From b9724b71d71433e63013e5bf641889a4ba3d461b Mon Sep 17 00:00:00 2001 From: kamtschatka Date: Sun, 15 Sep 2024 19:08:53 +0200 Subject: feature: Added support for custom OIDC providers to set up authentication. Fixes #92 (#307) * https://github.com/hoarder-app/hoarder/issues/92 Added support for custom OIDC providers to set up authentication * Added support for custom OIDC providers to set up authentication #92 Showing OAuth errors in the signin page * Added support for custom OIDC providers to set up authentication #92 Added the possibility to log in using an API key in case OAuth is used * Added support for custom OIDC providers to set up authentication #92 improved the code to also promote the first user to admin if OAuth is used * revert extension changes * Simplify admin checks --------- Co-authored-by: MohamedBassem --- packages/shared/config.ts | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'packages/shared') diff --git a/packages/shared/config.ts b/packages/shared/config.ts index b2de8677..21cdb1c8 100644 --- a/packages/shared/config.ts +++ b/packages/shared/config.ts @@ -10,6 +10,12 @@ const stringBool = (defaultValue: string) => const allEnv = z.object({ API_URL: z.string().url().default("http://localhost:3000"), DISABLE_SIGNUPS: stringBool("false"), + OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING: stringBool("false"), + OAUTH_WELLKNOWN_URL: z.string().url().optional(), + OAUTH_CLIENT_SECRET: z.string().optional(), + OAUTH_CLIENT_ID: z.string().optional(), + OAUTH_SCOPE: z.string().default("openid email profile"), + OAUTH_PROVIDER_NAME: z.string().default("Custom Provider"), OPENAI_API_KEY: z.string().optional(), OPENAI_BASE_URL: z.string().url().optional(), OLLAMA_BASE_URL: z.string().url().optional(), @@ -47,6 +53,15 @@ const serverConfigSchema = allEnv.transform((val) => { apiUrl: val.API_URL, auth: { disableSignups: val.DISABLE_SIGNUPS, + oauth: { + allowDangerousEmailAccountLinking: + val.OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING, + wellKnownUrl: val.OAUTH_WELLKNOWN_URL, + clientSecret: val.OAUTH_CLIENT_SECRET, + clientId: val.OAUTH_CLIENT_ID, + scope: val.OAUTH_SCOPE, + name: val.OAUTH_PROVIDER_NAME, + }, }, inference: { jobTimeoutSec: val.INFERENCE_JOB_TIMEOUT_SEC, -- cgit v1.2.3-70-g09d2