feat: add OpenID Connect for Self-Hosted Instances

[torbenraab]

This PR resolves #413
The Flow was adapted from the Github OAuth Flow to comply with the OIDC Authorization Code Flow.
It set's the Mail address and username (if available) from the OIDC-Provider as a default for the user. I didn't integrate the possibility to use surname and last name, as it is not standardized.

Tested with Authentik for now.

[vercel]

@torbenraab is attempting to deploy a commit to the Plane Team on Vercel.

A member of the Team first needs to authorize it.

[pablohashescobar]

Hi @torbenraab,

I wanted to express my gratitude for your valuable contribution to Plane. Your efforts are greatly appreciated by our team. We will be merging your pull request (PR) into the codebase as soon as possible.

[rush-skills]

Hey @torbenraab

I was trying to test this out in a codespace and ran into the following errors during build

@rush-skills ➜ /workspaces/plane (feature/oidc-auth) $ yarn run build
yarn run v1.22.19
$ turbo run build
• Packages in scope: app, eslint-config-custom, tsconfig, ui
• Running build in 4 packages
• Remote caching disabled
app:build: cache miss, executing 464145095c59574e
app:build: $ next build
app:build: warn  - You have enabled experimental feature (outputFileTracingRoot) in next.config.js.
app:build: warn  - Experimental features are not covered by semver, and may cause unexpected or broken application behavior. Use at your own risk.
app:build: 
app:build: info  - Linting and checking validity of types...
app:build: 
app:build: Failed to compile.
app:build: 
app:build: ./pages/[workspaceSlug]/me/profile/preferences.tsx
app:build: 28:6  Warning: React Hook useEffect has a missing dependency: 'customThemeSelectorOptions'. Either include it or remove the dependency array.  react-hooks/exhaustive-deps
app:build: 
app:build: ./pages/index.tsx
app:build: 109:1  Error: Trailing spaces not allowed.  no-trailing-spaces
app:build: 
app:build: ./components/account/email-code-form.tsx
app:build: 111:6  Warning: React Hook useEffect has missing dependencies: 'onSubmit' and 'setResendCodeTimer'. Either include them or remove the dependency array.  react-hooks/exhaustive-deps
app:build: 
app:build: ./components/command-palette/change-issue-assignee.tsx
app:build: 83:5  Warning: React Hook useCallback has a missing dependency: 'user'. Either include it or remove the dependency array.  react-hooks/exhaustive-deps
app:build: 
app:build: ./components/command-palette/change-issue-priority.tsx
app:build: 54:5  Warning: React Hook useCallback has a missing dependency: 'user'. Either include it or remove the dependency array.  react-hooks/exhaustive-deps
app:build: 
app:build: ./components/command-palette/change-issue-state.tsx
app:build: 66:5  Warning: React Hook useCallback has a missing dependency: 'user'. Either include it or remove the dependency array.  react-hooks/exhaustive-deps
app:build: 
app:build: ./components/core/calendar-view/calendar.tsx
app:build: 168:6  Warning: React Hook useEffect has a missing dependency: 'setCalendarDateRange'. Either include it or remove the dependency array.  react-hooks/exhaustive-deps
app:build: 
app:build: ./components/core/custom-theme-selector.tsx
app:build: 93:6  Warning: React Hook useEffect has a missing dependency: 'defaultValues'. Either include it or remove the dependency array.  react-hooks/exhaustive-deps
app:build: 
app:build: ./components/gantt-chart/chart/index.tsx
app:build: 153:6  Warning: React Hook useEffect has a missing dependency: 'handleToday'. Either include it or remove the dependency array.  react-hooks/exhaustive-deps
app:build: 213:6  Warning: React Hook useEffect has a missing dependency: 'onScroll'. Either include it or remove the dependency array.  react-hooks/exhaustive-deps
app:build: 
app:build: info  - Need to disable some ESLint rules? Learn more here: https://nextjs.org/docs/basic-features/eslint#disabling-rules
app:build: error Command failed with exit code 1.
app:build: info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
app:build: ERROR: command finished with error: command (/workspaces/plane/apps/app) yarn run build exited (1)
command (/workspaces/plane/apps/app) yarn run build exited (1)

 Tasks:    0 successful, 1 total
Cached:    0 cached, 1 total
  Time:    9.448s 

 ERROR  run failed: command  exited (1)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

[torbenraab]

Hey @rush-skills,
I build the app with docker compose every time and it looks like there was a white-space error from ES-Lint. Just pushed the fix.

[torbenraab]

Hey @pablohashescobar,
just added the option to enable automatic OIDC redirect. I also tried to replace the variables after build in the docker container but didn't quite get it working. Can you maybe take a look at it or does everybody who wants to use it build their own docker image?
Thanks in advance

[pablohashescobar]

Hi @torbenraab, that's certainly an option but we can try replacing the variables during runtime which will avoid the need to rebuild the docker containers. I will take a look at it soon.

[IDerr]

I got tricked by rebuilding the docker image it also, but works great overall!
Thanks for the PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
plane-space-dev	❌ Failed (Inspect)			Aug 15, 2023 7:12am
plane-space-stage	❌ Failed (Inspect)			Aug 15, 2023 7:12am

[torbenraab]

@pablohashescobar I thought of another possibility which involves fetching the "Sign-In Configuration" from the backend. A con is that there will be a minor loading time before the login screen shows. Pros would be that there are no rebuilds of the images needed and that there would be a direct connection check to the backend to check if everything is online.

If that is a possibility you would be fine with I can implement it.

[torbenraab]

We could also just use the "backend" functionality of NextJS as these variables don't require a rebuild

[jdperos]

@torbenraab I'd really like to use this once it's merged in - with this branch, can I link existing users to SSO users, or will the SSO attempt to create its own users? If so I can create my users now, and link them later.

[pablohashescobar]

Hi @torbenraab, the idea looks good but it requires saving the configuration in the database or just getting the variables from the environment.

[torbenraab]

@pablohashescobar Currently I get the variables from the NextJS environment as in the docker-compose file. Using the NextJS Backend functionality. I just can't get the build working locally at the moment

[torbenraab]

@torbenraab I'd really like to use this once it's merged in - with this branch, can I link existing users to SSO users, or will the SSO attempt to create its own users? If so I can create my users now, and link them later.

@jdperos
It currently automatically links to the user with the same email address or creates a new user.
The current implementation also uses the "preffered_username" if there is given any from the OIDC Provider or generates a new one. If the username is already taken it throws an error. This should't be a problem in a hosted instance as mostly usernames are unique inside the identity providers.

So basically yes you can create them now and link later.

[torbenraab]

@pablohashescobar Is it possible to merge this soon? I have quite a hard time to keep up with the changes in your develop branch. I don't get the part of the split env files for example because now you would have to enter the OIDC Configuration in multiple files.

[thomasdba]

waiting for this

[Floppy012]

I'm waiting for this too. I'd love to know why it has not been merged yet. This is one major point that hinders me from using Plane for our team. I cannot use Plane without it since users cannot change their own passwords.

[unknowntrojan]

Plane has so far been the best solution my team has found in terms of feature set and other things, but we need to be able to cleanly integrate with authentik. I hope this gets merged soon!

[derfabianpeter]

Plane has so far been the best solution my team has found in terms of feature set and other things, but we need to be able to cleanly integrate with authentik. I hope this gets merged soon!

Same for us. Happy to discuss a sponsoring so this can be merged soon.

[pablohashescobar]

Hi,
Our team will pick this up in the upcoming release. We will be making some changes from our end as well and will release it soon.

[torbenraab]

Hey there, are there any updates on your side? We would want to upgrade soon but we need SSO as we are currently running a custom build from an earlier version, but we want to use the new features

[pablohashescobar]

Hello @torbenraab,

Thank you for your patience. We wanted to update you that your pull request is on our radar and is scheduled to be merged shortly. Currently, we are undergoing a significant development overhaul, which has impacted the timeline for integrating new changes, including this PR. We appreciate your understanding during this period of extensive updates, and we're committed to ensuring that your contribution is incorporated as soon as our revamp process permits.

[yunylz]

any updates?

[pablohashescobar]

any updates?

Hello @chaeyan, I wanted to update you regarding our current project status. We're addressing some major issues at the moment, which has resulted in a delay in the development of new features. Please be assured that we will commence work on this PR as soon as possible. Thank you for your understanding and patience.

[torbenraab]

Hey just seen the new release. I would be happy to help with the implementation into the new god mode. Just say if I should do so @pablohashescobar

[GaisbauerLukas]

Hey, any updates? Is it still planed for v0.15 and when can we expect the release?

[yunylz]

well i guess that didnt go well

[torbenraab]

Since we would also like to upgrade to the new features and the demand for OIDC is also increasing here, I would like to deal with the topic again in the next few days and also make the necessary changes in God mode, etc.

One question arose when I looked at the current code. Why are so many functions duplicated in the Web and Spaces application? What is the purpose of the Spaces app and why is it not integrated into the web?

I will keep you guys updated. Hope this gets then merged as soon as possible😅

[torbenraab]

Work continued in #3341

Because a merge was a total disaster I reworked the current develop branch and adapted everything done her plus some extras. Hope you like it and it gets merged soon