Is your feature request related to a problem? Please describe.
When running Hatchet in a self-hosted setup, there’s no native OIDC support for authentication. This makes it hard to plug into an existing SSO flow and we end up relying on basic auth or external proxies, which adds extra moving parts and doesn’t feel like a clean or secure long-term solution.
Describe the solution you'd like
It would be great to have built-in OIDC support for self-hosted instances so we can connect directly to providers like PocketID, Keycloak, etc.
Describe alternatives you've considered
I’ve tried putting an OIDC-enabled reverse proxy (e.g. oauth2-proxy / Traefik forward auth) in front of Hatchet. It works, but it increases operational complexity and feels like a workaround rather than a proper solution.
Is your feature request related to a problem? Please describe.
When running Hatchet in a self-hosted setup, there’s no native OIDC support for authentication. This makes it hard to plug into an existing SSO flow and we end up relying on basic auth or external proxies, which adds extra moving parts and doesn’t feel like a clean or secure long-term solution.
Describe the solution you'd like
It would be great to have built-in OIDC support for self-hosted instances so we can connect directly to providers like PocketID, Keycloak, etc.
Describe alternatives you've considered
I’ve tried putting an OIDC-enabled reverse proxy (e.g. oauth2-proxy / Traefik forward auth) in front of Hatchet. It works, but it increases operational complexity and feels like a workaround rather than a proper solution.