[platform] add Oauth2

[klmhsb42]

Is there possibility of configuration, that if you are signed into one app, that you are also signed into all other apps and same if you sign out? I know you can just rememeber your password in the browser, but you have always to press sign in every time.

You don't need to add this to Syncloud, if you don't want to. I would be just interested to know a way for own purpose. In best case, like a configuration, which you have to change one time and which is not affected by updates...

[cyberb]

What we have right now is Single Sign On (SSO) implemented using LDAP as a central (on device) credential storage for all device apps.

I think what you are describing is password-less authentication to multiple apps after you login at some central location. This can be achieved using Oauth2, for example device UI can issue tokens to apps so you can access them as long as they are active/you session is active with device. In this case you only need to login to the device UI.
For that we need to switch from using LDAP integration in apps to Oauth2 which requires more UI interactions.

https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2

I think we need to add Oauth2 at some point with LDAP as a fallback option.

[klmhsb42]

Might be useful https://www.shibboleth.net/products/

[cyberb]

I have tested authelia on few apps like transmission which do not have any authentication at all and it looks very impressive by showing its own login page.
Also it supports oidc/oauth2 so probably the next step is to use it on platform level and on a dedicated dns like auth.device.tld. Then we could start integrating apps. Currently I am looking at peertube which pushes me to do this.