feat(server,web): OIDC Implementation (#884)

* chore: merge * feat: nullable password * feat: server debugger * chore: regenerate api * feat: auto-register flag * refactor: oauth endpoints * chore: regenerate api * fix: default scope configuration * refactor: pass in redirect uri from client * chore: docs * fix: bugs * refactor: auth services and user repository * fix: select password * fix: tests * fix: get signing algorithm from discovery document * refactor: cookie constants * feat: oauth logout * test: auth services * fix: query param check * fix: regenerate open-api
2025-10-29 17:40:28 +00:00 · 2022-11-14 21:24:25 -05:00
parent d476656789
commit d3c35ec9c5
51 changed files with 1997 additions and 253 deletions
--- a/server/libs/common/src/config/app.config.ts
+++ b/server/libs/common/src/config/app.config.ts
@@ -16,6 +16,12 @@ const jwtSecretValidator: Joi.CustomValidator<string> = (value) => {
  return value;
 };

+const WHEN_OAUTH_ENABLED = Joi.when('OAUTH_ENABLED', {
+  is: true,
+  then: Joi.string().required(),
+  otherwise: Joi.string().optional(),
+});
+
 export const immichAppConfig: ConfigModuleOptions = {
  envFilePath: '.env',
  isGlobal: true,
@@ -28,5 +34,12 @@ export const immichAppConfig: ConfigModuleOptions = {
    DISABLE_REVERSE_GEOCODING: Joi.boolean().optional().valid(true, false).default(false),
    REVERSE_GEOCODING_PRECISION: Joi.number().optional().valid(0, 1, 2, 3).default(3),
    LOG_LEVEL: Joi.string().optional().valid('simple', 'verbose').default('simple'),
+    OAUTH_ENABLED: Joi.bool().valid(true, false).default(false),
+    OAUTH_BUTTON_TEXT: Joi.string().optional().default('Login with OAuth'),
+    OAUTH_AUTO_REGISTER: Joi.bool().valid(true, false).default(true),
+    OAUTH_ISSUER_URL: WHEN_OAUTH_ENABLED,
+    OAUTH_SCOPE: Joi.string().optional().default('openid email profile'),
+    OAUTH_CLIENT_ID: WHEN_OAUTH_ENABLED,
+    OAUTH_CLIENT_SECRET: WHEN_OAUTH_ENABLED,
  }),
 };
--- a/server/libs/database/src/entities/user.entity.ts
+++ b/server/libs/database/src/entities/user.entity.ts
@@ -1,4 +1,4 @@
-import { Column, CreateDateColumn, Entity, PrimaryGeneratedColumn, DeleteDateColumn } from 'typeorm';
+import { Column, CreateDateColumn, DeleteDateColumn, Entity, PrimaryGeneratedColumn } from 'typeorm';

@Entity('users')
 export class UserEntity {
@@ -17,10 +17,10 @@ export class UserEntity {
  @Column()
  email!: string;

-  @Column({ select: false })
+  @Column({ default: '', select: false })
  password?: string;

-  @Column({ select: false })
+  @Column({ default: '', select: false })
  salt?: string;

  @Column({ default: '' })