Skip to content

feat(auth): makes SSO portable via env variables#15

Merged
koalalorenzo merged 8 commits into
mainfrom
refactor-lego-sso-setup
Apr 7, 2026
Merged

feat(auth): makes SSO portable via env variables#15
koalalorenzo merged 8 commits into
mainfrom
refactor-lego-sso-setup

Conversation

@koalalorenzo
Copy link
Copy Markdown
Member

@koalalorenzo koalalorenzo commented Apr 7, 2026
edited
Loading

Oh new thing from the fabulab:

  • Creates a new /api/env to provide BUN_PUBLIC_* env (I struggled to get them done in bun :( )
  • Allows to customize OIDC credentials using BUN_PUBLIC_OIDC_* variables
  • Disable SSO/OIDC when BUN_PUBLIC_OIDC_* variables are not provided
  • Does not run queryPrometheus when the user is not authenticated (there was an error constantly)
  • ?
  • Profit!

BTW, I am not a huge fan of /api/env as it could expose values. I have set it up this way, as these env are NOT secrets, but we want to allow people to customize and provide different prometheus endpoints, OIDC config, based on their needs, rather than hard coding the values.

Note: This forces us to run the server with the frontend, those cannot be decoupled because of /api/web 😅

@koalalorenzo
refactor(auth): moves authentication around
e703a2d 
Signed-off-by: Lorenzo Setale <lorenzo.setale@LEGO.com>
@koalalorenzo
feature(auth): load env vars (wip) from endpoint
5e655c4 
Signed-off-by: Lorenzo Setale <lorenzo.setale@LEGO.com>
@koalalorenzo
Merge branch 'main' into refactor-lego-sso-setup
1e90e71 
Signed-off-by: Lorenzo Setale <lorenzo.setale@LEGO.com>
@koalalorenzo
feat(auth): load OIDC varabiles from /api/web instead
6fb48e3 
Signed-off-by: Lorenzo Setale <lorenzo.setale@LEGO.com>
@koalalorenzo
feat(auth): allows to customize/define prometheus proxy via env variable
339420e 
Signed-off-by: Lorenzo Setale <lorenzo.setale@LEGO.com>
@koalalorenzo
feat(auth): does not run queryPrometheus if it is not behind auth
ed02709 
Signed-off-by: Lorenzo Setale <lorenzo.setale@LEGO.com>
@koalalorenzo
feat(auth): if OIDC_AUTHORITY or ODIC_CLIENT_ID envs are not defined,…
7abfc9d 
… it will hide it

Signed-off-by: Lorenzo Setale <lorenzo.setale@LEGO.com>
@koalalorenzo koalalorenzo self-assigned this Apr 7, 2026
@koalalorenzo koalalorenzo requested a review from PaulFarver as a code owner April 7, 2026 12:29
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 7, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@koalalorenzo
docs(auth): adds env context provider example
71ef589 
Signed-off-by: Lorenzo Setale <lorenzo.setale@LEGO.com>
@koalalorenzo koalalorenzo merged commit b388a53 into main Apr 7, 2026
6 checks passed
@koalalorenzo koalalorenzo deleted the refactor-lego-sso-setup branch April 7, 2026 12:36
@koalalorenzo koalalorenzo mentioned this pull request Apr 7, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PaulFarver PaulFarver PaulFarver approved these changes

Assignees

@koalalorenzo koalalorenzo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@koalalorenzo @PaulFarver