feat(@jitsu/console): add generic OIDC provider SSO #1152
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR includes the possibility of including a generic OIDC-based SSO on the console in addition to the current Github OAuth. Hence, it provides a more generic way to connect to a provider and delegate multi-user authentication via the AUTH_OIDC_PROVIDER.
Why?
Although Github OAuth does its job with a simple configuration, it lacks the capacity to provide an enterprise case delegation for authorization and authentication management like tools like Auth0 and Keycloak, for instance, which might work as a proxy for other providers while also providing features like RBAC.
How?
Through the
AUTH_OIDC_PROVIDER
environment variable, the jitsu self-hosted admin can pass a JSON object containing at least a validissuer
,clientId
, andclientSecret
of a provider compliant with the OIDC Discovery spec that provides a/.well-known/openid-configuration
endpoint.The implementation relies on a custom provider implementation of NextAuth.js, while being careful to provide profile that can fill the jitsu UserProfile schema definition and related tables.
Examples
Auth0
Env Config
Demo
Gravacao.de.Tela.2024-12-10.as.04.10.58.mov
Keycloak
Env Config