starred/panel-pelican-dev
1
0
Fork 0
mirror of https://github.com/pelican-dev/panel.git synced 2026-05-04 18:00:48 +03:00
Code Issues 41 Packages Projects Releases 10 Wiki Activity

Oauth (via socialite) #105

New Issue
Closed
opened 2026-02-05 17:08:25 +03:00 by OVERLORD · 11 comments
OVERLORD commented 2026-02-05 17:08:25 +03:00
Owner
Copy Link

Originally created by @Boy132 on GitHub (Jun 13, 2024).

Originally assigned to: @Boy132 on GitHub.

https://laravel.com/docs/11.x/socialite
https://socialiteproviders.com/

  • Backend (#386)
  • Frontend (#718 & #416)
  • Add more providers (e.g. authentik, google, microsoft, steam) (#718)
  • Make it easier to add additional providers (without code edit) (#718)
  • Make OAuth settings configurable via panel UI (#839)
Originally created by @Boy132 on GitHub (Jun 13, 2024). Originally assigned to: @Boy132 on GitHub. https://laravel.com/docs/11.x/socialite https://socialiteproviders.com/ - [x] Backend (#386) - [x] Frontend (#718 & #416) - [x] Add more providers (e.g. authentik, google, microsoft, steam) (#718) - [x] Make it easier to add additional providers (without code edit) (#718) - [x] Make OAuth settings configurable via panel UI (#839)
OVERLORD added the 🟡 medium label 2026-02-05 17:08:25 +03:00
OVERLORD commented 2026-02-05 17:08:31 +03:00
Author
Owner
Copy Link

@KeyTerminal commented on GitHub (Jun 15, 2024):

Would be nice to see an option for JIT(Just-In-Time) provisioning added to create users upon sign-in via SSO.

@KeyTerminal commented on GitHub (Jun 15, 2024): Would be nice to see an option for JIT(Just-In-Time) provisioning added to create users upon sign-in via SSO.
OVERLORD commented 2026-02-05 17:08:34 +03:00
Author
Owner
Copy Link

@timoschirmer commented on GitHub (Jun 15, 2024):

Would love to see support for authentik or some kind of generic oauth2 provider in the future.

@timoschirmer commented on GitHub (Jun 15, 2024): Would love to see support for authentik or some kind of generic oauth2 provider in the future.
OVERLORD commented 2026-02-05 17:08:35 +03:00
Author
Owner
Copy Link

@KeyTerminal commented on GitHub (Jun 15, 2024):

Would love to see support for authentik or some kind of generic oauth2 provider in the future.

Authentik is already supported see here https://socialiteproviders.com/Authentik/#installation-basic-usage
just gotta make some changes to get it working.

@KeyTerminal commented on GitHub (Jun 15, 2024): > Would love to see support for authentik or some kind of generic oauth2 provider in the future. Authentik is already supported see here https://socialiteproviders.com/Authentik/#installation-basic-usage just gotta make some changes to get it working.
OVERLORD commented 2026-02-05 17:08:37 +03:00
Author
Owner
Copy Link

@andyondrya commented on GitHub (Jun 16, 2024):

Weird migration error,


   INFO  Running migrations.  

  2024_06_13_120409_add_oauth_column_to_users .............................................................................. 1.30ms FAIL

In Connection.php line 813:
                                                                                                                                         
  SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL (Connection: sqlite, SQL: alter table "users"   
  add column "oauth" text not null)                                                                                                      
                                                                                                                                         

In Connection.php line 571:
                                                                                          
  SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL
@andyondrya commented on GitHub (Jun 16, 2024): Weird migration error, ```bash INFO Running migrations. 2024_06_13_120409_add_oauth_column_to_users .............................................................................. 1.30ms FAIL In Connection.php line 813: SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL (Connection: sqlite, SQL: alter table "users" add column "oauth" text not null) In Connection.php line 571: SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL
OVERLORD commented 2026-02-05 17:08:39 +03:00
Author
Owner
Copy Link

@rmartinoscar commented on GitHub (Jun 17, 2024):

Weird migration error,

   INFO  Running migrations.  

  2024_06_13_120409_add_oauth_column_to_users .............................................................................. 1.30ms FAIL

In Connection.php line 813:
                                                                                                                                         
  SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL (Connection: sqlite, SQL: alter table "users"   
  add column "oauth" text not null)                                                                                                      
                                                                                                                                         

In Connection.php line 571:
                                                                                          
  SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL

Fixed in PR #409

@rmartinoscar commented on GitHub (Jun 17, 2024): > Weird migration error, > > ```shell > INFO Running migrations. > > 2024_06_13_120409_add_oauth_column_to_users .............................................................................. 1.30ms FAIL > > In Connection.php line 813: > > SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL (Connection: sqlite, SQL: alter table "users" > add column "oauth" text not null) > > > In Connection.php line 571: > > SQLSTATE[HY000]: General error: 1 Cannot add a NOT NULL column with default value NULL > ``` Fixed in [PR #409](https://github.com/pelican-dev/panel/pull/409)
OVERLORD commented 2026-02-05 17:08:40 +03:00
Author
Owner
Copy Link

@KeyTerminal commented on GitHub (Jun 18, 2024):

Would be nice to see enforce MFA as an option as well.

Using the amr attribute within the OAuth token contains the types auth the user has completed
at the identity provider, an example:
"amr": [
"pwd",
"mfa"
],

You could use this to add an option to enforce MFA which would deny the login if the amr token doesn't contain "mfa".

@KeyTerminal commented on GitHub (Jun 18, 2024): Would be nice to see enforce MFA as an option as well. Using the amr attribute within the OAuth token contains the types auth the user has completed at the identity provider, an example: "amr": [ "pwd", "mfa" ], You could use this to add an option to enforce MFA which would deny the login if the amr token doesn't contain "mfa".
OVERLORD commented 2026-02-05 17:08:43 +03:00
Author
Owner
Copy Link

@eligibbs commented on GitHub (Nov 8, 2024):

Would love to see support for authentik or some kind of generic oauth2 provider in the future.

Authentik is already supported see here https://socialiteproviders.com/Authentik/#installation-basic-usage just gotta make some changes to get it working.

I've followed the couple things listed there, what else needs done to enable logging in with authentik? I'm really not seeing anything else for it

@eligibbs commented on GitHub (Nov 8, 2024): > > Would love to see support for authentik or some kind of generic oauth2 provider in the future. > > Authentik is already supported see here https://socialiteproviders.com/Authentik/#installation-basic-usage just gotta make some changes to get it working. I've followed the couple things listed there, what else needs done to enable logging in with authentik? I'm really not seeing anything else for it
OVERLORD commented 2026-02-05 17:08:44 +03:00
Author
Owner
Copy Link

@Boy132 commented on GitHub (Nov 8, 2024):

Would love to see support for authentik or some kind of generic oauth2 provider in the future.

Authentik is already supported see here https://socialiteproviders.com/Authentik/#installation-basic-usage just gotta make some changes to get it working.

I've followed the couple things listed there, what else needs done to enable logging in with authentik? I'm really not seeing anything else for it

Currently only the backend for oauth works, there is no frontend yet. So you can't use it yet.

@Boy132 commented on GitHub (Nov 8, 2024): > > > Would love to see support for authentik or some kind of generic oauth2 provider in the future. > > > > > > Authentik is already supported see here https://socialiteproviders.com/Authentik/#installation-basic-usage just gotta make some changes to get it working. > > I've followed the couple things listed there, what else needs done to enable logging in with authentik? I'm really not seeing anything else for it Currently only the backend for oauth works, there is no frontend yet. So you can't use it yet.
OVERLORD commented 2026-02-05 17:08:45 +03:00
Author
Owner
Copy Link

@eligibbs commented on GitHub (Nov 8, 2024):

Currently only the backend for oauth works, there is no frontend yet. So you can't use it yet.

I see. Would love to get this working, but I doubt I'll be of any help. I'll happily be a test-bed when time come though

@eligibbs commented on GitHub (Nov 8, 2024): > Currently only the backend for oauth works, there is no frontend yet. So you can't use it yet. I see. Would love to get this working, but I doubt I'll be of any help. I'll happily be a test-bed when time come though
OVERLORD commented 2026-02-05 17:08:47 +03:00
Author
Owner
Copy Link

@Felitendo commented on GitHub (Dec 23, 2024):

Is there a way to use OIDC/Oauth2 as of now even without the configuration settings UI?

Edit: I got it working.

For anyone using Authentik:

put this inside your .env:

OAUTH_AUTHENTIK_ENABLED=true
OAUTH_AUTHENTIK_CLIENT_ID=client_id_from_authentik_oauth_app
OAUTH_AUTHENTIK_CLIENT_SECRET=client_secret_from_authentik_oauth_app
OAUTH_AUTHENTIK_BASE_URL=https://auth.domain.tld

and you can change the "Authentik" Label to anything here: https://github.com/pelican-dev/panel/blob/main/config/auth.php#L104C10-L104C19

after you configure those, you should see a button on /app/login and /admin/login routes.

image

@Felitendo commented on GitHub (Dec 23, 2024): Is there a way to use OIDC/Oauth2 as of now even without the configuration settings UI? Edit: I got it working. For anyone using Authentik: put this inside your .env: ``` OAUTH_AUTHENTIK_ENABLED=true OAUTH_AUTHENTIK_CLIENT_ID=client_id_from_authentik_oauth_app OAUTH_AUTHENTIK_CLIENT_SECRET=client_secret_from_authentik_oauth_app OAUTH_AUTHENTIK_BASE_URL=https://auth.domain.tld ``` and you can change the "Authentik" Label to anything here: https://github.com/pelican-dev/panel/blob/main/config/auth.php#L104C10-L104C19 after you configure those, you should see a button on /app/login and /admin/login routes. ![image](https://github.com/user-attachments/assets/36355e86-a0ec-4245-90c4-1db1fdda9daf)
OVERLORD commented 2026-02-05 17:08:50 +03:00
Author
Owner
Copy Link

@eligibbs commented on GitHub (Dec 29, 2024):

I also have this working this way. If we could, it would be nice to define some scopes (like for groups/role claim/auto user linking). Fantastic for internal use for now!

@eligibbs commented on GitHub (Dec 29, 2024): I also have this working this way. If we could, it would be nice to define some scopes (like for groups/role claim/auto user linking). Fantastic for internal use for now!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
not confirmed
pull-request
Mirrored from GitHub Pull Request
 👑 sponsor
💰 fund
🔴 hard
🟡 medium
🟡 medium
🟡 medium
🟢 easy
🟢 easy
🟢 easy
No Label 🟡 medium
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/panel-pelican-dev#105
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?