Denis Arnst
073eff74ef
Add OIDC Back-Channel Logout support
...
Implement OIDC Back-Channel Logout 1.0 (RFC). When enabled, the IdP can
POST a signed logout_token JWT to invalidate user sessions server-side.
- Add BackchannelLogoutHandler: JWT verification via jose, jti replay
protection with bounded cache, session destruction by sub or sid
- Add oidcSessionId column to sessions table with index for fast lookups
- Add backchannel logout route (POST /auth/openid/backchannel-logout)
- Notify connected clients via socket to redirect to login page
- Add authOpenIDBackchannelLogoutEnabled toggle in schema-driven settings UI
- Migration v2.34.0 adds oidcSessionId column and index
- Polish settings UI: auto-populate loading state, subfolder dropdown
options, KeyValueEditor fixes, localized descriptions via descriptionKey,
duplicate key detection, success/error toasts
- Localize backchannel logout toast (ToastSessionEndedByProvider)
- OidcAuthStrategy tests now use real class via require-cache stubbing
2026-02-05 17:55:10 +01:00
Denis Arnst
33bee70a12
Revamp OIDC auth: remove Passport wrapper, add schema-driven settings UI
...
- Remove Passport.js wrapper from OIDC auth, use openid-client directly
- Add schema-driven OIDC settings UI (OidcSettingsSchema.js drives form rendering)
- Add group mapping with KeyValueEditor (explicit mapping or legacy direct name match)
- Add scopes configuration (authOpenIDScopes)
- Add verified email enforcement option (authOpenIDRequireVerifiedEmail)
- Fix group claim validation rejecting URN-style claims (#4744 )
- Add auto-discover endpoint for OIDC provider configuration
- Store oidcIdToken in sessions table instead of cookie
- Add AuthError class for structured error handling in auth flows
- Migration v2.33.0 adds oidcIdToken column and new settings fields
2026-02-05 17:54:59 +01:00
Vito0912
6a52d2a968
CORS
2025-08-03 13:52:58 +02:00
advplyr
8775e55762
Update jwt secret handling
Run Component Tests / Run Component Tests (push) Waiting to run
Integration Test / build and test (push) Waiting to run
Run Unit Tests / Run Unit Tests (push) Waiting to run
2025-07-08 16:39:50 -05:00
advplyr
57906540fe
Add:Server setting to allow iframe & update UI to differentiate web client settings #3684
2024-12-08 08:57:45 -06:00
mikiher
6d8720b404
Subfolder support for OIDC auth
2024-11-29 04:28:50 +02:00
advplyr
c45c82306e
Remove old library, folder and librarysettings model
2024-08-28 17:26:23 -05:00
Nicholas W
27b3a44147
Add: Backup notification ( #3225 )
...
* Formatting updates
* Add: backup completion notification
* Fix: comment for backup
* Add: backup size units to notification
* Add: failed backup notification
* Add: calls to failed backup notification
* Update: notification OpenAPI spec
* Update notifications to first check if any are active for an event, update JS docs
---------
Co-authored-by: advplyr <advplyr@protonmail.com>
2024-08-18 14:32:05 -05:00
advplyr
2472b86284
Update:Express middleware sets req.user to new data model, openid permissions functions moved to new data model
2024-08-11 16:07:29 -05:00
advplyr
202ceb02b5
Update:Auth to use new user model
...
- Express requests include userNew to start migrating API controllers to new user model
2024-08-10 15:46:04 -05:00
Andrew Leonard
4b482488de
feat: remember setting of 0 on server side
2024-07-16 01:30:00 -04:00
advplyr
7bc70effb0
Update:Add server setting for backupPath and allow overriding with BACKUP_PATH env variable #2973
2024-06-18 17:10:49 -05:00
advplyr
941f3248d8
Add:SMTP email setting to disable certificate verification #3030
2024-05-29 16:59:43 -05:00
advplyr
ce7f891b9b
Update:Disable epubs from running scripts by default, add library setting to enable it GHSA-7j99-76cj-q9pg
2024-05-26 16:01:08 -05:00
advplyr
bd1309b680
Fix:nodemailer transport object only use secure: true when port is 465 #2765
2024-04-25 18:04:02 -05:00
basti
6c9a811472
Add ui and settings for OpenID Signing Algorithm
2024-04-03 16:18:13 +02:00
Denis Arnst
56f1bfef50
Auth/OpenID: Implement Permissions via OpenID
...
* Ability to set group
* Ability to set more advanced permissions
* Modified TextInputWithLabel to provide an ability to specify a different placeholder then the name
2024-03-19 17:57:24 +01:00
Lauri Vuorela
c83399c7b5
use the toggle to not show earlier works than the ones already read
2024-03-12 17:04:26 +01:00
advplyr
85fecbd1b9
Version bump v2.8.0
2024-02-18 16:43:16 -06:00
advplyr
2ec52a7a45
Merge branch 'master' into liaocl
2024-02-17 12:56:05 -06:00
advplyr
0b334cf957
Add:Authentication setting to show a custom message on login #2552
2024-01-26 17:08:23 -06:00
mozhu
fea78898a5
移动播客搜索地区配置到媒体库配置
2024-01-05 14:45:35 +08:00
mozhu
56eff7a236
增加播客搜索地区配置
2024-01-04 11:52:45 +08:00
Denis Arnst
80fd2a1a18
SSO/OpenID: Use a mobile-redirect route ( Fixes #2379 and #2381 )
...
- Implement /auth/openid/mobile-redirect this will redirect to an app-link like audiobookshelf://oauth
- An app must provide an `redirect_uri` parameter with the app-link in the authorization request to /auth/openid
- The user will have to whitelist possible URLs, or explicitly allow all
- Also modified MultiSelect to allow to hide the menu/popup
2023-12-04 22:36:34 +01:00
mikiher
a4d4f1bc2e
Merge branch 'advplyr:master' into nfo-metadata
2023-11-21 09:09:12 +02:00
advplyr
89eb857c14
Fix initialize openid auth strategy
2023-11-19 12:57:17 -06:00
mikiher
d990e5b909
Add NFO metadata source
2023-11-12 13:30:23 +00:00
advplyr
fb48636510
Openid auth failures redirect to login page with error message.
...
Remove remaining google oauth server settings
2023-11-11 13:10:24 -06:00
advplyr
237fe84c54
Add new API endpoint for updating auth-settings and update passport auth strategies
2023-11-10 16:11:51 -06:00
advplyr
e140897313
Add match existing user by and auto register settings and UI
2023-11-08 14:45:29 -06:00
advplyr
840811b464
Replace passport openidconnect plugin with openid-client, add JWKS and logout URL server settings, use email and email_verified instead of username
2023-11-04 15:36:43 -05:00
advplyr
828b96b2d9
Add server settings for changing openid button text and auto launching openid
2023-11-02 13:55:01 -05:00
advplyr
ab14b561f5
Merge master
2023-11-01 08:58:48 -05:00
advplyr
27497451d9
Add:Ereader device setting to set users that have access #1982
2023-10-29 11:28:34 -05:00
advplyr
60a80a2996
Update:Remove support for metadata.abs, added script to create metadata.json files if they dont exist
2023-10-22 15:53:05 -05:00
advplyr
347b49f564
Update:Remove scanner settings, add library scanner settings tab, add order of precedence
2023-10-08 17:10:43 -05:00
advplyr
2662e8f715
Merge branch 'master' into auth_passportjs
2023-10-02 16:21:47 -05:00
advplyr
f0929729a3
Fix:Adding new podcast with auto download episodes not setting the schedule #2160
2023-09-29 14:52:04 -05:00
advplyr
e282142d3f
Add authentication page in config, add /auth-settings GET endpoint, remove authOpenIDCallbackURL server setting
2023-09-24 15:36:35 -05:00
lukeIam
f0f03efe17
Merge remote-tracking branch 'origin/master' into auth_passportjs
2023-09-10 13:11:35 +00:00
advplyr
826963bf00
Add api route for changing sorting prefixes, update default sorting prefixes to include a
2023-09-08 12:32:30 -05:00
lukeIam
dd9a3858d7
Merge remote-tracking branch 'origin/master' into auth_passportjs
2023-08-12 16:44:44 +02:00
advplyr
254ba1f089
Migrate backups manager
2023-07-08 14:40:49 -05:00
advplyr
bdbc5e3161
Add:Library setting to hide single book series #1433
2023-06-29 17:55:17 -05:00
advplyr
d0bce2949e
Add:FFProbe api endpoint
2023-06-25 16:16:11 -05:00
daVinci2793
d54edb93d6
Updates to Email settings/manager to include test email
2023-06-12 04:53:51 +00:00
advplyr
0ec50bb570
Remove experimental features and experimental ereader setting
2023-06-10 14:11:51 -05:00
advplyr
014fc45c15
Add:Audiobooks only library settings, supplementary ebooks #1664
2023-06-10 12:46:57 -05:00
advplyr
05ce9c6eda
Add:Email smtp config & send ebooks to devices #1474
2023-05-29 17:38:38 -05:00
lukeIam
95e6fef3d1
Merge remote-tracking branch 'origin/master' into auth_passportjs
2023-05-27 10:56:05 +02:00
