Skip to content

Commit

Permalink
Add option to remove user from the SSO login
Browse files Browse the repository at this point in the history
  • Loading branch information
9p4 committed Feb 16, 2022
1 parent 7f69d44 commit 387fa5c
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,10 @@ These all require authorization. Append an API key to the end of the request: `c
- GET `OID/Get`: Lists the configurations currently available.
- GET `OID/States`: Lists currently active OpenID flows in progress.

### Misc

- POST `Unregister/username`: This "unregisters" a user from SSO. A JSON-formatted string must be posted with the new authentication provider. To reset to the default provider, use `Jellyfin.Server.Implementations.Users.DefaultAuthenticationProvider` like so: `curl -X POST -H "Content-Type: application/json" -d '"Jellyfin.Server.Implementations.Users.DefaultAuthenticationProvider"' "https://myjellyfin.example.com/sso/Unregister/username?api_key=API_KEY`

## Limitations

There is no GUI to sign in. You have to make it yourself! The buttons should redirect to something like this: [https://myjellyfin.example.com/sso/SAML/p/clientid](https://myjellyfin.example.com/sso/SAML/p/clientid) replacing `clientid` with the provider client ID and `SAML` with the auth scheme (either `SAML` or `OID`).
Expand Down
10 changes: 10 additions & 0 deletions SSO-Auth/Api/SSOController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -391,6 +391,16 @@ public async Task<ActionResult> SamlAuth([FromBody] AuthResponse response)
return Problem("Something went wrong");
}

[Authorize(Policy = "RequiresElevation")]
[HttpPost("Unregister/{username}")]
public ActionResult Unregister(string username, [FromBody] string provider)
{
User user = _userManager.GetUserByName(username);
user.AuthenticationProviderId = provider;

return Ok();
}

private async Task<AuthenticationResult> Authenticate(string username, bool isAdmin, bool enableAuthorization, bool enableAllFolders, string[] enabledFolders, AuthResponse authResponse)
{
User user = null;
Expand Down

0 comments on commit 387fa5c

Please sign in to comment.