Support logging in with an OAuth2 provider · monicahq/monica#1154

(14 评论) (27 反应) (0 负责人)PHP (24,641 star) (2,464 fork)batch import

feature requesthelp wantedsecurity

描述

A rephrasing of the now-closed #558. And a reincarnation of #39.

As a user, I would like to be able to log in with a 3rd-party identity provider and not have to maintain yet another username and password credential pair.

This is probably only going to be useful for self-hosted installations -- they can decide who they trust. For the publicly hosted version, I don't know of many OAuth2 providers that has broad community trust. (Mozilla's Firefox Accounts maybe? I don't even know if 3rd parties can use it. Gitlab and/or Github as well?)

If support is implemented in a generic fashion, then users can spin up their own OAuth2 providers (RedHat's KeyCloak, a self-hosted Gitlab instance, there are many other projects.) and trust those.

贡献者指南

技术栈: phplaravel
领域: authenticationbackend
议题类型: feature
难度: 4
预计时间: over 1 week
活动状态: stale
清晰度: mostly clear
前置要求: Basic understanding of OAuth2Familiarity with Laravel authenticationKnowledge of PHP and LaravelExperience with socialite packages
新手友好度: 30
研究方向: Investigate previous discussions in linked issues #558 and #39. Review the Laravel authentication system, particularly the use of Laravel Socialite for OAuth2. Look at the current login flow in routes and controllers. Consider which providers to support initially (e.g., GitHub, GitLab). Create a proposal outlining the architecture and required changes.