pub-solar/infra
6
1
Fork 3
Code Issues 23 Pull requests 10 Actions Packages Projects 1 Releases Wiki Activity

SSO group sync & verification #161

New issue
Open
opened 2024-04-26 12:54:46 +00:00 by b12f · 1 comment
b12f commented 2024-04-26 12:54:46 +00:00
Owner
Copy link

To enable emailing, we'd need to be able to verify users as real. Otherwise our open registration will just lead to spambots using pub.solar email addresses for free. One way to do this would be to have a "verified" group in keycloak, which gets the right to send emails.

The same applies to Data volumes in Nextcloud. These are currently capped to 10MB by default, but for verified users, we could increase this to e.g. 5GB.

To enable emailing, we'd need to be able to verify users as real. Otherwise our open registration will just lead to spambots using pub.solar email addresses for free. One way to do this would be to have a "verified" group in keycloak, which gets the right to send emails. The same applies to Data volumes in Nextcloud. These are currently capped to 10MB by default, but for verified users, we could increase this to e.g. 5GB.
b12f added the
Feature request
 label 2024-04-26 13:03:37 +00:00
janhaa commented 2024-04-26 14:25:43 +00:00
Member
Copy link

Keycloak Server Providers could be considered for this - they allow Keycloak to extend its own functionalities:

https://www.keycloak.org/docs/latest/server_development/#_providers

It would be possible to implement an EventListener SPI:
https://www.keycloak.org/docs/latest/server_development/#_events

Then, one could use groups to mark authorized users and tap into the GROUP_MEMBERSHIP CREATE event to subsequently call the Nextcloud, etc. APIs based on this.

Keycloak Server Providers could be considered for this - they allow Keycloak to extend its own functionalities: https://www.keycloak.org/docs/latest/server_development/#_providers It would be possible to implement an EventListener SPI: https://www.keycloak.org/docs/latest/server_development/#_events Then, one could use groups to mark authorized users and tap into the GROUP_MEMBERSHIP CREATE event to subsequently call the Nextcloud, etc. APIs based on this.
👀 1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
element-call
per-admin-user
matrix-rendezvous-server
ssl-cert-warning
feat/automated-account-deletion
feat/matrix-moderation-draupnir
nginx-maintenance
feat/matrix-moderation
fix/use-nix-firewall-nat-feature-for-forgejo-redirect
feat/loomio
feat/matrix-hookshot
feat/libreddit
feat/invidious
No results found.
Labels
Clear labels   
Bug

   
Docs

   
Feature request

   
Good for newcomers

   
Infra

   
Privacy

   
Refactoring or migration

   
Security
No labels
Bug
Docs
Feature request
Good for newcomers
Infra
Privacy
Refactoring or migration
Security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: pub-solar/infra#161
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?