How complex is it to plug an external auth provider

Hello Ghost contributors,

How complex is it to plug an external auth provider such as Auth0 or any cloud based authentification (AWS Amplify, firebase) ?

Or best, is it easy to bypass the authentification system by providing some tokens or just a call to a function that just does “hey this user xxx is connected” directly somewhere in the code ?

Cheers, A.

2 Likes

Hey @arelaxend, can I ask what you’re trying to achieve with Ghost by using an external auth provider? :slight_smile:

We’d love to have a single sign-on experience, but couldn’t find a way to do it natively in Ghost :slightly_frowning_face:

2 Likes

Hey team!

I’m in the same boat: with introduction of Members (fantastic feature!) I must find a way to integrate the members that I already have elsewhere (in my case, they are in https://auth0.com) and let them login with their prefered method and existing credentials. It would also allow users to login their way (social, SSO/SAML, passwordless SMS, with/without MFA, etc).

Basically, it’s just delegating authentication flow to an external service, getting an access token and an id_token back from them, and using these items as usual.

As I work for a company that does exactly this (we do identity management), would it be possible to collaborate with someone in some way on this integration?

Cheers!

2 Likes

pinging @DavidDarnes for visibility :wink:

I’m in the same boat: App Integrations, Auth

I would love to use an external auth provider or even use Ghost itself as an Identity Provider. I would like my members to be able to leverage SSO across several services (example: Ghost, Discourse) and ideally something like Auth0 would be great.

4 Likes

Did anyone here make any progress with this?
I’m currently trying to scope out hooking ghost into an app we’re working on, and it’d be super useful to be able to use firebase auth.

1 Like

It is the highest requested non-planned feature for Ghost. I suggest voting for it here:

Did anyone make progress and open source anything?

I did a hack to bypass the email confirmation. So you filled in email &yourwishedpassword, click ok and you got a new user with the role you configured. It was not hard. Is that what you meant?

I recently posted about this in another thread as well.
It may help to understand what could be done with Ghost code as of now.