-
-
Notifications
You must be signed in to change notification settings - Fork 384
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhancement: integration with external OAuth2 provider. #2071
Comments
This could/would be accomplished by developing an internal plugin via https://docs.litestar.dev/latest/usage/plugins.html#plugins. Some examples of others: |
I think we could develop a plugin for this, but imo it should be maintained as a seperate library (officially maintained by Litestar). Most likely we want to use something like authlib to implement this and if this is kept separate, then users would only have to install it if they need it. |
By "external OAuth2 provider", do you mean a Python library or a separate OAuth2 provider? Because Keycloak is a no-brainer despite being written in Java. There's also python-social-auth, which is used by Zulip and Sentry. However, it's worth noting that both projects seem to have integrated that library's source code into their own repository. Hence, their "forks" are maintained independently, which impacts the library's health and integrity. |
I think at this stage, we have "native" support in the library and all we need to do OAuth2 connections as a client to any server. I'm not sure what we want here, but maybe some nice abstraction with some built-in common providers as a plugin that users can opt-in to? @litestar-org/maintainers ? |
Makes sense, because keeping the OAuth client and the OAuth provider in the same package is risky imo, given how much of a burden maintaining the latter actually is. For reference: Laravel Socialite is an OAuth client with a few official adapters, whereas other adapters are maintained by the community. |
In the Django world there is the kind of de-facto standard https://github.com/pennersr/django-allauth. Could be interesting to have a look at it’s implementation. Enabling authentication using „regular accounts“ (user name + email + password or one time code) in addition to „social accounts“ (GitHub, …) would be great. This would require to provide email service provider integration #3520 to enable email transmission based workflows for „regular accounts“ (email verification email, password change email, …). |
Summary
It would be great to have an integration with a third party library or have built in support for authenticating with OAuth2 providers such as Google or Github.
Basic Example
No response
Drawbacks and Impact
No response
Unresolved questions
No response
Funding
The text was updated successfully, but these errors were encountered: