Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for Proxy Auth via. HTTP header #1847

Open
eyJhb opened this issue Dec 17, 2024 · 2 comments · May be fixed by #1859
Open

Support for Proxy Auth via. HTTP header #1847

eyJhb opened this issue Dec 17, 2024 · 2 comments · May be fixed by #1859

Comments

@eyJhb
Copy link
Contributor

eyJhb commented Dec 17, 2024

Use case

This would allow to put e.g. Authelia in front of Wger, and then use the header that Authelia passes to wger to create/signin the user.
This could function as a simple way, to support the uses cases such as #1797 (not 100%, but it is quite simple to make).

See miniflux/v2#534 and https://grafana.com/docs/grafana/latest/auth/auth-proxy/ .

Proposal

  • Add config option PROXY_AUTH_HEADER=Remote-User
  • Add config option PROXY_AUTH_CREATE_USER=True
  • ALLOW_REGISTRATION=False should still allow creating users using PROXY_AUTH_
  • Mobile app should allow using API key instead of username/password for signin
    • This means user would first authenticate themselves using the website (go through e.g. Authelia -> Wger), copy API key, and then use that from the app.

I might take a jab at this if I have the time.

@eyJhb eyJhb changed the title Support for Auth Proxy Support for Proxy Auth via. HTTP header Dec 17, 2024
@rolandgeider
Copy link
Member

interesting, this would mean taking the auth header and just going along with it. My feeling is that this should be rather easy to do (or there is already some package for this)

@eyJhb
Copy link
Contributor Author

eyJhb commented Dec 18, 2024

I remember a issue with this. So it would require the app to be changed as well, to allow using API key for logging in, instead of using username/password, as that would no longer work (they have no password).

My current nginx setup allows anyone to access /static, /media and /api, and that should still work with such a setup as this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants