|
| 1 | +--- |
| 2 | +title: OIDC Configuration |
| 3 | +description: How to configure OIDC |
| 4 | +--- |
| 5 | + |
| 6 | +import { Steps, Callout } from "nextra/components"; |
| 7 | + |
| 8 | +<Callout type="warning"> |
| 9 | + **Warning:** With the actual implementation of the OIDC provider, GitHub login |
| 10 | + provider will be disabled. |
| 11 | +</Callout> |
| 12 | + |
| 13 | +If you want to use OAuth/OIDC, please follow the instructions below. |
| 14 | + |
| 15 | +We will use [Authentik](https://goauthentik.io/) as an OIDC provider example, with base URL `https://authentik.example.com` |
| 16 | + |
| 17 | +<Steps> |
| 18 | + |
| 19 | +### Create an Application/Provider on the Authentik side |
| 20 | + |
| 21 | +You will find the following important information: |
| 22 | + |
| 23 | +- `client_id` => `randomclientid` |
| 24 | + |
| 25 | +- `client_secret` => `randomclientsecret` |
| 26 | + |
| 27 | +- `auth_url` => `https://authentik.example.com/application/o/authorize/` |
| 28 | + |
| 29 | +- `token_url` => `https://authentik.example.com/application/o/token/` |
| 30 | + |
| 31 | +- `userinfo_url`=> `https://authentik.example.com/application/o/userinfo/` |
| 32 | + |
| 33 | +**Note**: the same information needs to be configured on other OIDC providers such as Keycloak, Dex, etc. |
| 34 | + |
| 35 | +### `POSTIZ_GENERIC_OAUTH` |
| 36 | + |
| 37 | +eg: `POSTIZ_GENERIC_OAUTH="true"` |
| 38 | + |
| 39 | +Set to `true` to enable OIDC login. |
| 40 | + |
| 41 | +### `NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME` |
| 42 | + |
| 43 | +eg: `Authentik` |
| 44 | + |
| 45 | +Will display the name of the OIDC provider on the login page. |
| 46 | + |
| 47 | +### `NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL` |
| 48 | + |
| 49 | +eg: `https://raw.githubusercontent.com/walkxcode/dashboard-icons/master/png/authentik.png` |
| 50 | + |
| 51 | +Will display the logo of the OIDC provider on the login page button. |
| 52 | + |
| 53 | +### `POSTIZ_OAUTH_URL` |
| 54 | + |
| 55 | +eg: `https://authentik.example.com` |
| 56 | + |
| 57 | +The base URL of the OIDC provider. |
| 58 | + |
| 59 | +### `POSTIZ_OAUTH_AUTH_URL` |
| 60 | + |
| 61 | +eg: `https://authentik.example.com/application/o/authorize/` |
| 62 | + |
| 63 | +The authorization URL of the OIDC provider. |
| 64 | + |
| 65 | +### `POSTIZ_OAUTH_TOKEN_URL` |
| 66 | + |
| 67 | +eg: `https://authentik.example.com/application/o/token/` |
| 68 | + |
| 69 | +The token URL of the OIDC provider. |
| 70 | + |
| 71 | +### `POSTIZ_OAUTH_USERINFO_URL` |
| 72 | + |
| 73 | +eg: `https://authentik.example.com/application/o/userinfo/` |
| 74 | + |
| 75 | +The userinfo URL of the OIDC provider. |
| 76 | + |
| 77 | +### `POSTIZ_OAUTH_CLIENT_ID` |
| 78 | + |
| 79 | +eg: `randomclientid` |
| 80 | + |
| 81 | +The client ID of the OIDC provider. |
| 82 | + |
| 83 | +### `POSTIZ_OAUTH_CLIENT_SECRET` |
| 84 | + |
| 85 | +eg: `randomclientsecret` |
| 86 | + |
| 87 | +The client secret of the OIDC provider. |
| 88 | + |
| 89 | +</Steps> |
0 commit comments