Skip to content

Feature: Add OpenID authentication #7613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sponte wants to merge 4 commits into
base: next
Choose a base branch
from
Open

Feature: Add OpenID authentication #7613

sponte wants to merge 4 commits into from
+251 −3

Conversation

@sponte
Copy link

@sponte sponte commented Dec 12, 2025

Changes

  • Add generic OpenID Connect (OIDC) authentication provider that works with any OIDC-compliant identity
    provider (Keycloak, Auth0, Okta, etc.)
  • Add automatic discovery of OIDC endpoints via .well-known/openid-configuration
  • Add support for custom login button labels for all OAuth providers
    • Configurable via UI in Settings > OAuth
    • Configurable via environment variables (e.g., OPENID_LOGIN_LABEL="Login with Company SSO")
    • Priority: Database setting > Environment variable > Default translation
  • Add custom_label column to oauth_settings table via migration
  • Cache OIDC configuration for 1 hour to reduce API calls

Implementation Details

  • Created custom OIDC provider in app/Socialite/OpenIDConnect/ following Laravel Socialite patterns
  • Extended all form components to support custom labels
  • Updated login view to use dynamic labels via getLoginLabel() method
  • Added environment variable support for all OAuth providers (not just OpenID)

Testing

  • Tested with Keycloak instance
  • Verified custom labels work via both UI and environment variables
  • Confirmed OIDC discovery endpoint caching works correctly
  • Tested migration rollback functionality

Backwards Compatibility

  • All existing OAuth providers continue to work unchanged
  • Migration is non-breaking (adds nullable column)
  • Default behavior unchanged if custom labels not configured
  • Existing translations still used as fallback

Documentation Updates

  • Updated .ai/patterns/security-patterns.md with OpenID provider details
  • Added OAuth configuration examples to .env.development.example
  • Updated CHANGELOG.md with feature additions

Use Case

This enables organizations to use their existing OIDC identity providers (like Keycloak, Auth0, or
corporate SSO systems) with Coolify, while also being able to customize the login button text to match
their branding (e.g., "Login with SSO" instead of generic "Login with OpenID").

@sponte
feat: add OpenID Connect provider and custom login button labels
87120ee 
Add OpenID Connect OAuth provider with discovery document support and implement custom label functionality for all OAuth providers. Users can now customize login button text via database or environment variables.
@sponte
feat: add OpenID Connect provider with custom login labels
53085de 
Add generic OIDC authentication supporting Keycloak, Auth0, Okta, and other OIDC-compliant providers. Include custom login button labels configurable via database settings or environment variables for all OAuth providers.
@sponte
docs: update OAuth custom label examples from "Platform Shape" to "SSO"
5e59fe3
@sponte
docs: update OIDC login label example in changelog
5049fa1
@sponte sponte changed the title Feature/add openid oauth Feature: Add OpenID authentication Dec 12, 2025
@Cinzya
Copy link
Member

Cinzya commented Dec 12, 2025

Looks like its adding the same as #6696

@sponte
Copy link
Author

sponte commented Dec 12, 2025

Fair enough. I've looked at using the laravel oidc provider but I've encountered some dependency incompatibilities with php version.

Additionally you have the ability to name the provider here as Login with OpenID is too generic when using such abstract provider.

Anyhow, glad to see there is some traction on providing oidc to coolify! Love the project and we're using a self-hosted version here at Platform Shape to develop our MVP. great work everyone!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sponte @Cinzya