feat(oauth): support desktop-specific OIDC issuer and client_id discovery#766
feat(oauth): support desktop-specific OIDC issuer and client_id discovery#766pat-s wants to merge 2 commits into
client_id discovery#766Conversation
|
After opencloud-eu/opencloud#2072 got merged: are there changes needed here? @rhafer you might know best. It might even be needed to issue a new release in sync with v5.2.0 then to be able to make use of the new issuer behavior. |
|
@pat-s i noticed server was merged as well for 5.2.0 but client is still requesting client id "OpenCloudDesktop" does openclouddesktop need this merge as well |
|
@Chanceium Yes, changes are needed to make this work. |
Let's get this pushed 😭 |
|
As far as I can tell the implementations differ in some places. For example, I would suggest that persisting the |
4 participants
fix #246
Enables identity providers that require separate OIDC clients per application type (like Authentik, Kanidm, Zitadel) to work with the desktop client.
http://openid.net/specs/connect/1.0/issuer/desktop)client_idfrom WebFinger link properties when availableclient_idacross re-authenticationServer-side changes
To work, this PR requires changes in https://github.com/opencloud-eu/opencloud.
A complementary PR is available at opencloud-eu/opencloud#2072.
Additionally, the following env vars must be set on the admin side:
Here,
WEBFINGER_OIDC_ISSUER_DESKTOPis usually the root URL of the identity provider andWEBFINGER_OIDC_CLIENT_ID_DESKTOPcontains theclient_idof the respective oAuth project.With these changes, I was able to login into the Desktop app with a dedicated oAuth project through Zitadel (v4.7.0). The implementation should be generic and work with other oAuth providers as well.