[Feature Request] OAuth/OIDC Integration

[tbrtje]

First of all thank you for this great application. I have been a dedicated user of LubeLogger for managing my vehicle maintenance, and I am impressed with the application's functionality and ease of use. I believe LubeLogger has the potential to become even more versatile by integrating OAuth (Open Authorization) and OIDC (OpenID Connect) authentication protocols.

This feature would significantly enhance the security and user experience of the application. Here are some key reasons for this request:

Enhanced Security:

OAuth and OIDC are widely adopted standards for secure authentication and authorization.
Implementing these protocols would provide an additional layer of security, protecting user accounts and sensitive vehicle-related data.

Single Sign-On (SSO) Capability:

OAuth and OIDC enable Single Sign-On, allowing users to log in once and access multiple applications seamlessly.
This would streamline the user experience and reduce the need for remembering multiple sets of credentials.

User Convenience:

Many users today prefer logging in using their existing social media or Google accounts. OAuth allows for such authentication methods, increasing user convenience and adoption.

Thank you for considering this feature request. I look forward to the continued improvement of LubeLogger and appreciate the hard work put into making it a reliable vehicle management solution.

Best Regards,
Thies

[hargata]

@tbrtje Do you have your own OIDC server or do you create a client with Google API to perform authentication on your apps?

[hargata]

@tbrtje will be released tonight, documentation on setting up OIDC for LubeLogger: https://docs.lubelogger.com/OpenID

I love that this was added, btw. :D

my only complaint might be a lot of work to fix, though. Would probably require a rework of the authentication system.

The nice thing about OIDC is that I have one user store. Having to "invite" users just so they can use their pre-existing logon (do they end up with 2 logons, then...?) feels like OIDC is only half-implemented, imo.

[hargata]

@wkeiuluf hey so I'm currently working on the functionality that will allow OIDC users to register an account as long as they have a registration token without having to set up a password. They will however be required to set up a username tho it can be identical to their email address if they choose to. This means they will only need to have one login credentials with the OpenID provider, but you will still need to send them an invite code before they can logon for the first time. This will be released later tonight with 1.2.0

LubeLogger has always been designed to rely on a token-based invite-only model for new user registration, the reason being that it is self-hosted and allowing anonymous registrations can entice people to spam databases with bogus registrations.

[hargata]

As of 1.2.0, OIDC users can now register for an account on the fly as long as they have a valid invite token.
Watch: https://www.youtube.com/watch?v=SdaftB3DSCs

Will now be closing this ticket.

[greirson]

@hargata This feature is fantastic, appreciate the work on getting it setup. Is there a way to not need the token for new users to register? It would be great if when a users authenticates via OIDC, and are not already a user in the application, it creates the user without intervention. Trying to make it as seamless as possible for my family.

[hargata]

@greirson please see #805