Add Entra ID (formerly Azure AD) SSO Capability for Kutt

[jchurchward]

I am requesting the implementation of Entra ID (formerly Azure AD) Single Sign-On (SSO) capability for Kutt. This feature would enhance the user experience by allowing seamless and secure authentication through credentials managed in Entra ID.

Benefits:

• Enhanced Security: Utilising Entra ID enables integration with advanced security features like multi-factor authentication (MFA), conditional access, and compliance with enterprise security policies.
• Streamlined User Experience: Users can log in using their existing Entra ID credentials, reducing the need for separate usernames and passwords.
  Centralised Identity Management: Ability to manage user access, permissions, and de-provisioning through a single platform, simplifying administration.

For reference, Pingvin-Share implements a similar approach. In their setup, users and admins log in using Entra ID (formerly Azure AD) SSO, while all shared files remain accessible anonymously. This model closely aligns with the functionality being proposed.
You can explore their implementation here: Pingvin-Share GitHub Repository.

[chrislawso]

The user experience would be further enhanced by supporting OAuth 2.0 and/or OIDC, and not limiting to credentials managed in Entra ID.

If you search the issues you can find there was an old post with work and forks done to provide OIDC #367 and [poeti8] was "not interested." Here is one of the kutt forks with OIDC by @rophy https://github.com/rophy/kutt

The Pingvin-Share docs https://stonith404.github.io/pingvin-share/setup/oauth2login identify multiple Built-in OAuth 2 Providers.

Kutt v3.x with OIDC would be great.