-
-
Notifications
You must be signed in to change notification settings - Fork 365
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Advanced authentication options #624
Comments
The immediate problem I can think of with something like header based authentication is that loading images relies on cookies as there aren't any ways to send custom headers for So the server would have to recognize that an authorized request is made based on the headers and then set the cookie for the response. I guess this might be ok, but I don't know if there might be any pitfalls doing it that way. |
Just want to +1 header auth as all my services are behind traefik with traefik-forward auth, which sets X-Forwarded-User after a google login flow. I currently am the only user so disabling auth altogether would also work for now. I'm not familiar with this codebase and how it uses cookies, but grafana is another potential reference for implementing this. |
@rpatel3001 Grafana might be worth a look. Maybe having an environment variable to completely disable any form of authentication and just have a single admin user that is always logged in, might be a nice start. |
This is only somewhat related: Is there any way to increase the lifetime of the auth cookie? I have Photoview set up internally for several family members, some of them are too old to deal with username/passwords. Currently, I've set up Shared Photoview Links on their Android homescreens, which don't require logins. If I could extend the lifetime of auth cookies (lets say up to 1 year), they could use the native PWA with their own useraccounts. |
@FunDeckHermit Did you find any way to disable authentication ? |
@FunDeckHermit : I managed to show using different way #818 (comment) |
@jordy2254, I think that this discussion might be interesting to you in the scope of user management epic |
Is your feature request related to a problem? Please describe.
My photoview instance is running behind Authentik. This causes two login screens for users to be traversed.
Describe the solution you'd like
From simple to advanced there are a couple of options:
Describe alternatives you've considered
Editing the HTML and hardcode a password at the login screen
Additional context
All options up to option 4 are quite easy to implement without a lot of hassle.
I personally prefer header based authentication as you will be able to pass through additional information in headers. It's also easy to use as each reverse-proxy is able to inject some headers. It's also safe as the Header is a variable and can be different for each instance.
The text was updated successfully, but these errors were encountered: