Enable user SSO access using OAuth

[lkraider]

Would like to manage the users by enabling an OAuth source like Google or a custom one like a Keycloak instance.

[dani-garcia]

I consider this to be outside the scope of the project, so I won't be implementing this. That said, if someone wants to implement it, i'll accept a PR as long as the implementation doesn't over-complicate the rest of the code.

[dani-garcia]

To keep the issue tracker more focused, I'm closing this issue in favor of the meta issue at #246.

[lukasmrtvy]

What about https://docs.rs/crate/oauth2/ ? (google,github, hope for generic oidc and keycloak)

[varac]

I'd be happy if Oauth/OpenIDConnect would be implemented because it's the main blocker from including it in https://openappstack.net/

[felbinger]

I'd also be very happy if a generic oidc provider would be implemented.

[GodMod]

Yes, definitly a must have! I really like having this implemented!

[manuschillerdev]

I would love to have a shot at experimenting with https://github.com/ramosbugs/oauth2-rs and vaultwarden.
I have common knowledge about oauth2 but would need some general guidance in which parts of vaultwarden would be affected by implementing it.

@dani-garcia would you be able to give us some hints on where to begin? :)

[robocrax]

Anyone working on this or know a solution that is available?

[sethstuart]

Commenting again to see if this is something that can be revisited

[Avsynthe]

Bitwarden supports SSO via SAML 2.0 and OIDC. I actually self-hosted Vaultwarden on the premise that it did also.

This is absolutely a must-have for me. For now though I have to add yet another step when onboarding users to my self-hosted suite of services I grace my family and friends with haha

It looks like an attempt is already being made to implement OIDC at #2449

[BloodyIron]

My vote is for SAML! Bitwarden SAML SSO experience is awesome, it would be fabulous to have in Vaultwarden!

[FunctionDJ]

I think OAuth would be a much better idea than SAML if it's one or the other. I've tried implementing a SAML client and it was an absolute mess. Implementing an OAuth 2.1 client on the other hand was about 20 lines of code after i understood how it works.

[miglen]

Just to chime in, SAML or OAuth both would be awesome to have!

[PinguDEV-original]

Yes definitly, would love it!

[wuast94]

would also love to see that, building a suite that contains many applications for friends and familys happens more and more, and it just makes sense to build arround SSO, im using authelia with Oauth for this.
And the Bitwarden clients seems to have support for it. Would love to see that feature on the roadmap :)

[Avsynthe]

would also love to see that, building a suite that contains many applications for friends and familys happens more and more, and it just makes sense to build arround SSO, im using authelia with Oauth for this. And the Bitwarden clients seems to have support for it. Would love to see that feature on the roadmap :)

Doing the exact same thing and would love this for the same reason. Though I've moved to authentik for this and replaced authelia and my old identity server. Much more robust and a single application! Also supports more SSO types like and OIDC, SAML rather than just Oauth and LDAP

[viperfan7]

Honestly I'm super surprised that vaultwarden doesn't support some form of SSO, like, say, I have keycloak set up as my SSO provider, and it supports OIDC quite well.

Adding my +1 for OIDC support