Skip to content
This repository was archived by the owner on Feb 15, 2026. It is now read-only.

OIDC support#3743

Closed
lenaxia wants to merge 182 commits intosct:developfrom
lenaxia:oidc-support
Closed

OIDC support#3743
lenaxia wants to merge 182 commits intosct:developfrom
lenaxia:oidc-support

Conversation

@lenaxia
Copy link

@lenaxia lenaxia commented Jan 9, 2024
edited
Loading

Description

This PR rebases the oidc changes to the current Overseerr mainline (develop), and fixes some improper OIDC implementation. Because of this, it now works with authelia. Changes have also been revalidated to work with a basic configuration of Authentik. I have not tested this with other OIDC providers.

I will open a new PR to sct/overseerr if we don't merge here.

Fixes include:

  • Adding support for scope and error parameters in the oidc-callback endpoint (these are all optional parameters)
  • fixing callback redirect_uri protocol generation to base on the initiating protocol, as opposed to assumping https, which is what it did previously
  • add support for the aud (audience) callback parameter being an array. the OIDC spec allows aud to be either a string, or an array of strings. Previous implementation here only allowed string when doing a oidc validation. This is now fixed to support both string and array
  • Added improved logging and error handling to make future debugging easier.
  • change default logging level to be info if LOG_LEVEL env variable is not defined (previously was debug)
  • Improved JWT token validation robustness

Screenshot (if UI-related)

To-Dos

  • Successful build yarn build
  • Translation keys yarn i18n:extract
  • [-] Database migration (if required)

Issues Fixed or Closed

ankarhem and others added 30 commits October 1, 2022 19:08
@ankarhem
feat: oidc support
ac2a197 
feat: oidc 2

feat: oidc
@ankarhem
feat: refactor out popup and use for oidc
7de7e1f
@ankarhem
feat(oidc): create user if it doesn't exist
52fd0b7
@ankarhem
docs: add api documentation for oidc endpoints
d2245c7
@ankarhem
chore(translations): extract strings
9277a65
@ankarhem
feat(oidc): add form validation for oidc settings
b0d1be7
@ankarhem
fix: add missing initial values to public settings
c74b9dc
@ankarhem
fix(docs): fix typo in docs
079b84c
@ankarhem
fix(oidc): invalidate when email not verified
afeefec
@ankarhem
fix: review comments
ef24e30
@ankarhem
fix(imports): fix invalid imports
49a0ba4
@ankarhem
fix(i18n): update extract
1db3644
@ankarhem
fix: invalid import
3dfc67a
@ankarhem
fix(oidc): use wellknown authorization endpoint
5886f83
@ankarhem
fix(oidc login): handle reset loading state
cefe1fe
@ankarhem
fix(oidc): allow paths in wellknown lookup
6e89948
@ankarhem
fix(oidc): allow insecure state cookie when using http
66fac20
@ankarhem
fix(oidc): look at protocol to decide callback protocol
765c38b
@lenaxia
Create oidc-ci.yml
d21ef20
@lenaxia
Update oidc-ci.yml
1d61289
fix the redirect uri generation to use x-forward-proto to allow handl…
4367ee3 
…ing of reverse proxies.
added additional logging and error handling to try to debug a scope p…
11aa3f2 
…arameter failure
add scope support for oidc
27dac31
scope missing is not a fatal error
de15f90
okay trying again with no error handling changes. Just logging and sc…
df8c1b5 
…ope support
oidc callback logging
b425604
log middlware
6a4537b
blah
55cea08
made proggress on oidc with better try catch
d00cf64
got oidc working for authelia
4c87717
fallenbagel and others added 19 commits January 3, 2024 00:49
@fallenbagel
feat: select default seriesType for anime (sct#3627)
2667c5d 
* feat: select default seriesType for anime

Added flexibility to set default anime series type in service settings. Now you can choose
'standard' for anime if you prefer it, making it easier to use features like searching for season
packs on Sonarr.

fix sct#3626

* feat: extracted translations
@OwsleyJr
feat: standard series type selector (sct#3628)
65045c2 
* feat: added a standard series type selector

* fix: moved series type property to correct interface
@TheCatLady @danshilm
feat(notif): add Pushover sound options (sct#2403)
e421ac4 
Co-authored-by: Danshil Kokil Mungur <me@danshilm.com>
@TheCatLady @danshilm
chore: specify files/directories to exclude from git archives (sct#2184)
8d9c808 
Co-authored-by: Danshil Kokil Mungur <me@danshilm.com>
@RemiRigal
feat: update SameSite policy of session cookie to Lax (sct#3650)
628a3d3 
* update session cookie samesite policy to lax

* set cookie samesite policy based on csrf protection setting
@OwsleyJr
fix: resolved issue with region selector and all regions value (sct#3652
0175a50 
)
@allcontributors
docs: add RemiRigal as a contributor for code (sct#3653) [skip ci]
5360b9c 
* docs: update README.md

* docs: update .all-contributorsrc

---------

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
@sct
fix: request watchlist items sequentially to prevent bypassing quota (s…
78ba438 
…ct#3667)
@sct
build: update node to 20.9 (sct#3668)
21ce557
@sct
build: do not link python for arm (sct#3670)
bebd1c4
@sct
build: update docker ubuntu images to 22.04 (sct#3671)
455dd35
@sct
build: use node 18 (sct#3675)
cc6da5c
@sct
build: add global node-gyp for arm (sct#3676)
0c0307b
@sct
build: correct node version in snapcraft (sct#3678)
fa92784
@masesisaac
feat(pushover): attach image to pushover notification payload (sct#3701)
895c846
rebase oidc work
b9fed11
icon fixes for heroicons v2
a7d9fac
debug should not be the default log level.
2c7b027
@lenaxia
Delete .github/workflows/oidc-ci.yml
589b4d5 
deleting it for PR back to mainline
@sct
Copy link
Owner

sct commented Jan 10, 2024

Would love to review this but there is something really weird going on with the commit history here? Can we fix that? it should be rebased on develop so we are only seeing your new changes overlayed on the current head.

@lenaxia
Copy link
Author

lenaxia commented Jan 10, 2024 via email

@lenaxia
Copy link
Author

lenaxia commented Jan 10, 2024

@sct Had to open a new PR because the history of this branch got way too messed up. So #3746

@lenaxia lenaxia closed this Jan 10, 2024
Repository owner deleted a comment Jan 10, 2024
Repository owner deleted a comment Jan 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@sct sct Awaiting requested review from sct sct is a code owner

@TheCatLady TheCatLady Awaiting requested review from TheCatLady TheCatLady is a code owner

@danshilm danshilm Awaiting requested review from danshilm danshilm is a code owner

@OwsleyJr OwsleyJr Awaiting requested review from OwsleyJr OwsleyJr is a code owner

@samwiseg0 samwiseg0 Awaiting requested review from samwiseg0 samwiseg0 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.