Using Authentik for auth ??

[ThierryIT]

What type of request is this?

Self-hosting improvement

Clear and concise description of the feature you are proposing

Hello,
Is it possible to be authenticated by a 3rd party apps like Authentik when using it-tools ?
Thx

Is their example of this tool in the wild?

Code-server, Gotify, Uptime-Kuma are all working when using Authentik (have to remove the auth)

Additional context

No response

Validations

• Check the feature is not already implemented in the project.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.
• Check that the feature can be implemented in a client side only app (IT-Tools is client side only, no server).

[sharevb]

Hi @ThierryIT , it probably could be. It tools is a client side only app with really no backend. I'm curious to know why will oauth2 be useful ?

[gitmotion]

@ThierryIT i'm running it fine with authentik. whats the error or situation you're seeing? in my experience though it-tools has a lot of built in caching so you'll need to clear cache and hard reload when you're authenkating (pun intended) so that the url params are actually passed down to authentik

wrote up something about the "expired auth cached state" here:
#1291 (comment)

[sharevb]

Hi @gitmotion , but you patched something some were ? (in case, I will apply to my fork to)

[gitmotion]

Hi @gitmotion , but you patched something some were ? (in case, I will apply to my fork to)

hey! yeahh i think i remember that one but i closed that pr. i was trying to add the package as a direct import but i believe the real problem is actually how the caching works on IT tools. probably returns a 200 response and doesn't redirect to complete the authentik authentication. so without the authentication from authentik the tool isn't able to load because it's forbidden to access assets at that point which it laid out the workaround in my comment in #1291

so it's with the caching - pros and cons though, not really a problem. personally i like the caching just doesn't play well with authentik

some ideas of possible solutions:

• fix forwarding the response / redirect after logging in with authentik instead of presenting the cached page. this is probably the real solution but i haven't looked into it yet so not sure if it's possible
• add /assets to the unauthenticated paths in authentik - less desired but works, not sure if it's a huge issue exposing assets like that but it just depends on your threat tolerance and setup

[sharevb]

Hi @gitmotion , ok so nothing to integrate in code to make "relation" with authentik ? may be make a build option for pwa with no cache...

[gitmotion]

Hi @gitmotion , ok so nothing to integrate in code to make "relation" with authentik ? may be make a build option for pwa with no cache...

ooh haven't had time to look at it but that makes sense that it could be related to the pwa cache i can take another look at it soon but i guess it theoretically could be no cache/forwarding or a mix 👍🏼