​Support additional Oauth2/OIDC/SAML providers

[dbrandonjohnson]

Description

Add support for additional authentication providers that support Oauth2, OIDC or SAML such as keycloak, authentik, Ipsilon or AzureAD.

Based on the current code base, it appears to only support Google and Github as identity providers.

Use case

Adding additional authentication options provides authentication for Self-Hosted users and Affine Cloud business customers that use authentication providers other than Google Auth or Github.

Anything else?

No response

Are you willing to submit a PR?

• Yes I'd like to help by submitting a PR!

[affine-issue-bot[bot]]

Issue Status: 🆕 *Untriaged

*🆕 Untriaged

The team has not yet reviewed the issue. We usually do it within one business day.
Docs: https://github.com/toeverything/AFFiNE/blob/canary/docs/issue-triaging.md

^{_{This is an automatic reply by the bot.}}

[forehalo]

Other auth providers are truly on the table, but TBH, they are in low priority.

[VladimirLevadnij]

Hi. Tell me, please, is there a detailed discussion of this topic somewhere (oAuth2 / OIDC / SAML)? In particular, I am interested in how architecturally it is planned to be implemented, with the help of which libraries? Perhaps you plan to use https://www.passportjs.org / ?

[forehalo]

we haven't had any further discussion regarding this. There is one thing I can tell you is we won't use passportjs because the integration with nestjs, which we build the server with, is not considered good enough for us.

[VladimirLevadnij]

Thank you, please tell me if I understand correctly that it is planned to abandon nestjs in the future? Or are you looking to refactor an existing implementation using nestjs?

[otahirs]

I would not be looking for adding one or two additional providers. Instead I would focus on implementing generic support for oAuth2 / OIDC protocols. So any provider can be set-up without the need to revisit the issue.

[forehalo]

by providers I mean auth methods, not any specific oauth venders