feat: Add Custom OIDC support for oauth configuration #17
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds custom OIDC (OpenID Connect) provider support to enable authentication with self-hosted identity providers like Pocket ID, Keycloak, Authentik, and Authelia. The implementation includes both frontend UI components for configuration and backend API handlers for OIDC discovery and authentication flows.
- Adds "custom" as a third OAuth provider option alongside existing GitHub and Cloudflare support
- Implements OIDC discovery endpoint to auto-populate configuration from well-known URLs
- Extends login page and security settings UI to support custom OIDC configuration with customizable display names
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 14 comments.
| File | Description |
|---|---|
| web/src/pages/login/index.tsx | Adds custom OIDC login button with configurable display name on the login page |
| web/src/components/settings/security-settings.tsx | Implements comprehensive custom OIDC configuration form with discovery functionality and validation |
| internal/api/auth.go | Adds backend handlers for OIDC discovery, custom OIDC authentication flow, and token exchange with userinfo extraction |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 14 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 12 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| c.JSON(http.StatusBadGateway, gin.H{"error": "读取 OIDC Token 响应失败"}) | ||
| return | ||
| } | ||
| fmt.Printf("🔑 Custom OIDC Token 响应: %s\n", string(body)) |
There was a problem hiding this comment.
The complete token response (which may contain sensitive information like access tokens or id tokens) is logged to stdout. This could expose credentials in log files. Consider logging only metadata like status codes or redacting sensitive fields from the logged response.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
|
Ok, for my opinion, only admin can control the Oauth setting, so we don't need to consider the attach issue |
|
@Mecozea Could you please give some suggestion? |
well, in my opinion, the current design of this part is quite good. However, in my plan, oauth2 is already sufficient for personal use. But if you insist on adding OIDC support, I will add it, but it might still take some time because I've been a bit busy recently. Thank you for your attention and contribution. and please wait for a few days and by the way ,the next version will support i18n. |
2 participants
background:
Pocket ID is a self hosted OIDC provider which can easily provide the passkey login ability.
login page:
Click Login with Pocket ID
Oauth configuration page:
form:
Tested in my local env, everything works well.
demo: