Skip to content

feat: add Authelia OIDC provider service#15

Open
tseaver wants to merge 19 commits into
mainfrom
feat-2-authelia-service-claude-gen
Open

feat: add Authelia OIDC provider service#15
tseaver wants to merge 19 commits into
mainfrom
feat-2-authelia-service-claude-gen

Conversation

@tseaver
Copy link
Copy Markdown
Contributor

@tseaver tseaver commented Apr 20, 2026

No description provided.

@tseaver tseaver requested a review from runyaga April 20, 2026 15:39
tseaver added 19 commits April 21, 2026 00:13
@tseaver
flail: claude-generated 'authelia' service
9f94a9f 
Issues:

- Soliplex back-end doesn't understand the auth scheme which Authelia
  is providing.

- Can't use 'localhost:9443', becauze Authelia reasons.

- Not authenticating correctly when using 'https://127.0.0.1:9443'
  as server URL in the flutter app.
@tseaver
chore: add OIDC provider config to 'authelia' service
9ecf18f 
Remove now-spurious 'auth_request' config from 'nginx'.

Update secrets required and the 'generate-secrets.sh' script
accordingly.
@tseaver
chore: move self-cert generation to script
0f2349a
@tseaver
chore: sync 'CLAUDE.md' with changes
c3b9041
@tseaver
feat: use 'Authelia' OIDC provider
ada82df
@tseaver
fix: 'generate-secrets' script adds derived values to configs directly
f91037b 
... rather than prompting the user to do so.
@tseaver
fix: create files w/ generated content from '.in' templates
46a575f 
- 'authelia/configuration.yml.in'
- 'backend/environment/oidc/cacert.pem.in'
- 'backend/environment/oidc/config.yaml.in'

Add the generated files to '.gitignore'.
@tseaver
fix: inline the generated OIDC JWKS PEM into 'authelia/configuration.…
8fee369 
…yml'

It cannot be read via a '*_FILE' environment variable.

Update 'authelia' to run as '1000:1000'.
@tseaver
fix: error out early if invalid '.gen' dirs created by 'DC up'
d2fdce4
@tseaver
chore: drop stale, commented-out envvar secret config
552fdb0
@tseaver
chore: bind-mount 'nginx.conf
61b5b1c 
... rather than 'COPY' into the image.
@tseaver
fix: preserve existing secrets
5473d7e 
Previously, runnin the script rotated all secrets, which broke the DB
passwords stored in the 'postgres_data' volume.
@tseaver
fix: make 'soliplex.localhost' the canonical hostname for the stack
4e8ea97 
The 'Authelia' OIDC flow relies on having the same hostname / port in
the 'request_redirect' URL as seen from the browser.
@tseaver
fix: (re)generate Authelia argon hash in 'generate-secrets.sh'
307fc15 
Avoid having it go stale across Authelia version bumps.
@tseaver
docs: OIDC provider role in 'aurelia/README.md'
f2d2651
@tseaver
fix: plumb user claims from 'authelia' to Soliplex 'backend'
f13fae9
@tseaver
chore: flesh out backend logging config
33b173e 
- Add formatters for loggers ('soliplex', 'soliplex-authn'), including
  OIDC claim fields for authenticated requests.

- Add handlers for loggers ('soliplex', 'soliplex-authn', 'soliplex-authz')
  to demonstrate configuration.
@tseaver
chore: bump 'soliplex >= 0.60.1, < 0.61
c2d4884 
Remove commit patching 'backend/Dockerfile' to work around soliplex #901,
fixed in version '0.60.1'.
@tseaver
chore: bump 'soliplex >= 0.60.3, < 0.61'
ceebecb 
Pick up file upload fixes.
@tseaver tseaver force-pushed the feat-2-authelia-service-claude-gen branch from cfb6d33 to ceebecb Compare April 21, 2026 04:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@runyaga runyaga Awaiting requested review from runyaga

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tseaver