started with Multi-Tenant OpenID.

TODO: working code but needs some refactoring and cleaning up.
2026-03-09 17:42:38 +01:00 · 2025-02-08 13:12:07 +01:00 · 2025-02-08 13:12:07 +01:00 · 6577144554
commit 6577144554
parent d786bf263c
10 changed files with 350 additions and 58 deletions
--- a/api/server/routes/config.js
+++ b/api/server/routes/config.js
@ -52,10 +52,9 @@ router.get('/', async function (req, res) {
          !!process.env.APPLE_KEY_ID &&
          !!process.env.APPLE_PRIVATE_KEY_PATH,
      openidLoginEnabled:
-        !!process.env.OPENID_CLIENT_ID &&
-        !!process.env.OPENID_CLIENT_SECRET &&
-        !!process.env.OPENID_ISSUER &&
+        !!process.env.OPENID_ENABLED &&
        !!process.env.OPENID_SESSION_SECRET,
+      openidMultiTenantEnabled: !!process.env.OPENID_MULTI_TENANT,
      openidLabel: process.env.OPENID_BUTTON_LABEL || 'Continue with OpenID',
      openidImageUrl: process.env.OPENID_IMAGE_URL,
      serverDomain: process.env.DOMAIN_SERVER || 'http://localhost:3080',
--- a/api/server/routes/oauth.js
+++ b/api/server/routes/oauth.js
@ -4,6 +4,7 @@ const passport = require('passport');
 const { loginLimiter, checkBan, checkDomainAllowed } = require('~/server/middleware');
 const { setAuthTokens } = require('~/server/services/AuthService');
 const { logger } = require('~/config');
+const { chooseOpenIdStrategy } = require('~/server/utils/openidHelper');

 const router = express.Router();

@ -30,7 +31,7 @@ const oauthHandler = async (req, res) => {

 router.get('/error', (req, res) => {
  // A single error message is pushed by passport when authentication fails.
-  logger.error('Error in OAuth authentication:', { message: req.session.messages.pop() });
+  logger.error('Error in OAuth authentication:', { message: req.session?.messages?.pop() });
  res.redirect(`${domains.client}/login`);
 });

@ -83,20 +84,32 @@ router.get(
 /**
 * OpenID Routes
 */
-router.get(
-  '/openid',
-  passport.authenticate('openid', {
-    session: false,
-  }),
-);
+router.get('/openid', async (req, res, next) => {
+  try {
+    const strategy = await chooseOpenIdStrategy(req);
+    console.log('OpenID login using strategy:', strategy);
+    passport.authenticate(strategy, {
+      session: false,
+    })(req, res, next);
+  } catch (err) {
+    next(err);
+  }
+});

 router.get(
  '/openid/callback',
-  passport.authenticate('openid', {
-    failureRedirect: `${domains.client}/oauth/error`,
-    failureMessage: true,
-    session: false,
-  }),
+  async (req, res, next) => {
+    try {
+      const strategy = await chooseOpenIdStrategy(req);
+      passport.authenticate(strategy, {
+        failureRedirect: `${domains.client}/oauth/error`,
+        failureMessage: true,
+        session: false,
+      })(req, res, next);
+    } catch (err) {
+      next(err);
+    }
+  },
  oauthHandler,
 );