This release is a breaking change. It removes the ability to log in with passkeys. While that was cool, it added complexity and attack surface to the app and ran into weirdness across different browsers and operating environments. It also caused library problems as the version conflicts with maintained webauthn stuff and NextAuth.
SSO is a better fit for this use case, and it allows auth providers to do what they do best.
This version adds additional SSO providers (Okta, Keycloak, GitHub, GitLab) to the already-enabled Google SSO. It also adds a "demo mode" for local test/dev if you want to spin it up really quick without an auth provider.
It also updates en var names, so you may need to look at the example files and update yours.
Checklist before upgrading:
- Ensure you understand passkeys will no longer work.
- Read docs/installation.md for a intro on SSO requirements or demo mode
- Review .env.example-dev for developers and deploy/docker/.env.example-prod for those pulling the pre-built containers
- Review deploy/docker/docker-compose.yml as it has changed slightly (due to env var names mostly)
- Update your env file with the new naming scheme and new auth variables
What's Changed
- Simplify auth to SSO with optional demo mode by @initstring in #69
- Simplify Docker installation flow and standardize env variables by @initstring in #70
- Add Keycloak and Okta SSO configuration and sign-in UI by @initstring in #71
- Remove Authenticator model and add drop-table migration by @initstring in #72
- Add GitHub and GitLab SSO support by @initstring in #73
- Bump version for tagging by @initstring in #74
- Ensure bootstrap admin is enforced on each init run by @initstring in #75
- Disable demo auth when SSO providers are configured by @initstring in #77
Full Changelog: v0.4.3...v0.5.0
