Skip to content

Add external auth providers#1

Open
MatthiasKainer wants to merge 31 commits intolumile:mainfrom
inxm-ai:main
Open

Add external auth providers#1
MatthiasKainer wants to merge 31 commits intolumile:mainfrom
inxm-ai:main

Conversation

@MatthiasKainer
Copy link

@MatthiasKainer MatthiasKainer commented Oct 27, 2025

The goal is to support external oauth providers as well, both as app connector, or by using an existing iam solution with edge termination

From the readme:

External OAuth Authentication

TimeTracker MCP supports external OAuth/OIDC authentication providers through two modes:

  1. Better Auth Integration — OAuth providers (Google, GitHub, Microsoft Entra ID, custom OIDC) integrated directly
  2. OAuth Proxy Mode — Use an external OAuth proxy with signed JWT headers for enterprise deployments
  3. Disabled — Default mode with email/password only

For complete configuration instructions, see External Authentication Guide.

Quick configuration:

# Enable external auth
EXTERNAL_AUTH_MODE=better-auth  # or "proxy" or "disabled"

# For Better Auth mode - configure OAuth provider
EXTERNAL_AUTH_PROVIDER=google
OAUTH_GOOGLE_CLIENT_ID=your-client-id
OAUTH_GOOGLE_CLIENT_SECRET=your-client-secret

Let me know if you want some tests with that - it would mostly be mocked-tests that will stay green even if the providers change something, so I wasn't sure of the value.

There is a Claude file but no contributor guidelines, so I wasn't really sure what's expected of humans :D

@MatthiasKainer
add external auth columns to user table
02b975b
@MatthiasKainer
add environment variables draft for external authentication
5b5a840
@MatthiasKainer
First draft of external authentication utilities
521aac8
@MatthiasKainer
add OAuth provider support
42eef36
@MatthiasKainer
add hybrid authentication support
7cdb125
@MatthiasKainer
add external authentication endpoints
64b2a7f 
soon we'll know if it's actually working...
@MatthiasKainer
Vibe coded react component for account linking. Now for the test
9bbcd4e
@MatthiasKainer
Adding it to the login form too because that helps with testing
7ef69cc
@MatthiasKainer
Add documentation that proved working during testing
b02d070
@MatthiasKainer
Merge pull request #2 from inxm-ai/feat/pluggable-auth
62328b8 
Feat/pluggable auth

Relates to #1
@MatthiasKainer
Fix linting errors
dc54f48
@MatthiasKainer
Added standalone deployment and docker image
e6d9c7c
@MatthiasKainer
Add env file that drizzle needs
153a7ba
@MatthiasKainer
Add first rudimentary api key based authentication
77ce26e
@MatthiasKainer
Can't use any
55ad881
@MatthiasKainer
Allow non ssl for pg also on sandboxed qa environments
9337185
@MatthiasKainer
Add proxy auth to mcp
eec6f36
@MatthiasKainer
First authz service
25c4b8c
@MatthiasKainer
Added role based auth to api and report service
360b136
@MatthiasKainer
Fixed linting error
4b301f3
@MatthiasKainer
Use PGSSLMODE for checking postgres ssl status
3031752
@MatthiasKainer
Set basePath via env
516005c
@MatthiasKainer
Prefix assets as well
49a9c60
@MatthiasKainer
Add auth headers to allowed headers
05d1042
@MatthiasKainer
Create hook for auth in proxy mode
9a4eeb0
@MatthiasKainer
Trying to avoid eager redirect in proxy mode
7c133e5
@MatthiasKainer
Return structured content
4da27d3
@MatthiasKainer
Some package hygene
9425c9d
@MatthiasKainer
Register tools with output schema
ea36a83
@MatthiasKainer
Add userId to schema
897cb4a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MatthiasKainer