OIDC authentication support for openmaxio-object-browser console #23
Description
Hello team,
I am currently deploying the openmaxio-object-browser console as a container on a Kubernetes cluster, using it as a replacement for the now-deprecated MinIO Console.
I would like to integrate OIDC authentication using Okta, similar to what was supported in the official MinIO Console (via MINIO_IDENTITY_OPENID_* settings and/or the mc configuration). So far, I've tried configuring the following environment variables in the container:
CONSOLE_OIDC_ENABLED=on
CONSOLE_OIDC_IDP_URL=https://<custom>.okta.com/oauth2/...
CONSOLE_OIDC_CLIENT_ID=...
CONSOLE_OIDC_CLIENT_SECRET=...
CONSOLE_OIDC_SCOPES=openid,profile,email,groups
CONSOLE_OIDC_REDIRECT_URI=https://<domain>/oauth_callback
CONSOLE_OIDC_DISPLAY_NAME=Okta
Despite this, the UI does not display any OIDC login button or redirect to the provider, and I don't see any handler bound to /oauth_callback. It seems that the current console implementation in this project may not include full OIDC support.
My questions:
Does openmaxio-object-browser currently support OIDC authentication in the browser console?
If not, is OIDC support planned or on the roadmap?
If yes, could you clarify how it must be configured (and whether specific backend or build options are required)?
Is there an alternative approach (e.g., relying on mc only for OIDC token generation and passing it to the console)?
Thanks in advance for your help and for maintaining the project!
Best regards,
Clément