Skip to content

Instantly share code, notes, and snippets.

@gwbischof

gwbischof/lemmy-sso.md

Last active September 13, 2024 23:04
Show Gist options
  • Save gwbischof/ea41a74410b8fa890f148b5d45310513 to your computer and use it in GitHub Desktop.
Save gwbischof/ea41a74410b8fa890f148b5d45310513 to your computer and use it in GitHub Desktop.
Download ZIP
Lemmy SSO Support Dev Setup
Raw
lemmy-sso.md

1. Checkout lemmy:sso-support branch

# Switch to privacyguard:sso_support branch.
cd lemmy
git remote add privacyguard [email protected]:privacyportal/lemmy.git
git fetch --all
git switch sso_support
git submodule init && git submodule update --remote

2. Checkout lemmy-ui:sso-support branch

# The lemmy-ui changes require the latest version of lemmy-js-client.
cd lemmy-ui
git remote add privacyguard [email protected]:privacyportal/lemmy-ui.git
git fetch --all
git switch sso_support
git submodule init && git submodule update --remote

3. Edit lemmy-ui/package.json, use github link for lemmy-js-client dep.

(pnpm add ../lemmy-js-client didn't work for me.)

diff --git a/package.json b/package.json
index d1ee5cfd..3fdc01a3 100644
--- a/package.json
+++ b/package.json
@@ -60,7 +60,7 @@
     "inferno-router": "^8.2.3",
     "inferno-server": "^8.2.3",
     "jwt-decode": "^4.0.0",
-    "lemmy-js-client": "0.19.4",
+    "lemmy-js-client": "[email protected]:privacyportal/lemmy-js-client.git#4f10ac0780b7315e99b364956dac2929d92650a4",
     "lodash.isequal": "^4.5.0",
     "markdown-it": "^14.1.0",
     "markdown-it-bidi": "^0.1.0",

4. Update the lemmy docker-compose

  • Comment out the image field, and uncomment the build field for both lemmy and lemmy-ui so that it uses the local repos. The build field should point to your local repo path.
+++ b/docker/docker-compose.yml
@@ -53,14 +53,14 @@ services:

   lemmy-ui:
     # use "image" to pull down an already compiled lemmy-ui. make sure to comment out "build".
-    image: dessalines/lemmy-ui:0.19.5
+    #image: dessalines/lemmy-ui:0.19.5
     # platform: linux/x86_64 # no arm64 support. uncomment platform if using m1.
     # use "build" to build your local lemmy ui image for development. make sure to comment out "image".
     # run: docker compose up --build

-    # build:
-    #   context: ../../lemmy-ui # assuming lemmy-ui is cloned besides lemmy directory
-    #   dockerfile: dev.dockerfile
+    build:
+      context: ../../lemmy-ui # assuming lemmy-ui is cloned besides lemmy directory
+      dockerfile: dev.dockerfile
  • Update the port forward in the nginx section, this is needed for an app to connect to this instance.
@@ -12,7 +12,8 @@ services:
       # Note, change the left number if port 1236 is already in use on your system
       # You could use port 80 if you won't use a reverse proxy
       - "1236:1236"
-      - "8536:8536"
+      - "80:8536"

5. Start the containers and run database migrations.

cd lemmy/docker
docker compose up --build

# Install diesel_cli
cargo install diesel_cli --no-default-features --features postgres

# Run database migrations.
diesel migration run --database-url postgresql://lemmy:password@localhost:5433
  1. Sign In to Lemmy as admin and go to the admin settings page: http://localhost:1236/admin
    • admin_username: “lemmy”
    • admin_password: “lemmylemmy”
  2. Enable "oauth_registration" under the "Site" tab to allow users to Sign Up using OAUTH
  3. Under the "authentication" tab you will need to add an OIDC provider configuration.
  • Most fields in this configuration are provided to you by the OIDC Provider including the "oauth_issuer", "oauth_authorization_endpoint", "oauth_token_endpoint", "oauth_userinfo_endpoint".
  • You will need to find out which scopes are needed by the provider in question in order to get access to the user_id, name and email. The scopes will need to be set under "oauth_scopes" and you will need to fill the "oauth_id_claim" and "oauth_name_claim" fields to tell Lemmy the name of the properties containing the user_id and the user name as returned by your OIDC provider.
  • To simplify this step we added a preset configuration to Lemmy-ui for the Privacy Portal OIDC provider. Additional preset providers can be added at any time by opening Pull Requests.
  1. The remaining fields "oauth_client_id" and "oauth_client_secret" are instance specific and require you to create an account with your preferred OIDC provider. With Privacy Portal, you can create a free account and test this setup like the following:
  • Sign up at https://app.privacyportal.org
  • Go to "Developer Settings"
  • Create a "New Application"
  • Register the application with the following information { "Name": "Lemmy Test", "Homepage URL": "http://localhost:1234", "Callback URL": "http://localhost:1234/oauth/callback" }
  • Under Credentials, you should now get a "client_id" that you can use on Lemmy-ui to fill the "oauth_client_id" field.
  • Also under Credentials, tap on "Generate Secret" to get a secret that you can use to fill the "oauth_client_secret" in Lemmy-ui.
  1. Now you should have all the fields filled in your configuration, click "save" and sign out from the admin account.
  2. Go to the Lemmy Login page, you should now see the SSO button to login with your configured provider.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment