I can see there are some apps that could use it as an alternative to LDAP.
After some more research, it seems that OAuth used to be the default authentication method for Cloudron apps but it was removed in 2020 due to lack of support in apps. Has the authentication landscape changed in the last 2 years? Is now a good time to add it back? How does SAML look now?
-
@infogulch FWIW, I don't mind adding OpenID into cloudron. It was OAuth that wasn't a great idea. My understanding is that OpenID is more uniform and standardized. @nebulon and @fbartels probably know more about this though.
I guess I mean OpenID connect (OIDC) and not OpenID. I don't know the difference between these terms
-
@girish how about adding oidc as another addon and just ferderate to LDAP? Something like https://github.com/dexidp/dex could be used for this.
Only thinking out loud, never used this myself. Stumpled over it while working on other projects. -
@klawitterb yes, I don't see why not. But as mentioned, I am speaking beyond my expertise here I think @nebulon will know how much work it is on Cloudron side.
-
@klawitterb said in Outline - a Notion-like open source app:
as another addon
Yes, oidc should definitely be an addon (even better if one could just add addons during runtime of an app, so that one does not need to remove and reinstall apps to enable it). But instead of going third party it should be something native to the stack, like the https://docs.cloudron.io/packaging/addons/#proxyauth addon to benefit from existing sessions and the 2fa Cloudron already provides.
-
So I was curious about my proposal and just tried this. Seems to work quote well. Much easier than setting up a fully fledged identity provider like keycloak imho.
Basically dex is a go app which is controlled by a yaml config. Currently just running it inside the outline app itself with a little nginx proxy in front of it. When logging in it redirects to the login mask from dex which then authenticates the user from cloudrons LDAP. -
@klawitterb Nice find and R&D! Looks like this might be just the thing for making Cloudron's LDAP useable by external apps:
-
Update available: Outline v0.63.0
-
Now that Cloudron adds authentication headers with the proxyAuth addon, maybe the easiest solution to integrate authentication is to use those headers in outline. I guess that might be as simple as adding a new file to the /server/routes/auth/providers dir. This would simplify the cloudron package because it wouldn't have to set up and run keycloak.
https://github.com/outline/outline/tree/main/server/routes/auth/providers
Then the only barrier to packaging for cloudron would be the hypothetical s3/minio addon mentioned above.