Skip to content

feat: start oauth with autoLaunch=1 #18763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jrasm91 merged 12 commits into from
May 30, 2025
Merged

feat: start oauth with autoLaunch=1 #18763

jrasm91 merged 12 commits into from
May 30, 2025

Conversation

@Yetangitu
Copy link
Contributor

@Yetangitu Yetangitu commented May 29, 2025

By launching Immich with /auth/login?autoLaunch=1 an OpenID Connect login attempt is directly initated on installations where OAuth Auto Launch is not enabled. The intended use for this parameter is to enable Immich to be launched from e.g. Nextcloud using the External sites app and the oids OpenID Connect provider app so as to enable the user to directly interact with Immich without the need to press the Login with ... button.

Description

This PR implements the feature suggested in #18751:

It wwould be useful for Immich to have a way to directly access the OAuth login workflow through a URL or parameter (e.g. autoLaunch=1, i.e. the opposite of the action mentioned in https://immich.app/docs/administration/oauth#auto-launch).

Here's the use case I'm looking at:

  • Immich is linked into a Nextcloud instance through the 'External sites' app
  • Nextcloud acts as an OpenID Connect server using the OIDC app
  • Immich is configured to use this Nextcloud instance as OAuth provider
  • The web server is configured to allow embedding Immich from the Nextcloud domain
  • When the user activates the configured Immich instance by clicking on the icon in the Nextcloud header the Immich instance directly activates the OAuth login flow without having to press the 'Login with [Nextcloud instance name]' button
  • The user can directly interact with the logged-in Immich instance.

For an example of such a workflow have a look at what e.g. Peertube does when accessed through https://peertube.example.org/plugins/auth-openid-connect/0.1.3/auth/openid-connect - it does not show the login page but directly activates the OAuth login workflow, landing the user inside a logged-in instance.

This feature request aims to achieve the opposite of what featureFlags.oauthAutoLaunch enables in that it explicitly calls for autoLaunch on an instance which does not have this feature enabled instead of always using it with the option to disable it through the use of the autoLaunch=0 parameter. Adding an option to use autoLaunch=1 for the requested feature is probably the most clean way to do it, in ./src/routes/auth/login/+page.svelte (add a check for oauth.isAutoLaunchEnabled) and ./src/lib/utils.ts (add a test for isAutoLaunchEnabled)

How Has This Been Tested?

Tested using in-place edited JS files in the FF inspector for lack of a complete Immich build infrastructure.

API Changes

/auth/login?autoLaunch=1 - initiates OpenID Connect login process without the need for user interaction on systems which do not have OAuth Auto Launch enabled.

Checklist:

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation if applicable
  • I have no unrelated changes in the PR.
  • I have confirmed that any new dependencies are strictly necessary.
  • I have followed naming conventions/patterns in the surrounding code

Yetangitu added 2 commits May 30, 2025 00:32
@Yetangitu
Add automatic OpenID Connect login by using parameter autoLaunch=1
d681ec3 
By launching Immich with `/auth/login?autoLaunch=1` an OpenID Connect login attempt is directly initated on installations where OAuth Auto Launch is not enabled. The intended use for this parameter is to enable Immich to be launched from e.g. Nextcloud using the _External sites_ app and the _oids_ OpenID Connect provider app so as to enable the user to directly interact with Immich without the need to press the `Login with ...` button.
@Yetangitu
Add documentation for autolaunch by navigating to `/auth/login?autoLa…
fe7afd7 
…unch=1`
@github-actions github-actions bot added documentation Improvements or additions to documentation 🖥️web labels May 29, 2025
jrasm91
jrasm91 approved these changes May 30, 2025
View reviewed changes
Copy link
Member

@jrasm91 jrasm91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jrasm91 jrasm91 changed the title Direct OAuth login with /auth/login?autoLaunch=1 feat: start oauth with autoLaunch=1 May 30, 2025
jrasm91
jrasm91 reviewed May 30, 2025
View reviewed changes
Yetangitu added 2 commits May 30, 2025 20:37
@Yetangitu
Look ma, no braces!
79a4a44 
_This could be a single line_

And now it is, as is its predecessor.
@Yetangitu
Merge branch 'oauth_autolaunch_parameter' of github.com:Yetangitu/imm…
4f82afd 
…ich into oauth_autolaunch_parameter

Merge upstream
danieldietzler
danieldietzler reviewed May 30, 2025
View reviewed changes
danieldietzler
danieldietzler previously approved these changes May 30, 2025
View reviewed changes
@danieldietzler danieldietzler dismissed their stale review May 30, 2025 21:22

Didn't mean to approve it yet, sorry.

alextran1502
alextran1502 reviewed May 30, 2025
View reviewed changes
@jrasm91 jrasm91 enabled auto-merge (squash) May 30, 2025 22:04
@jrasm91 jrasm91 merged commit e2defbc into immich-app:main May 30, 2025
46 checks passed
@Yetangitu Yetangitu deleted the oauth_autolaunch_parameter branch May 30, 2025 22:19
savely-krasovsky pushed a commit to savely-krasovsky/immich that referenced this pull request Jun 8, 2025
@Yetangitu @savely-krasovsky
feat: start oauth with autoLaunch=1 (immich-app#18763)
0d55f77 
* Add automatic OpenID Connect login by using parameter `autoLaunch=1`

By launching Immich with `/auth/login?autoLaunch=1` an OpenID Connect login attempt is directly initated on installations where OAuth Auto Launch is not enabled. The intended use for this parameter is to enable Immich to be launched from e.g. Nextcloud using the _External sites_ app and the _oids_ OpenID Connect provider app so as to enable the user to directly interact with Immich without the need to press the `Login with ...` button.

* Add documentation for autolaunch by navigating to `/auth/login?autoLaunch=1`

* Look ma, no braces!

_This could be a single line_

And now it is, as is its predecessor.

* Change formatting to satisfy _prettier_

* if (condition) return true -> return condition

* More _prettier_ reformatting

* Look ma, braces!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrasm91 jrasm91 jrasm91 approved these changes

@alextran1502 alextran1502 alextran1502 left review comments

@danieldietzler danieldietzler danieldietzler approved these changes

Assignees

No one assigned

Labels

changelog:enhancement documentation Improvements or additions to documentation 🖥️web

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Yetangitu @jrasm91 @alextran1502 @danieldietzler @bo0tzz