-
Notifications
You must be signed in to change notification settings - Fork 1.4k
feat: support for OIDC authentication #880
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Tested OK for me for (a) local oidc-server-mock and (b) auth0.
Note that the first time you run docker-compose up, kutt crashes trying to discover OIDC endpoints while oidc-server-mock is still starting.
rophy/kutt main branch now points to rophy/oidc branch + auto build.
docker build for testing: https://github.com/rophy/kutt/pkgs/container/kutt/main
Once OIDC is enabled, it's common that site admins will want to disable form-based logins. Ideally should be supported via config.
env.DISALLOW_FORM_LOGIN
Thank you, this looks excellent. I'll try it soon.
zachmann
commented
May 23, 2025
@poeti8 Any update on this? It would be great to have this feature merged.
@zachmann Yes, I'm really sorry for the delay, I was caught up with other things, I was gonna review and merge it this weekend, and I will.
The mock OIDC server doesn't run for me. I have the same error as Soluto/oidc-server-mock#165 which seems to be not resolved yet.
Any workarounds you can think of?
The mock OIDC server doesn't run for me. I have the same error as Soluto/oidc-server-mock#165 which seems to be not resolved yet.
Any workarounds you can think of?
The issue mentioned dexidp works fine for mac. Added a commit to replace oidc-server-mock with dexidp.
Password for the 2 users is "password".
Also fixed typo in the magical domain name, should be 7f000001.nip.io instead of 7f000101.nip.io
$ nslookup 7f000001.nip.io Server: 10.255.255.254 Address: 10.255.255.254#53 Non-authoritative answer: Name: 7f000001.nip.io Address: 127.0.0.1
Dex login UI showed 2 login options. I'm not sure what the second one "Log in with Example" does, but it did not work for me. The "Log in with Email" works.
Thanks, it worked for me now, I was able to login easily too. Superb job.
I changed my mind regarding the docker compose file. I think it's useful to have it as an example for people to see how it works. I'll add a note in the readme that says this is a mock server.
For the other two comments, what do you think and would you make the changes? If you don't have time I can take it up myself.
If all looks good so far, mat be we can get this merged first and pick up the other works in separated PRs? It helps me to be able to jump in and help on demand
drchiodo
commented
Jul 21, 2025
hi, any news about this PR? i'd like to use this feature
zachmann
commented
Jul 28, 2025
hi, any news about this PR? i'd like to use this feature
Yes, @poeti8 could we please get this merged and released? That would be great. I would like to see this in the release so I can use it.
tna76874
commented
Oct 18, 2025
Hi there,
anything new with the PR? I really like to use SSO with kutt.
Regards
Uh oh!
There was an error while loading. Please reload this page.
A prototype to enable OIDC support for #809.
How to test:
docker-compose -f docker-compose.oidc.yml up -d, which uses Soluto/oidc-server-mock for a simple OIDC server provider, configured with one client ID and two user accounts.Load kutt login page http://localhost:3000/login
You should see a "Login with OIDC" button (actually a link) at bottom:
image
Clicking the link redirects you to http://7f000101.nip.io:8080/
OIDC_ISSUERshould point to a real OIDC provider such as Google or Facebook.Login with the user accounts defined in docker-compose. Successful login should redirect back to kutt homepage.
If the user does not exist, it is created with a random password, with email verified.
The passport strategy of
openid-clientpackage requires express sesssion to be enabled. For cookie-session, it creates cookie like this:image
What are still missing in this PR: