Sync-in Server 2.0: File-sharing platform now supports OpenID Connect
The self-hosted file-sharing platform Sync-in receives support for OpenID Connect with version 2.0. This facilitates integration into corporate IT.
(Image: Noom_Studio/Shutterstock.com)
The open-source project Sync-in has released version 2.0 of its server software. With the update, OpenID Connect (OIDC) is available for the first time as an authentication method. According to the developers, the feature was the community's most requested feature.
Sync-in Server is software for file storage, sharing, and collaboration under an AGPL-3.0 license. It is aimed at users who want to host their data themselves and offers features such as spaces with granular rights management, OnlyOffice integration, and WebDAV support. With OIDC integration, administrators can now connect the server to existing authentication systems in cloud and enterprise environments.
New authentication architecture for desktop clients
For version 2.0, the development team has revised the entire authentication architecture. Desktop and CLI clients can now register via OIDC, which significantly simplifies setup. The new function registerWithAuth allows registration from external processes. Additionally, the system now supports OTP recovery codes during client registration as a fallback for two-factor authentication.
Videos by heise
LDAP support has also been expanded. Sync-in 2.0 brings service bind support, admin break-glass access, and optimized search functions. New is the option to automatically create users and permissions from LDAP directories. The configuration allows for both DN and CN handling for administrator groups.
Breaking changes require configuration adjustments
When updating to version 2.0, administrators must adjust the configuration. The authentication configuration has been renamed: method becomes provider in AuthConfig, and authMethod is now called authProvider. For LDAP configurations, the adminGroup parameter moves to the options section. These breaking changes are necessary to make the new authentication architecture consistent.
The developers have also improved configuration validation. Error messages for invalid environment variables are now more informative. For production use, JSON logging can be enabled, which improves observability in monitoring systems such as the ELK stack.
UI improvements and WebDAV bug fixes
In addition to authentication functions, version 2.0 also brings user interface improvements. The widget for recently used files has been redesigned. File renaming is now validated when leaving the input field. The developers have also revised the badge design and color scheme and optimized error handling for server connection problems.
Two critical errors have been fixed in the WebDAV area: lock paths are now correctly decoded in HTTP headers, and the HTTP status line complies with standards. These fixes resolve interoperability issues with various WebDAV clients.
The project can still be set up via Docker or npm. The npm version has been available since version 1.3.0 with the CLI tool sync-in-server. The developers do not specify specific hardware recommendations for enterprise setups. The complete changelog is available on GitHub.
(fo)
