Richer reverse proxy authentication · TandoorRecipes/recipes#1134

(6 comments) (3 reactions) (0 assignees)HTML (4,470 stars) (500 forks)batch import

enhancementgood first issueinfrastructure

Description

Is your feature request related to a problem? Please describe.

Being able to use Authelia SSO without much fuss is great, but unfortunately the only piece of user information that recipes grabs right now is the HTTP_REMOTE_USER, which makes it hard to use the built in invite system!

Furthermore, the logout link is hard coded and cannot be overridden with an environment variable. This prevents being able to use an SSO logout url e.g. https://authelia.example.com/logout

Describe the solution you'd like

Add support for other header fields like:

HTTP_REMOTE_NAME
HTTP_REMOTE_EMAIL

Update this information as required when a user logs in e.g. their email address has changed.
Add an environmental variable REVERSE_PROXY_AUTH_LOGOUT to specify a custom logout URL.

Describe alternatives you've considered I guess I could manage users in Recipes as well as in Authelia, but that means double-handling of information for my use case.

Contributor guide

Tech stack: pythondjango
Domain: backendauthentication
Issue type: feature
Difficulty: 3
Estimated time: half day
Activity status: stale
Clarity: clear
Prerequisites: Django authenticationreverse proxy configurationenvironment variables
Newbie friendliness: 50
Research direction: Investigate the current reverse proxy authentication implementation in the codebase, likely in `recipes/` or `cookbook/` directories. Look for how HTTP REMOTE USER is currently handled and where environment variables are loaded. Check comments #1134 for additional user suggestions. Consider adding a middleware or modifying existing authentication backend to read additional headers and an environment variable for logout URL.