So this is about initializing the authentication flow automatically in case the user is not logged in, rather than manually having to press the login with OIDC button?

That's correct, yep! Currently on the login page it still gives the option to login with the built-in username/password, or to click the OIDC login option.

@sissbruecker I kind of had the same issue, to a degree. I noticed that when the setting LD_ENABLE_AUTH_PROXY is set to "True", I cannot log in with either OIDC or password login. However, when I set that to "False", I can then log in with both. I don't know if this qualifies as a new issue entirely, but it's something I wanted to bring up in case I am doing something odd.

@sprjr Currently that is how the option works, as soon as you configure an auth proxy other authentication methods get disabled. Why do you want to enable both? I don't know if there is a setup where this makes sense. Theoretically your reverse proxy should deny you access to the linkding instance unless you are authenticated in the auth proxy. So even if someone wanted to access the login page, they can't unless they are authenticated in the auth proxy. If you can access the login page without being authenticated in the auth proxy, then something is wrong with your setup. That would mean that anyone who has access to your instance can bypass the login by just passing a username header in the HTTP request.

Perhaps I misphrased it. I do not want to enable both. However, when I set it to true this morning it became an "all or nothing" situation. If it was sent to true then I could log in with neither password or OIDC login. If I set it to false which I currently have, then I can log in with both password and OIDC.

When you properly configure an auth proxy, other authentication methods don't make any sense. No one can access the login page without already being authenticated in the auth proxy. If someone can access the login page, then they are already authenticated in the auth proxy, and don't need to use username+password or OIDC anymore. I'd say this works as intended.

I don't think we're correctly lining up. I can provide my config if that might make things easier? I have set up my auth proxy, but if I set LD_ENABLE_AUTH_PROXY to "True", then I reach the log in page whether I'm authenticated to my auth proxy service or not. Then, if I click on the log in with OIDC button, it redirects me to my auth proxy, but then drops me back to the Linkding login page. It's unresponsive if I use the regular login button.

If I set LD_ENABLE_AUTH_PROXY to "False", then I can log in using either OIDC or password. Does that make sense? From what you're saying, if I set it to "True", I should be bounced immediately to the auth proxy and not given the option to do a password login.

I have set up my auth proxy, but if I set LD_ENABLE_AUTH_PROXY to "True", then I reach the log in page whether I'm authenticated to my auth proxy service or not.

That sounds like something is not set up correctly. If you want to use proxy auth, you need to configure your reverse proxy (nginx, Traefik, etc.) to redirect you to your auth proxy if you are not authenticated.

@sprjr I'm realizing your issue - OIDC is different from proxy authorization. That setting is not supposed to be enabled if you want OIDC login.

However I still have my same issue - is there a way to force the login screen to only be the Authentik OIDC login, instead of the landing page with the option to login with either the Linkding credentials or the OIDC button?

I've been unsuccessful in figuring this out so far, if its possible.

@sissbruecker - this is a very well done app, with such rapid progress, appreciate your engagement on the issues threads.

Ah thank you, I didn't realize I had my terminology wrong.

I'd appreciate the same feature, since ultimately that's what I was getting at. Forcing OIDC and removing password login would be great.

I'd also like this feature, possibly with an automatic redirect to the OIDC provider. I'd also be open to implement it myself, if you need/want the help.

Hello @yuri-becker ,
i tries an implementation for disabling form authentication with an option on #972,

Would you be able to provide some help on the auto redirect to the OIDC authorization flow ?