Support Custom Proxy Authentication Headers #765
Description
Add support for custom authentication headers in the OpenCloud client to enable authentication through reverse proxies with header-based SSO, similar to how Immich implements this feature (Very well described here).
Problem
Many homelabbers expose services through reverse proxies with SSO (Tailscale, Pangolin, Authelia, Authentik, Cloudflare Access). These proxies handle authentication and pass user information via custom HTTP headers.
Current Issue: The desktop client cannot authenticate through these proxies because:
- I think it uses hardcoded OIDC client IDs that get intercepted by proxy SSO
- No option exists to inject custom authentication headers
- Users must disable SSO or adjust IP restrictions to make execptions for the clients
Proposed Solution
Add configuration option to set for custom HTTP headers, similar to Immich
OpenCloud is extremely attractive to homelabbers due to its modern architecture and performance. However, lack of proxy header support in the clients is a significant adoption barrier.