Added keycloak as external auth provider #482
Conversation
|
Hi @lucs7 and thanks for this nice addition. You mention keycloack but I guess any Oauth provider works too? |
|
I guess it depends how the auth url is constructed. I am not 100% sure if the request url is standardized but we could tes twith another provider. did you have something in mind? |
|
I thought of two cases: Authentik and Nextcloud. I'm just setting up LibreBooking in my workplace and I'd like to use Nextcloud as my identity provider. So I will give a try with Nextcloud first. The Nextcloud Oauth endpoints are:
|
|
We should make sure not to mix up oauth and openid-connect. For Nextcloud we have https://apps.nextcloud.com/apps/oidc with endpoint discovery which would need some furter changes |
|
You're right, both providers exist: Oauth2 as a built-in function (it's a recent feature). The OIDC App/plugin lacks a bit of stability and has no guarantee of being updated with Nextcloud forever, which is why I chose the built in Oauth2 Here's a 29.x Nextcloud instance showing OIDC App and built in Oauth2 providers parameters: |
|
Thank you very much for your work! This is exactly what I was looking for. Do you have any idea when this will be pushed? |
based on the scheme used for Google and Microsoft external auth, I added a keycloak provider that enables oauth through a keycloak instance.
Config for keycloak requires the following values
$conf['settings']['authentication']['keycloak.url'] = '';
$conf['settings']['authentication']['keycloak.realm'] = '';
$conf['settings']['authentication']['keycloak.client.id'] = '';
$conf['settings']['authentication']['keycloak.client.secret'] = '';
$conf['settings']['authentication']['keycloak.client.uri'] = '/Web/keycloak-auth.php';
Keycloak Configuration: