[PR #1488] [MERGED] Support SSO login via OIDC #8444

New issue

Closed

opened 2026-03-12 23:55:45 +03:00 by kerem · 0 comments

kerem commented

2026-03-12 23:55:45 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/0xJacky/nginx-ui/pull/1488
Author: @Jraaay
Created: 12/15/2025
Status: ✅ Merged
Merged: 12/15/2025
Merged by: @0xJacky

Base: dev ← Head: feat/oidc

📝 Commits (1)

e93e83f feat: support oidc login

📊 Changes

16 files changed (+373 additions, -42 deletions)

View changed files

📝 api/settings/settings.go (+3 -0)
➕ api/user/oidc.go (+207 -0)
📝 api/user/router.go (+3 -0)
📝 app.example.ini (+8 -0)
📝 app/src/api/auth.ts (+12 -0)
📝 app/src/api/settings.ts (+10 -0)
📝 app/src/views/other/Login.vue (+49 -6)
📝 app/src/views/preference/store/index.ts (+8 -0)
📝 docs/guide/env.md (+10 -0)
📝 docs/zh_CN/guide/env.md (+11 -0)
📝 docs/zh_TW/guide/env.md (+11 -0)
📝 go.mod (+2 -1)
📝 go.sum (+6 -33)
➕ settings/oidc.go (+12 -0)
📝 settings/settings.go (+2 -0)
📝 settings/settings_test.go (+19 -2)

📄 Description

This pull request adds support for OIDC (OpenID Connect) authentication to the application, allowing users to log in using an external OIDC provider. The changes include backend support for OIDC settings and authentication flow, frontend integration for OIDC login, and updates to settings management.

A config example are as follow:

[oidc]
ClientId     = clientid123456
ClientSecret = clientsecret123456
Endpoint     = https://example.com/oidc
RedirectUri  = http://localhost:9000/
Scopes       = openid profile email username
Identifier   = username

Note

Introduce OIDC-based SSO login, integrating new backend endpoints and settings, frontend login flow, example config, env docs, tests, and dependencies.

Auth/Backend:

Add OIDC flow with GET /oidc_uri and POST /oidc_callback using coreos/go-oidc and golang.org/x/oauth2; validates state via cookie, exchanges code, verifies ID token, maps claims for username, and issues JWT.

Introduce settings.OIDC (client_id, client_secret, endpoint, redirect_uri, scopes, identifier); expose in GET/POST /settings, env parsing, and example config; include tests in settings_test.go.

Update api/settings/settings.go to read/write oidc and persist; router wires new OIDC endpoints.

Dependencies: add github.com/coreos/go-oidc/v3 and direct golang.org/x/oauth2.

Frontend:

API: get_oidc_uri, oidc_login in app/src/api/auth.ts.

Login view: OIDC button and callback handling (detects nginx-ui-oidc_ state), strips query params post-login.

Settings store: add oidc fields and types.

Configuration & Docs:

Add [oidc] block to app.example.ini.

Document OIDC env vars in docs/guide/env.md, docs/zh_CN/guide/env.md, docs/zh_TW/guide/env.md.

^{Written by Cursor Bugbot for commit e93e83fdf3. This will update automatically on new commits. Configure here.}

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/0xJacky/nginx-ui/pull/1488 **Author:** [@Jraaay](https://github.com/Jraaay) **Created:** 12/15/2025 **Status:** ✅ Merged **Merged:** 12/15/2025 **Merged by:** [@0xJacky](https://github.com/0xJacky) **Base:** `dev` ← **Head:** `feat/oidc` --- ### 📝 Commits (1) - [`e93e83f`](https://github.com/0xJacky/nginx-ui/commit/e93e83fdf3ccf5cf7e5e57717a901f737ce72a62) feat: support oidc login ### 📊 Changes **16 files changed** (+373 additions, -42 deletions) <details> <summary>View changed files</summary> 📝 `api/settings/settings.go` (+3 -0) ➕ `api/user/oidc.go` (+207 -0) 📝 `api/user/router.go` (+3 -0) 📝 `app.example.ini` (+8 -0) 📝 `app/src/api/auth.ts` (+12 -0) 📝 `app/src/api/settings.ts` (+10 -0) 📝 `app/src/views/other/Login.vue` (+49 -6) 📝 `app/src/views/preference/store/index.ts` (+8 -0) 📝 `docs/guide/env.md` (+10 -0) 📝 `docs/zh_CN/guide/env.md` (+11 -0) 📝 `docs/zh_TW/guide/env.md` (+11 -0) 📝 `go.mod` (+2 -1) 📝 `go.sum` (+6 -33) ➕ `settings/oidc.go` (+12 -0) 📝 `settings/settings.go` (+2 -0) 📝 `settings/settings_test.go` (+19 -2) </details> ### 📄 Description This pull request adds support for OIDC (OpenID Connect) authentication to the application, allowing users to log in using an external OIDC provider. The changes include backend support for OIDC settings and authentication flow, frontend integration for OIDC login, and updates to settings management. A config example are as follow: ``` [oidc] ClientId = clientid123456 ClientSecret = clientsecret123456 Endpoint = https://example.com/oidc RedirectUri = http://localhost:9000/ Scopes = openid profile email username Identifier = username ```  --- > [!NOTE] > Introduce OIDC-based SSO login, integrating new backend endpoints and settings, frontend login flow, example config, env docs, tests, and dependencies. > > - **Auth/Backend**: > - Add OIDC flow with `GET /oidc_uri` and `POST /oidc_callback` using `coreos/go-oidc` and `golang.org/x/oauth2`; validates state via cookie, exchanges code, verifies ID token, maps claims for username, and issues JWT. > - Introduce `settings.OIDC` (`client_id`, `client_secret`, `endpoint`, `redirect_uri`, `scopes`, `identifier`); expose in `GET/POST /settings`, env parsing, and example config; include tests in `settings_test.go`. > - Update `api/settings/settings.go` to read/write `oidc` and persist; router wires new OIDC endpoints. > - Dependencies: add `github.com/coreos/go-oidc/v3` and direct `golang.org/x/oauth2`. > - **Frontend**: > - API: `get_oidc_uri`, `oidc_login` in `app/src/api/auth.ts`. > - Login view: OIDC button and callback handling (detects `nginx-ui-oidc_` state), strips query params post-login. > - Settings store: add `oidc` fields and types. > - **Configuration & Docs**: > - Add `[oidc]` block to `app.example.ini`. > - Document OIDC env vars in `docs/guide/env.md`, `docs/zh_CN/guide/env.md`, `docs/zh_TW/guide/env.md`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit e93e83fdf3ccf5cf7e5e57717a901f737ce72a62. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>