OpenAtlas

Thank you for your ticket. The integration of OpenID Connect via OAuth 2.0 is a reasonable suggestion that has been discussed internally before. We previously removed a similar task due to a lack of specific user demand. Because OpenAtlas is an academic software with a strong focus on data privacy, we will not implement fixed connections to third-party providers such as GitHub, Azure, or Google. While institutional solutions like EduGAIN or Shibboleth exist, these require administration by your specific hosting institution and cannot be managed globally by OpenAtlas.

Furthermore, we will not host identity provider services like Keycloak ourselves because the administrative effort regarding security and maintainability would exceed our current resources. The most viable technical solution is the implementation of a generic interface that every OpenAtlas admin can configure by themself. This approach allows you to define your preferred service by entering the required URLs and credentials in the production.py file or the admin interface.

Regarding the technical implementation, we strictly use Debian 13 system packages and will therefore utilize python3-authlib for the backend logic instead of pip-based libraries. While I understand the importance of simplifying the login process, we currently working at full capacity. I will move this request to the wishlist for now. I am personally interested in this implementation.