enable redirect to oidc provider to empower sso solutions even further

2026-01-26 11:16:10 +01:00 · 2022-06-10 17:52:52 +02:00 · 2022-06-10 17:52:52 +02:00 · 84d51393e4
commit 84d51393e4
parent 2e354f9b1e
6 changed files with 72 additions and 57 deletions
--- a/packages/wekan-oidc/README.md
+++ b/packages/wekan-oidc/README.md
@ -47,6 +47,26 @@ See example below:

  NOTE: orgs & teams won't be updated if they already exist.

-  5. Manages admin rights as well. If user is in Group which has isAdmin: set to true, user will get admin 
-     privileges in Wekan as well. 
+  5. Manages admin rights as well. If user is in Group which has isAdmin: set to true, user will get admin
+     privileges in Wekan as well.
     If no adjustments (e.g. 1-3) are made on oidc provider's side, user will receive his/her admin rights from before.
+
+## For further empowerment of oidc as sso solution
+
+If you want to be redirected to your oidc provider on LOGIN without going the extra loop of signing in.
+On LOGOUT you will be redirected to the oidc provider as well.
+
+Add to your .env file:
+
+OIDC_REDIRECTION_ENABLED=true
+OAUTH2_SERVER_URL=http://localhost:9000
+DASHBOARD_URL=/if/session-end/wekan/
+
+Example for authentik.
+The latter specifies the OIDC Dashboard you'll get redirected on logout
+
+Flow:
+You need to have an oidc provider configured to get this feature
+Make sure to have
+Authorize Application (default-provider-authorization-implicit-consent)
+enabled
--- a/packages/wekan-oidc/oidc_client.js
+++ b/packages/wekan-oidc/oidc_client.js
@ -7,8 +7,6 @@ Oidc = {};
 //   error.
 Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
  // support both (options, callback) and (callback).
-  console.log("from client");
-  console.log(options);
  if (!credentialRequestCompleteCallback && typeof options === 'function') {
    credentialRequestCompleteCallback = options;
    options = {};
@ -57,14 +55,13 @@ Oidc.requestCredential = function (options, credentialRequestCompleteCallback) {
    width:  options.popupOptions.width || 320,
    height: options.popupOptions.height || 450
  };
-  OAuth.saveDataForRedirect(options.loginService, options.credentialToken);
-  Accounts.oauth.tryLoginAfterPopupClosed(credentialToken, credentialRequestCompleteCallback);
-  // OAuth.launchLogin({
-  //   loginService: 'oidc',
-  //   loginStyle: loginStyle,
-  //   loginUrl: loginUrl,
-  //   credentialRequestCompleteCallback: credentialRequestCompleteCallback,
-  //   credentialToken: credentialToken,
-  //   popupOptions: popupOptions,
-  // });
+
+  OAuth.launchLogin({
+    loginService: 'oidc',
+    loginStyle: loginStyle,
+    loginUrl: loginUrl,
+    credentialRequestCompleteCallback: credentialRequestCompleteCallback,
+    credentialToken: credentialToken,
+    popupOptions: popupOptions,
+  });
 };
--- a/packages/wekan-oidc/oidc_server.js
+++ b/packages/wekan-oidc/oidc_server.js
@ -19,8 +19,6 @@ var serviceData = {};
 var userinfo = {};

 OAuth.registerService('oidc', 2, null, function (query) {
-  console.log(Date.now());
-  console.log("query: ", query);
  var debug = process.env.DEBUG || false;

  var token = getToken(query);