Forward Auth headers

[dral3x]

Hi there, thanks for sharing this module for webtrees!

In my setup I have pangolin (as reverse proxy) and authentik (as auth provider). I would like for users to access webtrees ONLY if the account is available on authentik, and once they are logged in there, let them in automatically without doing a double login (first time on pangolin, and the second time on webtrees once they reach it).

As far as I know, I should configure pangolin to send some specific HTTP Headers to webtrees to forward the currenly logged in user to webtrees, but I'm not able to find anything in the documentation or in the code. Maybe this feature is missing.

https://docs.pangolin.net/manage/access-control/forwarded-headers

Is this possible with webtrees-oauth2-client?
Thank you very much!

[Jefferson49]

As far as I know, I should configure pangolin to send some specific HTTP Headers to webtrees to forward the currenly logged in user to webtrees, but I'm not able to find anything in the documentation or in the code. Maybe this feature is missing.

At the moment, the webtrees OAuth2-Client has no such feature. In order to trigger the OAuth2 authentification, the user needs to click at a menu item in the browser. Clicking on the menu item will trigger a HTTP GET request to webtrees, which will start the authentication procedure.

One idea might be to call the URL, which is related to the menu item, from your environment (e.g. pangolin, authentic, etc.). If a user has already signed in with authentik in the same browser, webtrees should sign in with this user.

You can find the URL with your browser development tools: