Skip to content

Implement external applications authentication flow #104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kernoeb wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Implement external applications authentication flow #104

kernoeb wants to merge 8 commits into from

Conversation

@kernoeb
Copy link
Collaborator

@kernoeb kernoeb commented Jan 14, 2026

Summary

Implemented a simplified authentication flow for external applications (e.g., desktop apps) to authenticate users via the simple-directory service.

Changes

  • API Endpoints:
    • GET /api/auth/apps/authorize: Validates application configuration and redirects to the UI for user confirmation.
    • POST /api/auth/apps/authorize: Generates a short-lived authorization code after user confirmation.
    • POST /api/auth/apps/login: Exchanges the authorization code for session cookies.
  • UI Improvements:
    • Added a new authorizeApp step in the login page for user confirmation.
    • Added an appRedirected success state with a message and automatic window closing attempt.
    • Improved layout spacing for the login card and logo.
  • Configuration:
    • Added applications support in global and site-level configurations (ID, Name, Redirect URIs).
  • Localization: Added French and English translations for the new authorization steps.
  • Testing: Added comprehensive integration tests in test-it/external-apps-authorization.ts.

@kernoeb
feat: add OAuth2 authorization code flow endpoints
c30e74e 
Add /api/auth/authorize and /api/auth/token endpoints to enable OAuth2
authorization code flow for desktop applications and external clients.

- Add oauth2Server config with typed client definitions
- Add oauthCodes MongoDB collection with 5-minute TTL
- Support configurable redirect URIs per client
- Generate access_token and id_token_ex for authenticated users
@kernoeb
test: add integration tests for OAuth2 Authorization Code flow
1c3aaef
@kernoeb
fix: ensure oauth2 authorize redirect respects site context
9295266
@kernoeb
feat: replace oauth2 server with simplified external apps auth flow
65ce16b
@kernoeb
refactor: remove oauth2 comments and ts-ignore
0b442d1
@kernoeb
feat: add user confirmation step before authorizing external apps
901d943 
- GET /api/auth/apps/authorize now redirects to login UI with step=authorizeApp
- Added POST /api/auth/apps/authorize endpoint that generates the auth code after user confirms
- Added authorizeApp step in login.vue with confirmation message and buttons
- User must click 'Authorize' to generate code, can click 'Cancel' to deny access
- Added i18n translations for authorization UI (fr/en)
@kernoeb
feat: add close tab message after app authorization redirect
60522c0 
- Show 'You can close this tab' message after redirecting to app
- Attempt window.close() for better UX
- Improve spacing between logo, card and maildev link
- Fix icon syntax to use mdiCheckCircle variable
@kernoeb
fix: remove automatic window close after app authorization
2e6eef3 
Window close cannot reliably detect if user confirmed custom protocol
URLs (my-app://), and window.close() only works for windows opened via
window.open(). Users will now see the success message and close manually.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kernoeb