Implement (optional) SSO via OIDC (OpenID Connect) (#64)

This implements optional SSO via OIDC for logging in and signing up (for the first admin sign up or if sign up is allowed). The most requested feature! Tested with Authentik and Google! It includes a new `SimpleCache` interface (in-memory, using [`caches`](https://developer.mozilla.org/en-US/docs/Web/API/Window/caches)) for storing the state and code challenges. Closes #13
2025-06-05 18:10:40 +01:00
parent cabc18f15d
commit aa18dcdb4e
14 changed files with 490 additions and 22 deletions
--- a/bewcloud.config.sample.ts
+++ b/bewcloud.config.sample.ts
@@ -3,7 +3,7 @@ import { Config, PartialDeep } from './lib/types.ts';
 /** Check the Config type for all the possible options and instructions. */
 const config: PartialDeep<Config> = {
  auth: {
-    baseUrl: 'http://localhost:8000', // The base URL of the application you use to access the app, i.e. "http://localhost:8000" or "https://cloud.example.com"
+    baseUrl: 'http://localhost:8000', // The base URL of the application you use to access the app, i.e. "http://localhost:8000" or "https://cloud.example.com" (SSO redirect, if enabled, will be this + /oidc/callback, so "https://cloud.example.com/oidc/callback")
    allowSignups: false, // If true, anyone can sign up for an account. Note that it's always possible to sign up for the first user, and they will be an admin
    enableEmailVerification: false, // If true, email verification will be required for signups (using Brevo)
    enableForeverSignup: true, // If true, all signups become active for 100 years