[PR #5847] [CLOSED] Extended logic to support more than one OIDC provider for authentication #6584

New Issue

Closed

opened 2026-02-05 10:36:07 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-05 10:36:07 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/5847
Author: @MarchoStoev
Created: 10/21/2025
Status: ❌ Closed

Base: development ← Head: multiple-oidc-providers

---

📝 Commits (1)

• 7c35208 Extended logic to support more than one OIDC provider for authentication

📊 Changes

7 files changed (+115 additions, -120 deletions)

View changed files

📝 app/Access/Controllers/LoginController.php (+2 -0)
📝 app/Access/Controllers/OidcController.php (+11 -10)
📝 app/Access/Oidc/OidcService.php (+45 -39)
📝 app/Config/oidc.php (+36 -56)
📝 resources/views/auth/parts/login-form-oidc.blade.php (+17 -11)
📝 resources/views/layouts/parts/header-user-menu.blade.php (+1 -1)
📝 routes/web.php (+3 -3)

📄 Description

Hi,
I tried extending the logic in the application so it can support multiple OpenID Connect OAuth providers.
Configuration changes:

1. Environmental variables changes

• New variable OIDC_PROVIDERS=provider1,provider2,provider3. Those will be the names used to map OAuth variables to specific provider.
• Other environmental variables should follow the standard naming convention with the name of the provider after the OIDC_ prefix. (Example: OIDC_PROVIDER1_CLIENT_ID=.....)
  That's for the configuration part. The mapping will be done in the oidc configuration by:
  1.1. Getting all providers from OIDC_PROVIDERS variable
  1.2. Splitting them on every ","
  1.3. Gathering the provided variables for all providers in the .env

2. Routes changes

• Only changes are to the oidc routes by adding /{provider} to the endpoints so the backend knows which provider's configuration to use. {provider} is the provider, specified in OIDC_PROVIDERS variable.

3. Controller and services changes

• All places which read the config are changed to get the configuration for the specified provider from the endpoint.

4. Session changes

• In the user session after a successful login I've saved a variable, named oidc_provider which stores the provider used to login, so I can know which provider to put in the logout button in the frontend.
• All places that save in the session something about the OIDC, I've added the provider as an affix.

5. View changes

• Dynamically adds all buttons in the login-form-oidc.blade.php
• Reads from session the provider to put in the logout button in header-user-menu.blade.php

Those are all the changes I've implemented. I tried my best to keep it as clean as I can. I hope it's useful to you. I'm open of course to feedback and all change suggestions will be much appreciated. Feel free to use my code however you like for the application. I feel like it will be an useful addition to the app.

Kind regards,
Mario Stoev

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/5847 **Author:** [@MarchoStoev](https://github.com/MarchoStoev) **Created:** 10/21/2025 **Status:** ❌ Closed **Base:** `development` ← **Head:** `multiple-oidc-providers` --- ### 📝 Commits (1) - [`7c35208`](https://github.com/BookStackApp/BookStack/commit/7c352089ee3618db37ac841731ca8e1e8f913b1f) Extended logic to support more than one OIDC provider for authentication ### 📊 Changes **7 files changed** (+115 additions, -120 deletions) <details> <summary>View changed files</summary> 📝 `app/Access/Controllers/LoginController.php` (+2 -0) 📝 `app/Access/Controllers/OidcController.php` (+11 -10) 📝 `app/Access/Oidc/OidcService.php` (+45 -39) 📝 `app/Config/oidc.php` (+36 -56) 📝 `resources/views/auth/parts/login-form-oidc.blade.php` (+17 -11) 📝 `resources/views/layouts/parts/header-user-menu.blade.php` (+1 -1) 📝 `routes/web.php` (+3 -3) </details> ### 📄 Description Hi, I tried extending the logic in the application so it can support multiple OpenID Connect OAuth providers. Configuration changes: 1. Environmental variables changes - New variable OIDC_PROVIDERS=provider1,provider2,provider3. Those will be the names used to map OAuth variables to specific provider. - Other environmental variables should follow the standard naming convention with the name of the provider after the OIDC_ prefix. (Example: OIDC_PROVIDER1_CLIENT_ID=.....) That's for the configuration part. The mapping will be done in the oidc configuration by: 1.1. Getting all providers from OIDC_PROVIDERS variable 1.2. Splitting them on every "," 1.3. Gathering the provided variables for all providers in the .env 2. Routes changes - Only changes are to the oidc routes by adding /{provider} to the endpoints so the backend knows which provider's configuration to use. {provider} is the provider, specified in OIDC_PROVIDERS variable. 3. Controller and services changes - All places which read the config are changed to get the configuration for the specified provider from the endpoint. 4. Session changes - In the user session after a successful login I've saved a variable, named oidc_provider which stores the provider used to login, so I can know which provider to put in the logout button in the frontend. - All places that save in the session something about the OIDC, I've added the provider as an affix. 5. View changes - Dynamically adds all buttons in the login-form-oidc.blade.php - Reads from session the provider to put in the logout button in header-user-menu.blade.php Those are all the changes I've implemented. I tried my best to keep it as clean as I can. I hope it's useful to you. I'm open of course to feedback and all change suggestions will be much appreciated. Feel free to use my code however you like for the application. I feel like it will be an useful addition to the app. Kind regards, Mario Stoev --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

OVERLORD added the pull-request label 2026-02-05 10:36:07 +03:00

OVERLORD closed this issue 2026-02-05 10:36:10 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

v25-12

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#6584