starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2026-02-25 11:21:03 +03:00
Code Issues 396 Packages Projects Releases 16 Wiki Activity

login with OAuth2 #403

New Issue
Closed
opened 2026-02-04 19:03:50 +03:00 by OVERLORD · 4 comments
OVERLORD commented 2026-02-04 19:03:50 +03:00
Owner
Copy Link

Originally created by @CvH on GitHub (Jan 31, 2024).

Is it possible to login if just oauth2 is available?
We are bound to use https://github.com/thephpleague/oauth2-server and it is just offers Oauth2 and no OIDC.
The client used by planka panva/node-openid-client can deal with it, likewise its not implemented in planka yet.

According to 4db8f3e23e it sounds like it could work but sadly lacks the details.

This implementation should work with any OIDC-compliant IDP and even
OAuth 2.0-only IDPs as long as they serve and OIDC discovery document.

It sounds like it could work if I create a stub .well-known/openid-configuration file with some content ?

Originally created by @CvH on GitHub (Jan 31, 2024). Is it possible to login if just oauth2 is available? We are bound to use https://github.com/thephpleague/oauth2-server and it is just offers Oauth2 and no OIDC. The client used by planka [panva/node-openid-client](https://github.com/panva/node-openid-client) can deal with it, likewise its not implemented in planka yet. According to https://github.com/plankanban/planka/pull/524/commits/4db8f3e23e73c737189dc97d770a0e34151e2427 it sounds like it could work but sadly lacks the details. ``` This implementation should work with any OIDC-compliant IDP and even OAuth 2.0-only IDPs as long as they serve and OIDC discovery document. ``` It sounds like it could work if I create a stub `.well-known/openid-configuration` file with some content ?
OVERLORD added the help wanted label 2026-02-04 19:03:50 +03:00
OVERLORD commented 2026-02-04 19:04:07 +03:00
Author
Owner
Copy Link

@meltyshev commented on GitHub (Jan 31, 2024):

Hi! We haven't tested this possibility and it's hard to say what exactly is required, but probably with .well-known/openid-configuration it should work.

@meltyshev commented on GitHub (Jan 31, 2024): Hi! We haven't tested this possibility and it's hard to say what exactly is required, but probably with `.well-known/openid-configuration` it should work.
OVERLORD commented 2026-02-04 19:04:19 +03:00
Author
Owner
Copy Link

@CvH commented on GitHub (Feb 1, 2024):

I created a fake file at the webserver and planka starts at least and seems to try to login.

I needed to create a valid response file otherwise planka would crash.
added this to my nginx config

 # openid_connect stub
  location /oauth/authorize/.well-known/openid-configuration {
    return 200 '
      {
        "issuer":"https://www.myurl.com",
        "authorization_endpoint":"https://www.myurl.com/oauth/authorize/",
        "token_endpoint":"https://www.myurl.com/oauth/token",
        "scopes_supported":[
          "openid",
          "email",
          "profile"
        ]
      }
    ';
  }

The resonse from the webserver if I try to login is

{"error":"invalid_client","error_description":"Client authentication failed","message":"Client authentication failed"}

Checked ids etc and it should work. At both ends no errors received so likewise it tries something that is not working. Just to clarify I have no real idea about OIDC so maybe I made some basic mistake at the json above already.

@CvH commented on GitHub (Feb 1, 2024): I created a fake file at the webserver and planka starts at least and seems to try to login. I needed to create a valid response file otherwise planka would crash. added this to my nginx config ``` # openid_connect stub location /oauth/authorize/.well-known/openid-configuration { return 200 ' { "issuer":"https://www.myurl.com", "authorization_endpoint":"https://www.myurl.com/oauth/authorize/", "token_endpoint":"https://www.myurl.com/oauth/token", "scopes_supported":[ "openid", "email", "profile" ] } '; } ``` The resonse from the webserver if I try to login is ``` {"error":"invalid_client","error_description":"Client authentication failed","message":"Client authentication failed"} ``` Checked ids etc and it should work. At both ends no errors received so likewise it tries something that is not working. Just to clarify I have no real idea about OIDC so maybe I made some basic mistake at the json above already.
OVERLORD commented 2026-02-04 19:04:32 +03:00
Author
Owner
Copy Link

@woprandi commented on GitHub (Feb 8, 2024):

You will need at least the userinfo & logout endpoint.

{
"userinfo_endpoint": "http://<webserver>/userinfo",
"end_session_endpoint": "http://<webserver>/logout",
}
@woprandi commented on GitHub (Feb 8, 2024): You will need at least the userinfo & logout endpoint. ```json { "userinfo_endpoint": "http://<webserver>/userinfo", "end_session_endpoint": "http://<webserver>/logout", } ```
OVERLORD commented 2026-02-04 19:04:39 +03:00
Author
Owner
Copy Link

@meltyshev commented on GitHub (Aug 9, 2025):

This issue may have been resolved by https://github.com/plankanban/planka/pull/1290. Please feel free to reopen if it's still not fixed or if anyone else encounters it.

@meltyshev commented on GitHub (Aug 9, 2025): This issue may have been resolved by https://github.com/plankanban/planka/pull/1290. Please feel free to reopen if it's still not fixed or if anyone else encounters it.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
bug
documentation
documentation
duplicate
enhancement
good first issue
help wanted
pull-request
Mirrored from GitHub Pull Request
 question
wontfix
No Label help wanted
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/planka#403
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?