[PR #126] feat: Implement OIDC user management and authentication flow #157

New issue

Open

opened 2026-02-26 21:34:46 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 21:34:46 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/eduardolat/pgbackweb/pull/126
Author: @pascalinthecloud
Created: 7/18/2025
Status: 🔄 Open

Base: develop ← Head: feat/add-oidc-auth

📝 Commits (2)

6dd6818 feat: Implement OIDC user management and authentication flow
a3b2103 refactor: Remove flash message utility functions (dead code)

📊 Changes

24 files changed (+1464 additions, -91 deletions)

View changed files

➕ OIDC_INTEGRATION.md (+180 -0)
📝 cmd/app/main.go (+4 -1)
📝 cmd/changepw/main.go (+1 -1)
📝 go.mod (+9 -6)
📝 go.sum (+20 -12)
📝 internal/config/env.go (+11 -0)
📝 internal/config/env_validate.go (+16 -0)
➕ internal/database/migrations/20250708000000_add_oidc_support_to_users.sql (+35 -0)
📝 internal/service/auth/cookies.go (+4 -0)
📝 internal/service/auth/login.go (+5 -1)
➕ internal/service/auth/login_oidc.go (+27 -0)
➕ internal/service/oidc/oidc.go (+191 -0)
➕ internal/service/oidc/oidc_test.go (+242 -0)
➕ internal/service/oidc/queries.sql (+18 -0)
📝 internal/service/service.go (+9 -2)
📝 internal/service/users/create_user.go (+11 -2)
📝 internal/service/users/users.go (+5 -0)
📝 internal/view/middleware/inject_reqctx.go (+8 -5)
📝 internal/view/web/auth/create_first_user.go (+2 -1)
📝 internal/view/web/auth/login.go (+53 -3)

...and 4 more files

📄 Description

Hi there,
I've added the functionality of single sign on via OIDC. I tested that feature for about a week and didn't come across any problems.

Here are some screenshots showing the implementation.

Summary by CodeRabbit

New Features
- Added OpenID Connect (OIDC) integration, enabling authentication via external identity providers (e.g., Authentik, Keycloak) and supporting single sign-on (SSO).
- The login page now displays a "Login with SSO" button when OIDC is enabled.
- OIDC users are automatically created and updated on login, and can coexist with local users.
User Interface
- Profile update forms now block changes for OIDC users, displaying a message that profile information is managed externally.
Bug Fixes
- Improved session cookie security with HTTPS-only and SameSite attributes.
Documentation
- Added comprehensive documentation for OIDC setup, configuration, and troubleshooting.
Chores
- Updated and added dependencies to support OIDC and related features.
Tests
- Introduced extensive tests for OIDC authentication flows and related logic.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/eduardolat/pgbackweb/pull/126 **Author:** [@pascalinthecloud](https://github.com/pascalinthecloud) **Created:** 7/18/2025 **Status:** 🔄 Open **Base:** `develop` ← **Head:** `feat/add-oidc-auth` --- ### 📝 Commits (2) - [`6dd6818`](https://github.com/eduardolat/pgbackweb/commit/6dd6818cf87fd3c17413de3142acfbacc9b627f5) feat: Implement OIDC user management and authentication flow - [`a3b2103`](https://github.com/eduardolat/pgbackweb/commit/a3b2103078a972db77fe41410fbd17354c551dd5) refactor: Remove flash message utility functions (dead code) ### 📊 Changes **24 files changed** (+1464 additions, -91 deletions) <details> <summary>View changed files</summary> ➕ `OIDC_INTEGRATION.md` (+180 -0) 📝 `cmd/app/main.go` (+4 -1) 📝 `cmd/changepw/main.go` (+1 -1) 📝 `go.mod` (+9 -6) 📝 `go.sum` (+20 -12) 📝 `internal/config/env.go` (+11 -0) 📝 `internal/config/env_validate.go` (+16 -0) ➕ `internal/database/migrations/20250708000000_add_oidc_support_to_users.sql` (+35 -0) 📝 `internal/service/auth/cookies.go` (+4 -0) 📝 `internal/service/auth/login.go` (+5 -1) ➕ `internal/service/auth/login_oidc.go` (+27 -0) ➕ `internal/service/oidc/oidc.go` (+191 -0) ➕ `internal/service/oidc/oidc_test.go` (+242 -0) ➕ `internal/service/oidc/queries.sql` (+18 -0) 📝 `internal/service/service.go` (+9 -2) 📝 `internal/service/users/create_user.go` (+11 -2) 📝 `internal/service/users/users.go` (+5 -0) 📝 `internal/view/middleware/inject_reqctx.go` (+8 -5) 📝 `internal/view/web/auth/create_first_user.go` (+2 -1) 📝 `internal/view/web/auth/login.go` (+53 -3) _...and 4 more files_ </details> ### 📄 Description Hi there, I've added the functionality of single sign on via OIDC. I tested that feature for about a week and didn't come across any problems. Here are some screenshots showing the implementation. <img width="915" height="789" alt="image" src="https://github.com/user-attachments/assets/b7e0761a-7180-4159-81e2-d8feb8be9200" /> <img width="738" height="584" alt="image" src="https://github.com/user-attachments/assets/ac2f8311-5440-49ca-a500-c008cb3901a4" /> <img width="361" height="154" alt="image" src="https://github.com/user-attachments/assets/c1a6538d-44ef-4776-b5bd-3176137b5777" />  ## Summary by CodeRabbit * **New Features** * Added OpenID Connect (OIDC) integration, enabling authentication via external identity providers (e.g., Authentik, Keycloak) and supporting single sign-on (SSO). * The login page now displays a "Login with SSO" button when OIDC is enabled. * OIDC users are automatically created and updated on login, and can coexist with local users. * **User Interface** * Profile update forms now block changes for OIDC users, displaying a message that profile information is managed externally. * **Bug Fixes** * Improved session cookie security with HTTPS-only and SameSite attributes. * **Documentation** * Added comprehensive documentation for OIDC setup, configuration, and troubleshooting. * **Chores** * Updated and added dependencies to support OIDC and related features. * **Tests** * Introduced extensive tests for OIDC authentication flows and related logic.  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>