ioBroker · GermanBluefox · Jun 16, 2025 · May 14, 2025 · May 14, 2025 · foxriver76
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -33,6 +33,8 @@
   "main": "build/index.js",
   "types": "build/index.d.ts",
   "dependencies": {
+    "jsonwebtoken": "^9.0.2",
+    "jwks-rsa": "^3.2.0",
     "oauth2-server": "^3.1.1"
   },
   "overrides_comment": "We override type-is as is conflicting with body-parser",

diff --git a/src/lib/oauth2-model.ts b/src/lib/oauth2-model.ts
@@ -11,6 +11,7 @@ import {
 } from 'oauth2-server';
 
 import type { NextFunction, Request, Response } from 'express';
+import { SSO_PASSWORD } from './utils';
 
 // We must save both tokens, as by logout we must revoke both
 export interface InternalStorageToken {
@@ -97,6 +98,7 @@ export class OAuth2Model implements RefreshTokenModel {
 
     authorize = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
         const _req: Request & { user?: string } = req;
+
         // Check if the user is logged in
         if (!_req.user) {
             // If authenticated by token in query like /blabla?token=ACCESS_TOKEN
@@ -188,6 +190,13 @@ export class OAuth2Model implements RefreshTokenModel {
      * Get user.
      */
     getUser = async (username: string, password: string): Promise<User | Falsey> => {
+        if (password === SSO_PASSWORD) {
+            this.adapter.log.debug(`SSO login as ${username}`);
+            return {
+                id: username,
+            };
+        }
+
         const now = Date.now();
         if (this.bruteForce[username]?.errors > 4) {
             let minutes = now - this.bruteForce[username].time;