Happy New Year to everyone!

Thanks, and to you too, happy new year! 🙂

Cause the master password is the encryption key

So it just sets the username?

And it checks that you can log in to the SSO, I guess

Exactly

It's basically just for Auth yeah..sets the username + email. But that's it. Normally for bitwarden your password is just your master password. But now you have "two" passwords. It's quite nice 🙂

I'm however only using it for fun. Ie. The self hosted vaultwarden. I'm using the hosted bitwarden.eu personally 😄 And slowly moving my family. I can't stand another "I can't remember my password for X thing" each time I have to help with something.

yeah.

passwords and email are two things i'll never self-host

i had an incident a few weeks ago where i messed up my authelia configuration and cause authelia was down I couldn't log into any new instances of tailscale :^)

I was thankfully already logged into a device but couldn't access the web dashboard to check tailscale routing

tailscale is fun!

I now need to figure out an lldap/authelia or something solution for a theatre that's reliable

yeah... I'm running home assistant at a theatre lmao

I cen somewhat accept vaultwarden, because each client that is signed in, will have its own offline cache. So even if the server goes down, you still have access on devices that were connected. However mail? Never... Quite happy with Migadu however 😄

What's about to get really cursed is I think I'm going to host some really f-d up code. I'm going to host some oauth solution in cloudflare pages such as https://github.com/ValueMelody/melody-auth and put a few services behind that. Truth be told, I would local host the auth, but I need the auth ahead of the device (because local access needs to bypass auth entirely)

you can judge me for sure lol, I know this is so ironic

I know them

Reverse proxy auth, and then just have the local machine use localhost to bypass the reverse proxy?

I think I do that a couple of places.

Hmmm, fair

It's basically what you would have done anyways w/ cloudflare. But in this way, you avoid cloudflare, which might be a nice bonus 😄

Oh wait this will be possible lol

I'm hosting the login stuff in cf but using forwardauth/oauth2 to log in

Wireguard ftw

Good year everyone ! I am not sure that you need oauth2, maybe only OIDC (OpenIDConnect) most languages have libraries to implement it not that hard

I could help with the nuts and bolts of testing

Happy New Year! Let's see if there's a pressing need before jumping into OIDC. I feel like LLDAP is nice for those who don't need OIDC or the associated complexity, and you can always plop authelia or something else in front to get OIDC

I'll get back on working on my PR soon.