-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Option to disable internal auth/register and only allow external authClient #178
Comments
Thanks for submitting the proposal. Your request seems reasonable and I think it could be implemented without breaking the current behavior and without introducing too much changes. I'll consider it for v2.11.0. About the plugins - the current implementation for both AdobeXD and Figma doesn't support oauth2 authorization, but I think it could be added. For Figma I expect things to be easier because the plugin's api is closer to the browser env, but that may not be the case for AdobeXD (there is |
A new To disable the default Email/Password authorization flow, add Unfortunately the oauth2 support for the plugins ended more troublesome than I initially thought. So, the only proper way I think there is to make the plugins to work with oauth2 is to temporary store the oauth2 response access token on the server (aka. implement some sort of sessions) until it is "pool"-ed from the plugin (eg. with interval/websockets/server-sent-events). This solution requires major changes to the api and the database and currently I want to avoid that, because I'm planning to implement a new backend for v3, I just have to find the time to start working on it along with everything else... For now, I've added a note about the limitation in the plugins readme, but if anyone thinks that there is an easier way to implement it, please let me know. |
Can you push the current release to dockerhub? The latest there is still v2.10.1 |
Yes, I'm aware, sorry for the inconvenience. Recently Docker Hub has disabled Automated builds for their free plans and I'm waiting a response from their team whether Presentator will be allowed to participate in their Open Source program. I'll wait for their answer up until this Friday and if they decline or need more time I'll push the tagged images manually during the weekend. |
@Kiina The latest image tags should be now available in Docker Hub. |
I'd like to suggest a new option to only let users login via one of the identity providers defined in
authClientCollection
.Why?
Easier and more secure management. When I force my users to login via gitlab only for example, I can force all gitlab users to use 2FA or other things, increasing the overall security. Also it makes it easier to restrict access and eases password management.
When someone leaves my project I don't have to remove the account in 20 different places. I can just restrict his Gitlab login and oauth to all connected sites won't work anymore. Instead of running the risk someone reuses his password, I can make sure only a strong password + 2FA is used in my identity provider.
Possible Issues
The plugins might not work well with oauth. I haven't tested this yet, so maybe it's not a problem. The API allows oauth so it shouldn't be too much of an issue.
The text was updated successfully, but these errors were encountered: