[Enhancement] OpenID Connect/SSO support

[dan-r]

Is there any plan or want for implementing SSO or another method of automatic external authentication like header auth?

I'm happy to write the feature and raise a PR for this, but am a little unsure on how to handle the 'administrator' access level, as from the current implementation there is only one, whereas with a third party IDP you could potentially have a group of administrators.

[ildyria]

Hi,

There was a request for for LDAP integration but it ended up being rejected because the author was not complying to our phpstan requests and testing. :(

We do support Header Auth token (if generated by Lychee), but this requires pre-regisration.

I would also suggest you also have a look at:
https://laravel.com/docs/10.x/socialite
and
#792

You will still need to create a user in the Lychee DB (either on successful login to the SSO system) in order to track the rights, that will be the way to define whether admin access are provided or not.

[ildyria]

@dan-r FYI #2190 will provide Oauth support to major providers (Amazon, Facebook, Google, GitHub, NextCloud, Mastodon, Microsoft).

[dan-r]

@ildyria great news, thanks for letting me know. Sorry I didn't get the chance to take a look at implementing it! I'll give the PR a test.

[ildyria]

To clarify this still requires the user to have an account and then we link it.
But now that the ground work is laid down, it should be easy to add a setting to allow creation of accounts on Oauth authentication.