-
-
Notifications
You must be signed in to change notification settings - Fork 32
OIDC and Social Logins
By default, Gaseous Server uses password-based authentication. From version 2.0 onward you can enable stronger options: Two-Factor Authentication (2FA) and OAuth2 / OIDC based sign‑in.
Recommended when using password (non-OIDC) authentication on an internet-facing server.
Steps:
- Click your avatar (top right).
- Choose Profile and Account.
- Open Two Factor Authentication.
- Click Enable 2FA.
- Scan the displayed QR code with an authenticator app.
- Enter the generated code and click Confirm.
- Close the dialog.
Supported providers:
- Microsoft
- Custom OIDC (authority + client credentials)
You may enable any combination. A user record is created automatically on first successful login. If multiple providers return the same verified email, the user can sign in with any of them.
Note: Provider-specific setup (e.g. creating client IDs/secrets) is not covered here.
Configure these settings under the SocialAuthConfiguration section (or via environment variables):
| Config Setting | Env Var | Description / Value |
|---|---|---|
| PasswordLoginEnabled | passwordloginenabled | Enable/disable password login (true/false). |
| GoogleClientId | googleclientid | Google OAuth2 client ID. |
| GoogleClientSecret | googleclientsecret | Google OAuth2 client secret. |
| MicrosoftClientId | microsoftclientid | Microsoft application (client) ID. |
| MicrosoftClientSecret | microsoftclientsecret | Microsoft client secret. |
| OIDCAuthority | oidcauthority | Base authority URL (e.g. https://id.example.com). |
| OIDCClientId | oidcclientid | OIDC client ID. |
| OIDCClientSecret | oidcclientsecret | OIDC client secret. |
Important: Any enabled OAuth2 / OIDC provider will create a local account on successful authorization. Restrict provider access (e.g. allowed domains, tenant restrictions) to prevent unwanted account creation.