Skip to content

Support SSO login via OIDC #1488

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
0xJacky merged 1 commit into from
Dec 15, 2025
Merged

Support SSO login via OIDC #1488

0xJacky merged 1 commit into from
Dec 15, 2025

Conversation

@Jraaay
Copy link
Contributor

@Jraaay Jraaay commented Dec 15, 2025
edited by cursor bot
Loading

This pull request adds support for OIDC (OpenID Connect) authentication to the application, allowing users to log in using an external OIDC provider. The changes include backend support for OIDC settings and authentication flow, frontend integration for OIDC login, and updates to settings management.

A config example are as follow:

[oidc]
ClientId     = clientid123456
ClientSecret = clientsecret123456
Endpoint     = https://example.com/oidc
RedirectUri  = http://localhost:9000/
Scopes       = openid profile email username
Identifier   = username

Note

Introduce OIDC-based SSO login, integrating new backend endpoints and settings, frontend login flow, example config, env docs, tests, and dependencies.

  • Auth/Backend:
    • Add OIDC flow with GET /oidc_uri and POST /oidc_callback using coreos/go-oidc and golang.org/x/oauth2; validates state via cookie, exchanges code, verifies ID token, maps claims for username, and issues JWT.
    • Introduce settings.OIDC (client_id, client_secret, endpoint, redirect_uri, scopes, identifier); expose in GET/POST /settings, env parsing, and example config; include tests in settings_test.go.
    • Update api/settings/settings.go to read/write oidc and persist; router wires new OIDC endpoints.
    • Dependencies: add github.com/coreos/go-oidc/v3 and direct golang.org/x/oauth2.
  • Frontend:
    • API: get_oidc_uri, oidc_login in app/src/api/auth.ts.
    • Login view: OIDC button and callback handling (detects nginx-ui-oidc_ state), strips query params post-login.
    • Settings store: add oidc fields and types.
  • Configuration & Docs:
    • Add [oidc] block to app.example.ini.
    • Document OIDC env vars in docs/guide/env.md, docs/zh_CN/guide/env.md, docs/zh_TW/guide/env.md.

Written by Cursor Bugbot for commit e93e83f. This will update automatically on new commits. Configure here.

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 15, 2025
View reviewed changes
@Jraaay Jraaay force-pushed the feat/oidc branch 3 times, most recently from 9de74b6 to 83b781c Compare December 15, 2025 07:22
@Jraaay Jraaay changed the title Add support for oidc login Add support for OIDC login Dec 15, 2025
@Jraaay Jraaay changed the title Add support for OIDC login Add support for sso login using OIDC Dec 15, 2025
@Jraaay Jraaay changed the title Add support for sso login using OIDC Support SSO login via OIDC Dec 15, 2025
@Jraaay Jraaay marked this pull request as ready for review December 15, 2025 07:36
@0xJacky
Copy link
Owner

0xJacky commented Dec 15, 2025

@cursor review

Repository owner deleted a comment from cursor bot Dec 15, 2025
@0xJacky 0xJacky merged commit 0e7ea57 into 0xJacky:dev Dec 15, 2025
27 checks passed
@0xJacky
Copy link
Owner

0xJacky commented Dec 15, 2025

LGTM 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Jraaay @0xJacky