Skip to content

Comments

feat(auth): add OpenID Connect SSO login support#55

Open
jpoegs wants to merge 1 commit intorustfs:mainfrom
jpoegs:feat/oidc-sso
Open

feat(auth): add OpenID Connect SSO login support#55
jpoegs wants to merge 1 commit intorustfs:mainfrom
jpoegs:feat/oidc-sso

Conversation

@jpoegs
Copy link

@jpoegs jpoegs commented Feb 20, 2026

Description

Add OIDC browser-based SSO login flow to the RustFS console. When the RustFS server has OIDC providers configured, the login page renders SSO buttons that redirect users to their identity provider (Okta, Azure AD, Keycloak, Authentik, etc.) for authentication. After successful authentication, the IdP redirects back to the console callback page with STS credentials in the URL fragment.

Type of Change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation
  • Refactoring
  • Performance
  • Tests
  • Security

Testing

  • Manual testing: verified end-to-end OIDC flow with Authentik as identity provider
  • Verified login page renders SSO buttons when providers are configured
  • Verified callback page correctly parses credentials and navigates after auth state updates
  • Verified dropdown displays OIDC user account name correctly

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have added TypeScript type definitions where needed
  • Commit messages and PR title are in English
  • pnpm tsc --noEmit passes with zero errors
  • pnpm lint passes (0 errors)
  • pnpm prettier --check . passes
  • No new dependencies added

Related Issues

Companion PR to rustfs/rustfs#1875 (OIDC server-side support)

Screenshots

N/A — SSO buttons only render when server has OIDC providers configured.

Additional Notes

New files:

  • lib/oidc.ts — OIDC client library (fetch providers, initiate login, parse callback)
  • app/(auth)/auth/oidc-callback/page.tsx — Callback page that parses STS credentials from URL fragment

Modified files:

  • components/auth/login-form.tsx — SSO provider buttons with "Or continue with" divider
  • app/(auth)/auth/login/page.tsx — Fetches OIDC providers, wires up login handler
  • contexts/auth-context.tsx — New loginWithStsCredentials method
  • components/user/dropdown.tsx — Simplified user display name logic
  • types/config.d.tsOidcProvider type and oidc field on SiteConfig
  • i18n/locales/en-US.json — SSO-related translation strings

CLA: I have read and agree to the Contributor License Agreement.

@jpoegs
feat(auth): add OpenID Connect SSO login support
2ff551d 
Add OIDC browser-based SSO login flow to the console:
- OIDC library (lib/oidc.ts): fetch providers, initiate login, parse callback
- OIDC callback page: parses STS credentials from URL fragment
- Login form: renders SSO provider buttons with "Or continue with" divider
- Auth context: new loginWithStsCredentials method for direct STS login
- Config types: OidcProvider interface and oidc field on SiteConfig
- i18n: English translations for SSO-related strings
@jpoegs jpoegs mentioned this pull request Feb 20, 2026
Open
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jpoegs