console icon indicating copy to clipboard operation
console copied to clipboard
verified publisher icon phasehq

Additional specific or custom SSO Provider

Open JavertArdo opened this issue 1 year ago • 1 comments

Is your feature request related to a problem?

In self-hosted environment some of the enthusiasts use many other SSO providers like Authentik or Authelia. In the current implementation there are only three options available: Google, GitHub and Gitlab. Only one of them in theory could be hosted in own lab environment (if we talking about something like community editions of the software). The other two are managed by external organizations. These three mentioned SSO providers may not be the most suitable options for self managed use case. Some of the developers may not want to link with external accounts, if they self-host everything or if they want to simply test out the software locally.

image

Describe the solution you'd like

Could it be possible to add other provider options? From what I see in the code, Phase uses next-auth library which contains many other provider configurations e.g. Authentik. The other option, if addition of specific providers is tedious, could be to let the user configure custom provider NextAuth.js: Using a custom provider in more flexible manner. For example to load custom provider configuration from .js file.

Describe alternatives you've considered

Implement classic user registration/login form instead of configuring SSO provider.

JavertArdo avatar Sep 09 '24 19:09 JavertArdo

Hey @JavertArdo 👋🏻

yeah, been thinking along the same lines for a while. most of the homelab users who want to self-host their SSO solution usually tend to go with GitLab. Authentik is a good suggestion as they already seem to have a NextAuth.js provider https://next-auth.js.org/providers/authentik and the Oauth2 implementation seems straight forward https://goauthentik.io/docs/providers/oauth2.

classic username + password + 2fa auth is going to require a non-trivial rewrite of our sign up, sign in and account recovery modules. but we have it on our roadmap.

nimish-ks avatar Sep 16 '24 06:09 nimish-ks

+1 for this feature request. It was a bit disappointing finding out that the SSO providers are required for the self hosted deployment, that was only clear to me after I hassled through the docker installation process. I also use a locally hosted Authelia instance so it would be really great to this see this custom SSO integration.

I suggest to mention this in the comment of .env.example as I only stumbled upon this extra information after I had an error regarding "NEXT_PUBLIC_NEXTAUTH_PROVIDERS" being not set.

Daniel-Leer avatar May 31 '25 23:05 Daniel-Leer

Let me also double the interest on Authentik as an alternative to Gitlab's heavy lifting machinery.

matbgn avatar Jun 18 '25 10:06 matbgn

Folks, we are picking this up!

nimish-ks avatar Jul 11 '25 06:07 nimish-ks

Update: Authentik SSO support is now live in Phase Console v2.49.0. Give it a shot.

You can find the docs here: https://docs.phase.dev/access-control/authentication/oauth-sso#authentik

Thank you guys for being so patient! :D

nimish-ks avatar Jul 17 '25 07:07 nimish-ks