Understand if and how I can implement Google SSO authentication for my prodigy server

Hi, I'm new to Prodigy. Currently I am serving containerized prodigy with costume UI for our company needs. Next step is to implement authentication, preferable using Google SSO authentication.

Not sure what will be the best approach for achieving this:

  1. Is there a possibility to implement the authentication directly via prodigy? and "replace" the first page with my costume SSO login UI and logic?
  2. Another approve I can think of is to serve prodigy via FastAPI for example and implement the authentication within FastAPI. Not sure if this is even possible and how to achieve it.

General guidance for the best approach will be great.
Thanks.

1 Like

Hi! Prodigy supports basic auth out-of-the-box via the PRODIGY_BASIC_AUTH_USER and PRODIGY_BASIC_AUTH_USER environment variables: https://prodi.gy/docs/install#env-variables This will pop up a login dialog when you access the served web application. However, this is only basic authentication – but it essentially uses FastAPI (which powers Prodigy's API) in the way you describe.

In general, Prodigy is a pretty simple and lightweight Python application, so you can serve it like you would serve any other Python app. If you want to have your own custom login page, another option would be to set that up as a separate service for the login and authentication, and then redirect the user to Prodigy after they've authenticated.

Thanks Ines. I am familiar with the environment variables authentication, but for our usage we must have 2FA, so this is not an option for us. As well as for the separate service for login \ proxy service, I am trying to avoid it to simplify our infrastructure. In case I decide to avoid these suggested solutions - is there a possibility to implement any of the approaches I've described above?

I would recommend avoiding trying to implement SSO directly in Prodigy or via an additional application, as that can get rather complicated.

Instead I would suggest using a proxy in front of Prodigy, such as the oauth2 proxy. This has the nice benefit of already being containerized which should make getting it setup a little easier.

1 Like

Thanks! I assume also authelia can be useful here.

1 Like