Skip to content

Disable local authentication and enable OIDC auto-redirect #898

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
muety merged 19 commits into from
Jan 21, 2026
Merged

Disable local authentication and enable OIDC auto-redirect #898

muety merged 19 commits into from
Jan 21, 2026

Conversation

@Skillkiller
Copy link
Contributor

@Skillkiller Skillkiller commented Jan 9, 2026

Implementation of #897

Closes #897

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 9, 2026
View reviewed changes
@Skillkiller
Copy link
Contributor Author

Skillkiller commented Jan 9, 2026

Hello @muety,
While developing this PR, I noticed that the CI is not running on my checked-out master. Can you take a look at the problem? The last CI runs on your repository were successful, so I don't understand the discrepancy.
To start the CI, I added an empty commit (38871eb) to the master branch.
master...skillkiller:wakapi:38871ebc80aff90e5295a1c8b3412f16fd83331a

Here are the logs from my CI execution:
https://github.com/Skillkiller/wakapi/actions/runs/20864698795
{753FEA19-7C50-4893-9856-E1AE6DA7DA88}

@muety
Copy link
Owner

muety commented Jan 16, 2026

CI is fixed 👍

@muety muety self-requested a review January 16, 2026 15:41
muety
muety requested changes Jan 16, 2026
View reviewed changes
Copy link
Owner

@muety muety left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may add a check to the PostSignup() view as well, probably right next to where AllowSignup is already being checked anyway.

Apart from that, your code looks good! 👍

Please add a view basic tests and let me know once this is ready for final review.

@Skillkiller
Copy link
Contributor Author

Skillkiller commented Jan 21, 2026
edited
Loading

Hi @muety,

I believe I have finished the implementation. Please take another look at the changes; I have also implemented your suggested code changes.

I've added unit tests for the following scenarios:

  • Get Login Page: Local login only
  • Get Login Page: Local auth and one OIDC provider
  • Get Login Page: One OIDC provider (direct redirect)
  • Get Login Page: Local auth and two OIDC providers
  • Get Login Page: No auth method
  • Post Login: Disabled local auth
  • Post Signup: Disabled local auth

Could you please verify if the unit tests are implemented correctly, especially regarding the configuration changes within the tests? My understanding is that the configuration is reset for each test. If that is not the case, please let me know, and I will revise the tests accordingly.

To make testing this PR easier, I have put together a small Docker Compose setup with a simple OIDC provider, along with the corresponding Wakapi configuration:
2354c2c

Wakapi configuration:

security:
  disable_local_auth: true
#  [...]
  oidc:                                     # list of openid connect providers available for user signup and login, see https://github.com/muety/wakapi/wiki/OpenID-Connect-login-(SSO)
    - name: oidc
      display_name: OIDC
      client_id: wakapi
      client_secret: wakapi
      endpoint: http://localhost:5556/dex/

@Skillkiller Skillkiller marked this pull request as ready for review January 21, 2026 15:00
@Skillkiller Skillkiller requested a review from muety January 21, 2026 15:00
@muety muety merged commit d4d04ba into muety:master Jan 21, 2026
2 checks passed
@muety
Copy link
Owner

muety commented Jan 21, 2026

Amazing contribution, thanks a lot! 🙌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@muety muety Awaiting requested review from muety

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Option to disable local authentication and enable OIDC auto-redirect

2 participants

@Skillkiller @muety