- OAUTH2_LOGIN_STYLE popup or redirect, part 2.

Thanks to xet7 !

Dockerfile

@@ -27,6 +27,7 @@ ARG BROWSER_POLICY_ENABLED
 ARG TRUSTED_URL
 ARG WEBHOOKS_ATTRIBUTES
 ARG OAUTH2_ENABLED
+ARG OAUTH2_LOGIN_STYLE
 ARG OAUTH2_CLIENT_ID
 ARG OAUTH2_SECRET
 ARG OAUTH2_SERVER_URL
@@ -123,6 +124,7 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth
     TRUSTED_URL="" \
     WEBHOOKS_ATTRIBUTES="" \
     OAUTH2_ENABLED=false \
+    OAUTH2_LOGIN_STYLE=redirect \
     OAUTH2_CLIENT_ID="" \
     OAUTH2_SECRET="" \
     OAUTH2_SERVER_URL="" \

docker-compose.yml

@@ -272,6 +272,8 @@ services:
       # 2) Configure the environment variables. This differs slightly
       #     by installation type, but make sure you have the following:
       #- OAUTH2_ENABLED=true
+      # OAuth2 login style: popup or redirect.
+      #- OAUTH2_LOGIN_STYLE=redirect
       # Application GUID captured during app registration:
       #- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
       # Secret key generated during app registration:
@@ -292,6 +294,8 @@ services:
       # ==== OAUTH2 KEYCLOAK ====
       # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
       #- OAUTH2_ENABLED=true
+      # OAuth2 login style: popup or redirect.
+      #- OAUTH2_LOGIN_STYLE=redirect
       #- OAUTH2_CLIENT_ID=<Keycloak create Client ID>
       #- OAUTH2_SERVER_URL=<Keycloak server name>/auth
       #- OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
@@ -305,6 +309,8 @@ services:
       # Enable the OAuth2 connection
       #- OAUTH2_ENABLED=true
       # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+      # OAuth2 login style: popup or redirect.
+      #- OAUTH2_LOGIN_STYLE=redirect
       # OAuth2 Client ID.
       #- OAUTH2_CLIENT_ID=abcde12345
       # OAuth2 Secret.

rebuild-wekan.bat

@@ -1,6 +1,7 @@
 @ECHO OFF
 
-REM IN PROGRESS: Build on Windows.
+REM NOTE: THIS .BAT DOES NOT WORK !!
+REM Use instead this webpage instructions to build on Windows:
 REM https://github.com/wekan/wekan/wiki/Install-Wekan-from-source-on-Windows
 REM Please add fix PRs, like config of MongoDB etc.
 

releases/virtualbox/start-wekan.sh

@@ -71,6 +71,8 @@
         # 2) Configure the environment variables. This differs slightly
         #     by installation type, but make sure you have the following:
         #export OAUTH2_ENABLED=true
+        # OAuth2 login style: popup or redirect.
+        #export OAUTH2_LOGIN_STYLE=redirect
         # Application GUID captured during app registration:
         #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
         # Secret key generated during app registration:
@@ -91,6 +93,8 @@
         # ==== OAUTH2 KEYCLOAK ====
         # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
         #export OAUTH2_ENABLED=true
+        # OAuth2 login style: popup or redirect.
+        #export OAUTH2_LOGIN_STYLE=redirect
         #export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
         #export OAUTH2_SERVER_URL=<Keycloak server name>/auth
         #export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
@@ -99,11 +103,13 @@
         #export OAUTH2_SECRET=<keycloak client secret>
         #-----------------------------------------------------------------
         # ==== OAUTH2 DOORKEEPER ====
+        # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
         # https://github.com/wekan/wekan/issues/1874
         # https://github.com/wekan/wekan/wiki/OAuth2
         # Enable the OAuth2 connection
         #export OAUTH2_ENABLED=true
-        # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+        # OAuth2 login style: popup or redirect.
+        #export OAUTH2_LOGIN_STYLE=redirect
         # OAuth2 Client ID.
         #export OAUTH2_CLIENT_ID=abcde12345
         # OAuth2 Secret.

server/authentication.js

@@ -69,7 +69,7 @@ Meteor.startup(() => {
         { service: 'oidc' },
         {
           $set: {
-            loginStyle: 'redirect',
+            loginStyle: process.env.OAUTH2_LOGIN_STYLE,
             clientId: process.env.OAUTH2_CLIENT_ID,
             secret: process.env.OAUTH2_SECRET,
             serverUrl: process.env.OAUTH2_SERVER_URL,

snap-src/bin/config

@@ -3,7 +3,7 @@
 # All supported keys are defined here together with descriptions and default values
 
 # list of supported keys
-keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
+keys="DEBUG MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW EMAIL_NOTIFICATION_TIMEOUT CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_EMAIL_MAP LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD"
 
 # default values
 DESCRIPTION_DEBUG="Debug OIDC OAuth2 etc. Example: sudo snap set wekan debug='true'"
@@ -122,6 +122,10 @@ DESCRIPTION_OAUTH2_ENABLED="Enable the OAuth2 connection"
 DEFAULT_OAUTH2_ENABLED="false"
 KEY_OAUTH2_ENABLED="oauth2-enabled"
 
+DESCRIPTION_OAUTH2_LOGIN_STYLE="OAuth2 login style: popup or redirect. Default: redirect"
+DEFAULT_OAUTH2_LOGIN_STYLE="redirect"
+KEY_OAUTH2_LOGIN_STYLE="oauth2-login-style"
+
 DESCRIPTION_OAUTH2_CLIENT_ID="OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345"
 DEFAULT_OAUTH2_CLIENT_ID=""
 KEY_OAUTH2_CLIENT_ID="oauth2-client-id"

snap-src/bin/wekan-help

@@ -94,6 +94,12 @@ echo -e "\t$ snap set $SNAP_NAME oauth2-client-id='54321abcde'"
 echo -e "\t-Disable the OAuth2 Client ID of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-client-id=''"
 echo -e "\n"
+echo -e "OAuth2 login style: popup or redirect. Default: redirect"
+echo -e "To enable the OAuth2 login style popup of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-login-style='popup'"
+echo -e "\t-Disable the OAuth2 login style popup of Wekan:"
+echo -e "\t$ snap set $SNAP_NAME oauth2-login-style='redirect'"
+echo -e "\n"
 echo -e "OAuth2 Secret."
 echo -e "To enable the OAuth2 Secret of Wekan:"
 echo -e "\t$ snap set $SNAP_NAME oauth2-secret='54321abcde'"

start-wekan.bat

@@ -1,5 +1,12 @@
 REM ------------------------------------------------------------
 
+REM NOTE: THIS .BAT DOES NOT WORK !!
+REM Use instead this webpage instructions to build on Windows:
+REM https://github.com/wekan/wekan/wiki/Install-Wekan-from-source-on-Windows
+REM Please add fix PRs, like config of MongoDB etc.
+
+REM ------------------------------------------------------------
+
 REM # Debug OIDC OAuth2 etc.
 REM SET DEBUG=true
 

start-wekan.sh

@@ -89,6 +89,9 @@ function wekan_repo_check(){
       # 2) Configure the environment variables. This differs slightly
       #     by installation type, but make sure you have the following:
       #export OAUTH2_ENABLED=true
+      # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+      # OAuth2 login style: popup or redirect.
+      #export OAUTH2_LOGIN_STYLE=redirect
       # Application GUID captured during app registration:
       #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
       # Secret key generated during app registration:
@@ -109,6 +112,8 @@ function wekan_repo_check(){
       # ==== OAUTH2 KEYCLOAK ====
       # https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
       #export OAUTH2_ENABLED=true
+      # OAuth2 login style: popup or redirect.
+      #export OAUTH2_LOGIN_STYLE=redirect
       #export OAUTH2_CLIENT_ID=<Keycloak create Client ID>
       #export OAUTH2_SERVER_URL=<Keycloak server name>/auth
       #export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
@@ -117,11 +122,13 @@ function wekan_repo_check(){
       #export OAUTH2_SECRET=<keycloak client secret>
       #-----------------------------------------------------------------
       # ==== OAUTH2 DOORKEEPER ====
+      # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
       # https://github.com/wekan/wekan/issues/1874
       # https://github.com/wekan/wekan/wiki/OAuth2
       # Enable the OAuth2 connection
       #export OAUTH2_ENABLED=true
-      # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+      # OAuth2 login style: popup or redirect.
+      #export OAUTH2_LOGIN_STYLE=redirect
       # OAuth2 Client ID.
       #export OAUTH2_CLIENT_ID=abcde12345
       # OAuth2 Secret.