Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow the creation of Authentik OAuth apps via the Nest CLI #57

Open
DaInfLoop opened this issue Aug 16, 2024 · 8 comments
Open

Allow the creation of Authentik OAuth apps via the Nest CLI #57

DaInfLoop opened this issue Aug 16, 2024 · 8 comments
Labels
enhancement New feature or request Nest Setup Issues relating to how Nest is setup in general

Comments

@DaInfLoop
Copy link
Member

DaInfLoop commented Aug 16, 2024
edited
Loading

Currently, the only way to authenticate a Nest user is via https://oauth.hackclub.app/, which has been down for a while.

A suggestion was made in #nest-meta to allow users to create and manage OAuth applications via the Nest CLI by using the Authentik API.
@Firepup6500
Copy link

https://git.hackclub.app/ seems to go through https://identity.hackclub.app

@DaInfLoop
Copy link
Member Author

https://git.hackclub.app/ is hosted by the Nest Admins, so they can create the OAuth app themselves.

@polypixeldev
Copy link
Collaborator

After discussion with @hello-smile6, we've decided that it's better not to create a CLI tool to automatically interface with Authentik to create OAuth apps, as it could easily be abused as well as make it difficult for admins to manage Authentik.

Unless a better suggestion is made, what will most likely happen is that oauth.hackclub.app will be fixed and improved so that there is a good way to create OAuth apps on Nest that is isolated from Nest's internal apps and configuration.

@DaInfLoop Slack
Copy link
Member Author

I think the main reason that took the suggestion to add it to the Nest CLI was the fact that it didn't want to have admin intervention, but now that I think of it, oauth.hackclub.app requires an admin (which I'm pretty sure is just @aboutdavid) to review your app before you're allowed to actually use OAuth.

In that case, why not do the same thing for Authentik OAuth apps? If removing the form to create the apps was an idea, that has the same risks as using the CLI to create the apps.

@polypixeldev
Copy link
Collaborator

I hadn't thought fully through the implication of an automated system that didn't require admin intervention before, I think it makes sense to have a system that requires communication with the admins and approval to avoid confusion & misuse

@dispherical dispherical added enhancement New feature or request Nest Setup Issues relating to how Nest is setup in general labels Sep 16, 2024
@hello-smile6
Copy link
Member

Could we maybe do manual configuration of authentik on a per-case basis with a slack workflow that creates a private slack channel with a user + nest admins for discussing oauth app setup?

@polypixeldev
Copy link
Collaborator

Could we use Authentik's access control to allow users to configure settings like the client secret and redirect URIs in Authentik themselves?

@dispherical
Copy link
Member

I might take this up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request Nest Setup Issues relating to how Nest is setup in general
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dispherical @Firepup6500 @hello-smile6 @polypixeldev @DaInfLoop