Support logging in with an OAuth2 provider · monicahq/monica#1154

(14 commenti) (27 reazioni) (0 assegnatari)PHP (24.641 star) (2464 fork)batch import

feature requesthelp wantedsecurity

Descrizione

A rephrasing of the now-closed #558. And a reincarnation of #39.

As a user, I would like to be able to log in with a 3rd-party identity provider and not have to maintain yet another username and password credential pair.

This is probably only going to be useful for self-hosted installations -- they can decide who they trust. For the publicly hosted version, I don't know of many OAuth2 providers that has broad community trust. (Mozilla's Firefox Accounts maybe? I don't even know if 3rd parties can use it. Gitlab and/or Github as well?)

If support is implemented in a generic fashion, then users can spin up their own OAuth2 providers (RedHat's KeyCloak, a self-hosted Gitlab instance, there are many other projects.) and trust those.

Guida contributor

Tech stack: phplaravel
Dominio: authenticationbackend
Tipo issue: feature
Difficoltà: 4
Tempo stimato: over 1 week
Stato attività: stale
Chiarezza: mostly clear
Prerequisiti: Basic understanding of OAuth2Familiarity with Laravel authenticationKnowledge of PHP and LaravelExperience with socialite packages
Adatta ai principianti: 30
Direzione di ricerca: Investigate previous discussions in linked issues #558 and #39. Review the Laravel authentication system, particularly the use of Laravel Socialite for OAuth2. Look at the current login flow in routes and controllers. Consider which providers to support initially (e.g., GitHub, GitLab). Create a proposal outlining the architecture and required changes.