Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. App Packaging & Development
  3. Is there a way to make LDAP mandatory on the Cloudron App Store?

Is there a way to make LDAP mandatory on the Cloudron App Store?

Scheduled Pinned Locked Moved Solved App Packaging & Development
5 Posts 3 Posters 1.0k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • LonkleL Offline
    LonkleL Offline
    Lonkle
    wrote on last edited by Lonkle
    #1

    You see, I finally finished both the front (login) and back end (Change Connected Server) of my VPN Client. Turns out, baking in LDAP login support wasn't just easier than building my own. It was necessary. Because the container has to do a soft-restart to switch VPN connections, it takes no more than a few seconds. But it needs a real access token. I get that via the LDAP integration (using /api/v1/login with the already POSTed data to grab one). So, in my VPN Client's case it's a requirement to get the access token for the app to even function. So, is there a way to require it on your store?

    Ignore the rant:
    And those tokens last a year; should they last a year? Not that a year's a bad amount of time, but I imagine there are use cases that don't need one lasting so long (for my use case it's perfect tho).

    By the way, do these special type of api tokens (collected from the /api/v1/login endpoint ever get revoked before their year expiration date? Since these are "logged in" tokens? Do they not work when the user is logged out - or do they act just like regular tokens for my purposes? I am just wondering about how a Cloudron admin revokes them since that would affect my app?

    Edit: Nevermind, I just found in my profile that I have 19 login tokens I can choose to revoke all at once. 😂 So I understand the login tokens now, that works for me. I would just need to test if a token is revoked on attempted soft-restart and have the user forcefully logged out to log back in if so.

    mehdiM 1 Reply Last reply
    0
    • LonkleL Lonkle

      You see, I finally finished both the front (login) and back end (Change Connected Server) of my VPN Client. Turns out, baking in LDAP login support wasn't just easier than building my own. It was necessary. Because the container has to do a soft-restart to switch VPN connections, it takes no more than a few seconds. But it needs a real access token. I get that via the LDAP integration (using /api/v1/login with the already POSTed data to grab one). So, in my VPN Client's case it's a requirement to get the access token for the app to even function. So, is there a way to require it on your store?

      Ignore the rant:
      And those tokens last a year; should they last a year? Not that a year's a bad amount of time, but I imagine there are use cases that don't need one lasting so long (for my use case it's perfect tho).

      By the way, do these special type of api tokens (collected from the /api/v1/login endpoint ever get revoked before their year expiration date? Since these are "logged in" tokens? Do they not work when the user is logged out - or do they act just like regular tokens for my purposes? I am just wondering about how a Cloudron admin revokes them since that would affect my app?

      Edit: Nevermind, I just found in my profile that I have 19 login tokens I can choose to revoke all at once. 😂 So I understand the login tokens now, that works for me. I would just need to test if a token is revoked on attempted soft-restart and have the user forcefully logged out to log back in if so.

      mehdiM Offline
      mehdiM Offline
      mehdi
      App Dev
      wrote on last edited by mehdi
      #2

      @Lonk I'm not sure I understand the question.

      As long as your app has the LDAP addon, you're good. You just have to not include the optionalSSO entry in manifest https://docs.cloudron.io/custom-apps/manifest/#optionalsso

      LonkleL 1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #3

        @mehdi pointed to the correct option and is spot on. So just use ldap addon and not set optionalSso in the manifest.

        LonkleL 1 Reply Last reply
        0
        • nebulonN nebulon

          @mehdi pointed to the correct option and is spot on. So just use ldap addon and not set optionalSso in the manifest.

          LonkleL Offline
          LonkleL Offline
          Lonkle
          wrote on last edited by Lonkle
          #4

          @nebulon said in Is there a way to make LDAP mandatory on the Cloudron App Store?:

          @mehdi pointed to the correct option and is spot on. So just use ldap addon and not set optionalSso in the manifest.

          So that will force LDAP; perfect! I was hoping there was already a way to make it mandatory, and the best part is, it already is since I didn't even know about the optionalSso variable.

          Thanks guys!

          1 Reply Last reply
          0
          • mehdiM mehdi

            @Lonk I'm not sure I understand the question.

            As long as your app has the LDAP addon, you're good. You just have to not include the optionalSSO entry in manifest https://docs.cloudron.io/custom-apps/manifest/#optionalsso

            LonkleL Offline
            LonkleL Offline
            Lonkle
            wrote on last edited by
            #5

            @mehdi said in Is there a way to make LDAP mandatory on the Cloudron App Store?:

            @Lonk I'm not sure I understand the question.

            As long as your app has the LDAP addon, you're good. You just have to not include the optionalSSO entry in manifest https://docs.cloudron.io/custom-apps/manifest/#optionalsso

            You answered correctly! Thanks.

            1 Reply Last reply
            1
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes


            • Login

            • Don't have an account? Register

            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Bookmarks
            • Search