pub-solar
/
infra
6
1
Fork 3
Code Issues 16 Pull Requests 8 Actions Packages Projects 1 Releases Wiki Activity

SSO group sync & verification #161

New Issue
Open
opened 2024-04-26 12:54:46 +00:00 by b12f · 1 comment
b12f commented 2024-04-26 12:54:46 +00:00
Owner

To enable emailing, we'd need to be able to verify users as real. Otherwise our open registration will just lead to spambots using pub.solar email addresses for free. One way to do this would be to have a "verified" group in keycloak, which gets the right to send emails.

The same applies to Data volumes in Nextcloud. These are currently capped to 10MB by default, but for verified users, we could increase this to e.g. 5GB.

To enable emailing, we'd need to be able to verify users as real. Otherwise our open registration will just lead to spambots using pub.solar email addresses for free. One way to do this would be to have a "verified" group in keycloak, which gets the right to send emails. The same applies to Data volumes in Nextcloud. These are currently capped to 10MB by default, but for verified users, we could increase this to e.g. 5GB.
b12f added the
Feature request
 label 2024-04-26 13:03:37 +00:00
janhaa commented 2024-04-26 14:25:43 +00:00

Keycloak Server Providers could be considered for this - they allow Keycloak to extend its own functionalities:

https://www.keycloak.org/docs/latest/server_development/#_providers

It would be possible to implement an EventListener SPI:
https://www.keycloak.org/docs/latest/server_development/#_events

Then, one could use groups to mark authorized users and tap into the GROUP_MEMBERSHIP CREATE event to subsequently call the Nextcloud, etc. APIs based on this.

Keycloak Server Providers could be considered for this - they allow Keycloak to extend its own functionalities: https://www.keycloak.org/docs/latest/server_development/#_providers It would be possible to implement an EventListener SPI: https://www.keycloak.org/docs/latest/server_development/#_events Then, one could use groups to mark authorized users and tap into the GROUP_MEMBERSHIP CREATE event to subsequently call the Nextcloud, etc. APIs based on this.
👀 1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
backups-splay
fix/keycloak
main
feat/matrix-moderation-draupnir
feat/matrix-moderation
feat/automated-account-deletion
fix/use-nix-firewall-nat-feature-for-forgejo-redirect
feat/loomio
feat/matrix-hookshot
feat/libreddit
feat/invidious
Labels
Clear labels   
Bug
   
Docs
   
Feature request
   
Good for newcomers
   
Infra
   
Privacy
   
Refactoring or migration
   
Security
No Label
Bug
Docs
Feature request
Good for newcomers
Infra
Privacy
Refactoring or migration
Security
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: pub-solar/infra#161
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?