Feature Request: OIDC oauth2 sign in / registration

[Aeyk]

What is the problem that your feature request solves

SSO/ability to sign in and up with a OIDC identity provider.

Describe the ideal specific solution you'd want, and whether it fits into any broader scope of changes

OIDC + scope mapping, where you can grant a user admin privileges if they have a matching key-value pair in the token

What hacks or alternative solutions have you tried to solve the problem?

None yet, but I am looking at putting it behind oauth2-proxy

How badly do you want this new feature?

It would be nice to have eventually

I like ArchiveBox and would be willing to contribute development time for this feature.

[pirate]

I've wanted to add Django-allauth for a while, it would add support for tons of Oauth/oidc/social auth providers (and SAML).

I don't have time to do this myself currently as I'm focused on other priorities, but I welcome PRs!

[JKL213]

I'm also interested. Might do some experiments to implement OAuth on my own, mainly for Authentik support. Right now, my setup is less than ideal.

[pirate]

For anyone who arrives here via Google, we have some docs on the authentication methods we currently support (LDAP, reverse proxy, etc.) and it provides a little bit of guidance on how to set up Authentik or oauth2-proxy as a bridge to link a SAML/OIDC provider to ArchiveBox:

https://github.com/ArchiveBox/ArchiveBox/wiki/Setting-up-Authentication#not-yet-supported-saml--oauth2--openid-authentication

(improvements to these docs are welcome from anyone who as done a setup like this themselves, changes can be suggested as PRs here)

The ideal final solution is to just integrate django-allauth with ArchiveBox natively though, then users wont need to run a bridge or IdP server on their own (PR's welcome, but please don't hand-write your own auth code, stick to django-allauth).