niko/claude-web-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add OIDC authentication with Authentik integration

Browse Source 
- Add OIDC login flow with Authentik provider
- Implement session-based auth with Redis store
- Add avatar display from OIDC claims
- Fix input field performance with react-textarea-autosize
- Stabilize callbacks to prevent unnecessary re-renders
- Fix history loading to skip empty session files
- Add 2-row default height for input textarea

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Support
2025-12-18 06:07:22 +01:00
parent cfee1711dc
commit 1186cb1b5e
23 changed files with 2884 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
backend/config/auth.js Normal file
View File

@@ -0,0 +1,62 @@
// Auth configuration from environment variables
export const authConfig = {
// OIDC Configuration
oidc: {
issuer: process.env.OIDC_ISSUER,
clientId: process.env.OIDC_CLIENT_ID,
clientSecret: process.env.OIDC_CLIENT_SECRET,
redirectUri: process.env.OIDC_REDIRECT_URI,
scopes: ['openid', 'profile', 'email', 'groups', 'offline_access'],
},
// Session Configuration
session: {
secret: process.env.SESSION_SECRET,
name: 'claude.sid',
domain: process.env.SESSION_DOMAIN || undefined,
secure: process.env.SESSION_SECURE === 'true',
maxAge: parseInt(process.env.SESSION_MAX_AGE) || 86400000, // 24 hours
},
// Redis Configuration
redis: {
url: process.env.REDIS_URL || 'redis://localhost:6379',
},
// App Configuration
app: {
frontendUrl: process.env.FRONTEND_URL || 'http://localhost:5173',
authEnabled: process.env.AUTH_ENABLED !== 'false',
},
// Group Configuration (must match Authentik group names)
groups: {
admin: 'agent-admins',
users: 'agent-users',
allowedGroups: ['agent-admins', 'agent-users'],
},
};
// Validate required config
export function validateConfig() {
const { oidc, session, app } = authConfig;
const errors = [];
if (app.authEnabled) {
if (!oidc.issuer) errors.push('OIDC_ISSUER is required');
if (!oidc.clientId) errors.push('OIDC_CLIENT_ID is required');
if (!oidc.clientSecret) errors.push('OIDC_CLIENT_SECRET is required');
if (!oidc.redirectUri) errors.push('OIDC_REDIRECT_URI is required');
if (!session.secret) errors.push('SESSION_SECRET is required');
}
if (errors.length > 0) {
console.error('Auth configuration errors:', errors);
return false;
}
return true;
}
export default authConfig;