Is there a way to make LDAP mandatory on the Cloudron App Store?
-
You see, I finally finished both the front (login) and back end (Change Connected Server) of my VPN Client. Turns out, baking in LDAP login support wasn't just easier than building my own. It was necessary. Because the container has to do a soft-restart to switch VPN connections, it takes no more than a few seconds. But it needs a real access token. I get that via the LDAP integration (using
/api/v1/loginwith the alreadyPOSTed data to grab one). So, in my VPN Client's case it's a requirement to get the access token for the app to even function. So, is there a way to require it on your store?Ignore the rant:
And those tokens last a year; should they last a year? Not that a year's a bad amount of time, but I imagine there are use cases that don't need one lasting so long (for my use case it's perfect tho).By the way, do these special type of api tokens (collected from the/api/v1/loginendpoint ever get revoked before their year expiration date? Since these are "logged in" tokens? Do they not work when the user is logged out - or do they act just like regular tokens for my purposes? I am just wondering about how a Cloudron admin revokes them since that would affect my app?Edit: Nevermind, I just found in my profile that I have 19 login tokens I can choose to revoke all at once.
So I understand the login tokens now, that works for me. I would just need to test if a token is revoked on attempted soft-restart and have the user forcefully logged out to log back in if so. -
You see, I finally finished both the front (login) and back end (Change Connected Server) of my VPN Client. Turns out, baking in LDAP login support wasn't just easier than building my own. It was necessary. Because the container has to do a soft-restart to switch VPN connections, it takes no more than a few seconds. But it needs a real access token. I get that via the LDAP integration (using
/api/v1/loginwith the alreadyPOSTed data to grab one). So, in my VPN Client's case it's a requirement to get the access token for the app to even function. So, is there a way to require it on your store?Ignore the rant:
And those tokens last a year; should they last a year? Not that a year's a bad amount of time, but I imagine there are use cases that don't need one lasting so long (for my use case it's perfect tho).By the way, do these special type of api tokens (collected from the/api/v1/loginendpoint ever get revoked before their year expiration date? Since these are "logged in" tokens? Do they not work when the user is logged out - or do they act just like regular tokens for my purposes? I am just wondering about how a Cloudron admin revokes them since that would affect my app?Edit: Nevermind, I just found in my profile that I have 19 login tokens I can choose to revoke all at once. So I understand the login tokens now, that works for me. I would just need to test if a token is revoked on attempted soft-restart and have the user forcefully logged out to log back in if so. -
@mehdi pointed to the correct option and is spot on. So just use ldap addon and not set
optionalSsoin the manifest.@nebulon said in Is there a way to make LDAP mandatory on the Cloudron App Store?:
@mehdi pointed to the correct option and is spot on. So just use ldap addon and not set
optionalSsoin the manifest.So that will force LDAP; perfect! I was hoping there was already a way to make it mandatory, and the best part is, it already is since I didn't even know about the
optionalSsovariable.Thanks guys!
-
@Lonk I'm not sure I understand the question.
As long as your app has the LDAP addon, you're good. You just have to not include the optionalSSO entry in manifest https://docs.cloudron.io/custom-apps/manifest/#optionalsso
@mehdi said in Is there a way to make LDAP mandatory on the Cloudron App Store?:
@Lonk I'm not sure I understand the question.
As long as your app has the LDAP addon, you're good. You just have to not include the optionalSSO entry in manifest https://docs.cloudron.io/custom-apps/manifest/#optionalsso
You answered correctly! Thanks.
