Rocket as Authentication Server

Trying to use Rocket as the authentication server in line with an authentication strategy with Wiki.js (someone over there wrote a module to allow logging in to your Wiki.js site authenticating using Rocket Chat server).

The strategy requires a ‘Client ID’, ‘Client Secret’ and a URL. Where are these sourced / configured on the Rocket chat server? I can’t see how to set up the RC server to act as an authenticator at all?

Any direction is much appreciated.

Thank you

Server Setup Information

  • Version of Rocket.Chat Server: 3.1.1
  • Operating System: Ubuntu 16
  • Deployment Method: Docker
  • Number of Running Instances: 1
  • MongoDB Version: v12.18.4
  • Proxy: nginx
  • Firewalls involved: No

Any additional Information

None

You need Identity Provider (IDP), which support Open ID Connect (OIDC) SSO protocol. You can use own server (where Keycloak is quite popular option) or service (Google, Okta, Auth0, …) and then your Rocket Chat/app (generally any app with OIDC support) will be authenticating users against that configured IDP. Rocket Chat is definitely not an authentication server in this setup. Your IDP is the place, where you configure and get client ID/secret for auth.

Thanks @jan.garaj - that’s what I also thought. However, within the latest release of Wiki.js that is definitely how it’s positioned. We already have authentication for Rocket actually using another Wordpress website, logging in using iFrame - but the Wiki auth definitely says it can authenticate using Rocket - odd… Anyone else come across this?

Here’s the Wiki info:

Why you don’t ask wiki.js community/devs? It doesn’t look like a documented feature, so it is hard to guess. But it looks like it wants to reuse existing Rocket Chat OIDC client/auth endpoint (that sound like really hackish implementation).

If you want to use Rocket.Chat as the Identity provider you need to create an oauth application.

Goto Administration->OAuth Apps

Then once you provide name and redirect uri you’ll get typical oauth stuff:

You can then use Rocket.Chat as your identity provider