[feature]: Private self hosted Hoppscotch instances

[dansjackson]

Is your feature request related to a problem? Please describe.
I can imagine a use case for organisations who want to self host Hoppscotch on their own infrastructure but want to limit their instance to their employees.

Reasons for this might be that the Hoppscotch instance might contain a default token for a private proxy server that would be required to access restricted API endpoints.

Describe the solution you'd like
Ideally, Hoppscotch could include support for authentication mechanisms. Accessing Hoppscotch would not be possible on private self hosted instances unless the authentication was passed.

These could include:

• OpenID/Oauth2
• SAML
• LDAP

Using existing external authentication systems will allow administrators to easily create permissions in their existing system that they can use to grant members of their organisation access to their Hoppscotch system.

I can imagine this being used amongst development companies who currently may have to rollout something like Postman to all of their employees and also have to be responsible for updating all of these different installed systems. Having a single instance of Hoppscotch solves this.

Describe alternatives you've considered
Personally, I am planning to use Vouch Proxy for this purpose since Hoppscotch does not natively have this ability. Other methods include HTTP Basic Auth however some self hosted applications such as Nextcloud and Bookstack have the Oauth2 ability built right into them.

[bblumenwiese]

Hi, I would love to see this become a reality. Because I know how easy it is to screw up keys and other secrets in Postman when working in a corporate environment and this seems to be the perfect solution I was looking for :) I have a strong interest in the intersection of security and usability, as in: Make it easy for the user to do the right thing in the right moment, and hard to do the wrong thing. Therefore I would really like to collaborate on this issue!

I would need some more actionable tasks to start working on this feature, though, and would be happy to brainstorm together with some more experienced folks on what needs to be done exactly :)

E.g.:

1. How would we handle the two variants with auth vs. no auth? (feature toggle?)
2. What should the UI look like for the auth page?

[liyasthomas]

A selfhost ready Hoppscotch instance is in our future roadmap. This will surely have configurable auth, backend, even toggles of feature set. We're planning to introduce a hopp.config file in root for any in-app settings and providers. This is at ALPHA stage at the moment, but would love to hear more thoughts on this.

[edgariscoding]

Would definitely love this functionality.

We'd also like to have other options instead of Firebase.

[stuzer05]

Swapping firebase alone would be a major step into self hosted direction

[superbiche]

+1 on swapping Firebase first. Maybe adding support for https://github.com/supabase/supabase would be an easier first step and already allow us to play around.

[AndrewBastin]

Yeah, so I am looking into strategies for a migration. Our plan is to move from Firebase and switch completely to our own backend (which we already have running to support Hoppscotch for Teams). It is actually our first step in the long process to establish a top to bottom fully capable (hence we are not into Supabase) self-hostable instance of Hoppscotch.

A major challenge for this is actually gracefully planning a migration of the user data and the service APIs over to the new system without affecting the end user (ideally in a completely transparent way). I am working on getting that done over the coming months.

[exussum12]

We self host hoppscotch currently, our build process is as follows

        - git clone --depth 1 --branch v1.12.0 https://github.com/hoppscotch/hoppscotch.git
        - cd hoppscotch
        - sed -i 's/"~\/plugins\/vuex-persist", //' nuxt.config.js
        - cp ../../store/hoppscotch-collection.json store/hoppscotch-collection.json
        - cp ../../store/hoppscotch-environment.json store/hoppscotch-environment.json
        - cp ../../store/postwoman.js store/postwoman.js
        - npm install
        - npm run generate

then copy the generated files to the hosting platform. You lose features like being able to edit and auto save, as you need a PR for them, but all of the collections and environments work.

Basically stop the persistence, and the files copied in are mostly the collections and environments separated for ease of PR and viewing.

We also need a custom browser build as the URL of the instance needs whitelisting, it seems to work well, the change to v2 has been a big enough change to stop this working though, but teams support looks great in the current version!

[freddiN]

I am also very much interested in this feature, I would like to set up a self hosted hoppscotch that uses our own gitlab instance for authentication.

I will keep an eye on any news regarding this topic.

[deepakprabhakara]

@liyasthomas I'd love to integrate SAML for you if you like, please do let me know. We have built an OSS SAML service at BoxyHQ - https://github.com/boxyhq/jackson