Greetings everyone! Daniel here, I’ve been working on Linkwarden part-time over the past few months.
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages.
Key features:
- 📸 Preserve webpages as Screenshot, PDF, etc. So you can access them even if they are taken down.
- 👥 Collaborative, so you can share your collections with your friends and colleagues. You can also make them public and share them with the world.
- 📱 Designed for every screen size, from widescreen monitors down to smartphones.
- ⚡️ Open source and fully self-hostable!
- ✨ And so many more features! (Literally, just didn’t want to make this post too long. Check out the Github repo and Website for more info…)
If you like what we’re doing, you can support the project by either starring ⭐️ the repo to make it more visible to others or by subscribing to the Cloud plan (which helps the project, a lot).
Things like mobile app are already on the project roadmap and I’m so excited to share them with you in the future.
Feedback is always welcome, so feel free to share your thoughts!
Website: https://linkwarden.app
Thank you for including oAuth options for sign on. Makes a big difference being able to use the same account for all the things like freshRSS, seafile, immich etc.
I’m intrigued. How does it work? Do you have a link or an article to point me to?
The general principle is called single sign on (sso).
The idea is that instead of each all keeping track of users itself, there is another app (sometimes called an identity provider) that does this. Then when you try to log into an app, it takes to the to login of your identity provider instead. When the IP says you are the correct user, it sends a token to the app saying to let you access your account.
The huge benefits are if you are already logged into the IP on a browser for example, the other apps will login automatically without having to put in your password again.
Also for me the biggest benefit is not having to manage passwords for a large number of apps so family that uses my server have 1 account which gives them access to jellyfin, seafile, immich, freshrss etc. If they change that password it changes it for everything. You can enforce minimum password requirements. You can also add 2FA to any app now immediately.
I use Authentik as my identity provider: https://goauthentik.io/https://goauthentik.io/
There’s good guides to settings it up with traefik so that you get let encrypt certificates and can use traefik for proxy authentication on web based apps like sonarr. There are many different authentication methods an app can choose to use and Authentik essentially supports everything.
https://youtu.be/CPURnYaW3Zk
SSO should really be the standard for self hosted apps because this way they don’t have to worry about ensuring they have the latest security for user management etc. The app just allows a dedicated identity provider to worry about user management security so the app devs can focus on just the app.
Authentik is pretty good. Authelia is good too, and lighter weight.
You can combine Authelia with LLDAP to get a web UI for user management and LDAP for apps that don’t support OpenID Connect (like Home Assistant).
If you have to add a whole other app the match what authentik can do, is authelia really lighter weight?
Im joking because authentik does takes a decent chunk of ram but having all protocols together is nice. You can actually make ldap authentication 2FA if you want.
Interesting… How does Authentik do 2FA for LDAP?
I’m going to try it out and see how it compares to Authelia. My home server has 64GB RAM and I have VPSes with 16GB and 48GB RAM so RAM isn’t much of an issue :D
Because authentik uses flows, you can insert the 2FA part into any login flow (proxy, oauth, ldap etc)
https://youtu.be/whSBD8YbVlc
LDAP sends username and password over the network though… It doesn’t use regular web-based authentication. How would it add 2FA to that?
The above YouTube video shows that you can get authentik to send a 2fa push authentication that requires the phone to hit a button in order to complete the authentication flow.
Here is an alternative Piped link(s):
https://piped.video/whSBD8YbVlc
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Thank you for the detailed answer! It seems really interesting and I will definitely give a try on my server!
Although in the subscription version, SSO is not available unless you purchase the “Contact Us” version. https://sso.tax would like a word.
Free for self hosted which is probably what matters to most here
Definitely a fair point, always good to see that in a project