Is there an existing feature request for this?

• I have searched the existing issues before opening this feature request.

Describe the feature you would like to see.

It would be nice to allow authentication via an HTTP-header containing the username. This would allow using proxy authentication via sso providers like Authelia or Authentik and by this, it would also be possible to authenticate using ldap or oidc.

Describe the solution you'd like.

• New environment variables for:
  • Whether the header authentication should be enabled
  • The header containing the username of the user
  • The header containing the email of the user
• Automatic account creation for new users, this can happen transparently in my option

Additional context to this request.

Http header authentication basically works like this:

• You put a proxy in front of your application
• This proxy does not let anything through to the application until the user authenticates with the proxy
• As soon as the user is authenticated, the proxy passes the traffic to the application including a header containing their username, email and whatever else you configure

I am aware that other requests for ldap (#594), saml (#2635) and oidc (#3990) have been dismissed for being too time-consuming to implement.
Using an HTTP-header, however, would be much simpler to do.

Many other services do this as well, for example Paperless
and Firefly III

I think, this would be a good solution for all the users who wanted to have ldap, saml or oidc. And it should not be too complicated to implement 🙂 What do you think?