Skip to content

feat: allow any authentication provider + fief OIDC #999

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
inimaz merged 7 commits into from
Jan 11, 2026
Merged

feat: allow any authentication provider + fief OIDC #999

inimaz merged 7 commits into from
Jan 11, 2026

Conversation

@inimaz
Copy link
Collaborator

@inimaz inimaz commented Dec 7, 2025
edited
Loading

Description

Instead of using directly Fief, we can pass an auth_provider interface that uses OIDC and points to Fief.

Two main gains:

  1. Like this migrating to other auth providers will be easier. If they use OIDC, update the env vars. If they do not use OIDC they will need to implement the auth_provider interface.
  2. We can use this interface as well to provide a no-authentication provider 😄 . See
    carbonserver/carbonserver/api/services/auth_providers/no_auth_provider.py, for testing purposes. This will allow the UI in local to be easier to test/develop.

Related to #861

@inimaz inimaz requested a review from prmths128 December 7, 2025 13:12
@prmths128
Copy link
Contributor

prmths128 commented Dec 10, 2025

do we need multiple auth providers ?
the short term issue is not the fief server but the reliance on custom libs instead of generic oidc
i'd suggest instead keeping the fief server for the moment but switching the fief libs to fastapi_oidc on the back and next-auth on the front might
and then using another oidc server

@inimaz
Copy link
Collaborator Author

inimaz commented Dec 10, 2025
edited
Loading

do we need multiple auth providers ?

Thanks for the comment @prmths128 ! I agree we won't need 2 auth providers ever at the same time. On the other hand if we can implement the fastapi_oidc so that the server is injected and easily plugable? Like that for local dev we inject a mock and it is easier to work with it. What do you think?

@inimaz inimaz marked this pull request as ready for review January 10, 2026 17:00
@inimaz inimaz requested a review from a team as a code owner January 10, 2026 17:00
@inimaz inimaz changed the title feat: allow any authentication provider feat: allow any authentication provider + fief OIDC Jan 10, 2026
SaboniAmine
SaboniAmine approved these changes Jan 10, 2026
View reviewed changes
Copy link
Member

@SaboniAmine SaboniAmine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@inimaz inimaz merged commit 93dd3cf into master Jan 11, 2026
11 checks passed
@inimaz inimaz deleted the feat/auth-providers branch January 11, 2026 09:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SaboniAmine SaboniAmine SaboniAmine approved these changes

@prmths128 prmths128 Awaiting requested review from prmths128

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@inimaz @prmths128 @SaboniAmine