New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: adds OIDC support #3266
feat: adds OIDC support #3266
Conversation
Hi @becelot! I tried out to run this branch as a self-hosted. The OIDC part with Keycloak works perfectly, but I see some troubles with "Authorization" tab in a request editor - fields for configuration of token or OAuth2.0 are just hidden for some reason. |
@wirbe1 The problem should be solved now. I synced my PR with the latest main branch and the problem disappeared, so it was probably already fixed by someone else and was present in the version I forked from. |
I can confirm this works well with RedHat SSO (Keycloack). I hope it eventually gets merged to main, this is a must for on-prem implementations. |
+1 for this please. It would be nice to use OIDC without having to build from source. |
Thank you very much for the great work. I just tested your branch (merged into the latest upstream) and it is working fine with Auth0 and the following settings: hoppscotch
Auth0
I still need to test if all scopes are required (openid and email are at least) and wether the "Allowed Callback URL" or "Allowed Web Origins" must be set in Auth0. Best regards, |
@fbuchmeier-abi I know this is a horrible place for "How do I" type questions, but I've tried building this as separate containers using the prod.Dockerfile, and it can't get through the app build. Did you have to do anything special to get it to work? I'd love to test and start with this while it gets merged into the main. |
Maybe you could open a separate issue for this? In general I've built only the |
I was fairly sure it was something on my end. Turns out the system I was building on was too old. Newer system fixed the issue. |
Working perfectly using a self-hosted gitlab CE instance:
|
Hello @nivedin @liyasthomas Any plan to review/approve this PR ? |
Hey @liyasthomas, any update on this? Is there something we can do to pitch in? |
Hello @AndrewBastin @liyasthomas @balub @anwarulislam @ankitsridhar16 @nivedin @amk-dev @JoelJacobStephen Hope you are all doing well. Is it possible for one of you to finally have a look at this feature and tell us if yes or no it will be implemented ? Thanks a lot, and have a great day ! |
Adding my voice to the folks above - this feature would be really nice to have and would enable my team and I to start using Hoppscotch in earnest. |
adding my voice too ! Currently searching for a good alternative to postman and discovered this project ! I'm really eager to deploy this for my team... We're using an AzureAD so this would be perfect for our collaborative needs 😄 |
Well, its been 4 months without a word from anyone of the maintainers, so it's obvious this doesn't have priority. Unfortunately, i can't say I'm surprised, running a project like this is difficult, resources and time are limited, targeting a hybrid model of offering SaaS as well as self-hosting only compounds the problems, ask gitlab -_- Still, @liyasthomas or anyone else, some form of communication would be appreciated. |
I'm noting this morning that the $19/user/month Enterprise plan offers SAML login support. If the maintainers merged this PR then they'd find their free tier in nearly direct competition with their enterprise tier. At this point, I see them as doing us a favor by keeping the PR open because that enables us to easily find this code which we can then use to bake our own Docker images. |
Hi everyone, Firstly, we want to thank @becelot for dedicating time to this PR. We truly appreciate the effort and time you invested in implementing this feature. However, for the time being, we only intend to introduce the ability to configure a custom OIDC provider as a Hoppscotch Self-Host Enterprise only feature, as this feature better aligns with our vision for our Enterprise roadmap. We understand that this decision might be disappointing for you, but certain difficult decisions like this will help us offer better and continued support for our free cloud and self-host community edition. We will include the custom OIDC provider with our Hoppscotch Self-Host Enterprise v2024.3.0 release happening this March. Since we won't be leveraging the community PR, we are closing this issue for now. |
Closes #3001
Description
The PR adds the option to configure your own OIDC client in the self-hosted version. It expands on top of the conditional auth provider implementations added in #3225 and #3204. To enable the OIDC sign in, you need to fill in the OIDC configuration options (client id, secret, and issuer endpoints) in
.env
and additionally enable theOIDC
auth provider inVITE_ALLOWED_AUTH_PROVIDERS
.You can also configure the login button text if you want to, e.g.
Login with COMPANY SSO
.Checks
Additional Information
The implementation is tested with KeyCloak. I will provide setup documentation for both hoppscotch and different Identity providers in a second PR after this is merged.