Comment by ffsm8
8 hours ago
That's called forward auth - or proxy auth
You can do the same thing - with the added burden of actually having to set it up once ... After you set it up, it's however just as trivial to add new systems like with this linked example.
I got pretty much everything I'm self-hosting like that via keycloak (which itself let's me do social with via GitHub and Google etc pp) and a very similar nginx config like it's shown in these docs.
But the initial setup took multiple hours, even if the adding new services which support forward/proxy auth is extremely easy now.
(Jellyfin sadly doesn't as an example)
Just saying it in case you want to check it out.
I think it's fantastic they added that/provide this to their platform - it's a wonderful value-add
I think running and managing and possibly misconfiguring a keycloak java monolith would be exactly what I'd want to avoid which is why it's cool that they offer this.
There are a lot other identity providers around you can pick from, I merely mentioned it as I personally use it, as it's so easy to run and integrate with social auth - and comes with features such as simple password-less auth.
The forward auth/proxy auth is not a keycloak feature, it's a proxy feature, which just need some identity provider. If you look for the mentioned term via Google or AI/llm you will find multiple options, some of which are as easy to setup as a simple docker run cmd with an open port
I.e. https://docs.goauthentik.io/add-secure-apps/providers/proxy/...