Feature Request: Support remote user authentication
voruti opened this issue · comments
I'm using Firefly III with Authelia in front of it.
https://docs.firefly-iii.org/how-to/firefly-iii/advanced/authentication/#remote-user-authentication
As of now, it seems like Waterfly doesn't support this yet.
I honestly have no idea how to support this. How does the app detect that you're reaching an Authelia proxy and didn't just enter a non-valid FF3 domain? How does Authelia tell me that everything went as expected? I cannot intercept the web traffic of the web browser session I need to open.
I don't know about other authorization proxies, but I'm using Authelia together with Traefik, with which I get (in my web browser) a 302 status response code with a location
header to my Authelia instance, when I'm not already logged in. (The login is a custom cookie.)
But I don't think a complex setup with login in a web browser and extracting/saving the cookie is necessary.
Instead setting a custom header would suffice, I think. For example, when I set the (custom) Authelia-Authorization
header to my Authelia login credentials, any requests with that header are allowed by the proxy.
I think the correct approach to this is to authenticate in the app using API keys. I also am using remote user authentication for logging into firefly III (using authentik rather than authelia) but I have configured the authentication proxy to allow requests to the API since that is a public route to the website. This allows usage with stuff like command line interfaces and 3rd party integrations.