External authentication support for self-hosted Feeds Fun

We'd like to share that Feeds Fun now supports authentication via external services.

We moved away from the SuperTokens-coupled approach because it was too restrictive and resulted in vendor lock-in.

That means Feeds Fun should be much easier to self-host in multi-user mode. Simply put, you only need to pass two headers from your authentication proxy to the Feeds Fun backend — and you're good to go.

Single-user mode is still supported as well and does not require any authentication setup at all.

Check an example of a multi-user setup in our repo.

It is as easy as running these two steps:

# Step 1 — add custom domains to /etc/hosts

# Add the following lines to /etc/hosts (remove leading #):
# 127.0.0.1 feeds.fun.local
# 127.0.0.1 idp.feeds.fun.local

# Step 2 — clone the repository and start the services

git clone git@github.com:Tiendil/feeds.fun.git
cd ./feeds.fun/docs/examples/multi-user
docker compose up -d

# Go to https://feeds.fun.local/ to access the web interface.

The example uses:

• Keycloak as the Identity Provider.
• OAuth2-Proxy as the authentication proxy that sits between Feeds Fun and Keycloak.
• Caddy as the reverse proxy in front of everything.

However, any popular authentication solution should work fine, as long as it can pass the headers to the Feeds Fun backend and return HTTP 401 for unauthenticated requests to the frontend.

Please let us know if you try it out!

We also appreciate any feedback on the Feeds Fun configuration and pull requests with improvements to examples.

Stay Connected

• Site: feeds.fun
• Reddit: r/feedsfun
• Discord: Feeds Fun
• Repository: github.com/Tiendil/feeds.fun
• Roadmap: Roadmap
• Full changelog: CHANGELOG.md