[GH-ISSUE #2552] [FEAT]: Simple SSO implementation flag via query flag #1654

Closed
opened 2026-02-22 18:25:54 -05:00 by yindo · 1 comment
Owner

Originally created by @timothycarambat on GitHub (Oct 29, 2024).
Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/2552

Originally assigned to: @timothycarambat on GitHub.

What would you like to see?

There are many situations where SSO is managed by some external service of platform that AnythingLLM is simply a sub-offering of. The issue becomes the following:

  1. User exists or logs into some external service or platform via SSO
  2. The user wants to access AnythingLLM, but requires a totally different login to leverage.
  3. This adds administrative overhead and makes AnythingLLM an external service that is harder to maintain userspace within that matches the external service.
  4. Since often the external platform and AnythingLLM are cross-domain or not on the same origin you cannot set a session token for AnythingLLM via the original domain.

Solution:
There should be an optional ENV flag that enables an endpoint to exist that permits a token to be embedded that is fetchable from a query param that "auto login" a user when present in the URL.

This token to be embedded in the URL should be a lookup token that is only valid once and is able to set the user session on login. Issuance/creation of this token for a user can be done via the developer API.

This feature and its associated features are all disabled unless the simple sso feature ENV flag is enabled.

Originally created by @timothycarambat on GitHub (Oct 29, 2024). Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/2552 Originally assigned to: @timothycarambat on GitHub. ### What would you like to see? There are many situations where SSO is managed by some external service of platform that AnythingLLM is simply a sub-offering of. The issue becomes the following: 1. User exists or logs into some external service or platform via SSO 2. The user wants to access AnythingLLM, but requires a totally different login to leverage. 3. This adds administrative overhead and makes AnythingLLM an external service that is harder to maintain userspace within that matches the external service. 4. Since often the external platform and AnythingLLM are cross-domain or not on the same origin you cannot set a session token for AnythingLLM via the original domain. **Solution**: There should be an optional ENV flag that enables an endpoint to exist that permits a token to be embedded that is fetchable from a query param that "auto login" a user when present in the URL. This token to be embedded in the URL should be a lookup token that is only valid once and is able to set the user session on login. Issuance/creation of this token for a user can be done via the developer API. This feature and its associated features are all disabled unless the simple sso feature ENV flag is enabled.
yindo added the enhancementfeature request labels 2026-02-22 18:25:54 -05:00
yindo closed this issue 2026-02-22 18:25:54 -05:00
Author
Owner

@timothycarambat commented on GitHub (Oct 29, 2024):

connects #1193

@timothycarambat commented on GitHub (Oct 29, 2024): connects #1193
yindo changed title from [FEAT]: Simple SSO implementation flag via query flag to [GH-ISSUE #2552] [FEAT]: Simple SSO implementation flag via query flag 2026-06-05 14:41:56 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#1654