@cvachery said in Use Cloudron Logins for host protected settings:
@Mirotalk did the update that was deployed to cloudron include the openid logins?
The OIDC (OpenID Connect) option is available in both MiroTalk P2P v.1.3.29 And MiroTalk SFU v.1.4.32.
It works like this:
-
Authentication Prompt: When someone wants to access restricted features on MiroTalk, they're asked to log in using a service like Auth0 or Other providers. This sends them to Auth0's login page to prove they're who they say they are.
-
Room Creation and Sharing: After logging in successfully, users can create and share rooms with others. This lets them collaborate easily within MiroTalk.
-
Guest Access Control: Guests (people who aren't logged in)
can't access
certain parts of MiroTalk, like thelanding page
or newroom creation
. They can only join rooms shared with them by someone who's logged in. This ensures that only verified users can use all of MiroTalk's features, keeping things safe and private.
How Does OIDC Fit In?
Now, instead of the old way where MiroTalk checked a config file or called an API to see if a user was valid, we can use OIDC for authentication. Here's how:
-
Full Authentication: If
authRequired
is set totrue
, everything in MiroTalk requires logging in. No login, no access. -
Optional Authentication: With this setup, certain parts of MiroTalk might need authentication while others don't. Enabling OIDC with
host_protection
means that authenticated users can access the platform, while Guests can join room, like the old logic but in conjuction with OIDC. -
No Authentication: In some cases, you might want MiroTalk to be completely open, no login needed. This is good for things like public resources or demos.
-
OIDC disabled: When OIDC is disabled, the previous logic remains in place.
That's the gist of it! OIDC gives us more options for keeping MiroTalk secure and flexible for different situations. Furthermore, for those who opt out of OIDC usage, our existing security measures remain intact.