danny-avila · leondape · Feb 26, 2025 · Feb 27, 2025 · rubentalstra · Feb 26, 2025
diff --git a/.env.example b/.env.example
@@ -431,6 +431,9 @@ OPENID_NAME_CLAIM=
 
 OPENID_BUTTON_LABEL=
 OPENID_IMAGE_URL=
+# Set to true to automatically redirect to the OpenID provider when a user visits the login page
+# This will bypass the login form completely for users, only use this if OpenID is your only authentication method
+OPENID_AUTO_REDIRECT=false
 
 # LDAP
 LDAP_URL=

diff --git a/api/server/routes/__tests__/config.spec.js b/api/server/routes/__tests__/config.spec.js
@@ -18,6 +18,7 @@ afterEach(() => {
   delete process.env.OPENID_ISSUER;
   delete process.env.OPENID_SESSION_SECRET;
   delete process.env.OPENID_BUTTON_LABEL;
+  delete process.env.OPENID_AUTO_REDIRECT;
   delete process.env.OPENID_AUTH_URL;
   delete process.env.GITHUB_CLIENT_ID;
   delete process.env.GITHUB_CLIENT_SECRET;

diff --git a/api/server/routes/config.js b/api/server/routes/config.js
@@ -58,6 +58,7 @@ router.get('/', async function (req, res) {
         !!process.env.OPENID_SESSION_SECRET,
       openidLabel: process.env.OPENID_BUTTON_LABEL || 'Continue with OpenID',
       openidImageUrl: process.env.OPENID_IMAGE_URL,
+      openidAutoRedirect: isEnabled(process.env.OPENID_AUTO_REDIRECT),
       serverDomain: process.env.DOMAIN_SERVER || 'http://localhost:3080',
       emailLoginEnabled,
       registrationEnabled: !ldap?.enabled && isEnabled(process.env.ALLOW_REGISTRATION),

diff --git a/client/src/components/Auth/Login.tsx b/client/src/components/Auth/Login.tsx
@@ -1,4 +1,5 @@
 import { useOutletContext } from 'react-router-dom';
+import { useEffect, useRef } from 'react';
 import { useAuthContext } from '~/hooks/AuthContext';
 import type { TLoginLayoutContext } from '~/common';
 import { ErrorMessage } from '~/components/Auth/ErrorMessage';
@@ -10,6 +11,29 @@ function Login() {
   const localize = useLocalize();
   const { error, setError, login } = useAuthContext();
   const { startupConfig } = useOutletContext<TLoginLayoutContext>();
+  const redirectAttemptedRef = useRef(false);
+
+  // Auto-redirect to OpenID provider if enabled
+  // This is controlled by the OPENID_AUTO_REDIRECT environment variable
+  // When enabled, users will be automatically redirected to the OpenID provider
+  // without seeing the login form at all
+  useEffect(() => {
+    // Simple check if redirect is needed and not yet attempted
+    if (
+      !redirectAttemptedRef.current &&
+      startupConfig?.openidLoginEnabled &&
+      startupConfig?.openidAutoRedirect &&
+      startupConfig?.serverDomain
+    ) {
+      // Mark that we've attempted to redirect
+      redirectAttemptedRef.current = true;
+
+      // Log and redirect
+      console.log('Auto-redirecting to OpenID provider...');
+      window.location.href = `${startupConfig.serverDomain}/oauth/openid`;
+    }
+  }, [startupConfig]);
+
 
   return (
     <>

diff --git a/packages/data-provider/src/config.ts b/packages/data-provider/src/config.ts
@@ -487,6 +487,7 @@ export type TStartupConfig = {
   appleLoginEnabled: boolean;
   openidLabel: string;
   openidImageUrl: string;
+  openidAutoRedirect: boolean;
   /** LDAP Auth Configuration */
   ldap?: {
     /** LDAP enabled */