Description

Implements LemmyNet/lemmy#2930. I believe LemmyNet/lemmy#489 is a duplicate of that issue, and would also be considered implemented by this. Note that this does NOT make lemmy itself an identity provider, and thus does NOT implement LemmyNet/lemmy#1368.

External auth methods can be added via the admin settings, and then buttons are shown on the login page to use those auth methods instead of "basic" auth (username + password). The implementation supports both OAuth or OIDC auth methods, and can register non-existent users as well (if a new setting is explicitly turned on).

Other frontends that wish to support these external auth methods can use the changes in lemmy-ui as a reference. They'll need to show the buttons to go to the authorization URL with the appropriate redirect URI, and then implement the endpoint at that URI that takes the auth cookie and navigates to the redirect URI param it was passed. Optionally, frontends can also implement the new admin settings.

Future Work

Most of these are not implemented because my understanding is lemmy-ui is getting replaced soon-ish anyways and these are tasks that would take awhile to implement which is probably not worth it imo.

• Make frontends have convenient presets for common identity providers (like Google, Github, Discord, etc.) that hides the well-known fields (i.e. just show client ID and secret).
• PKCE support (more secure version of OAuth)
• If auto-registration is disabled, bring non-existent users to modified version of the signup page where the email is pre-filled and readonly, and the password field is hidden
• Improve error handling/messaging (for example if an external auth method fails to save due to a non-unique client ID)

Related PRs

• lemmy
• lemmy-ui
• lemmy-js-client

Screenshots