Drop-OSS/archived-drop-docs
1
0
Fork 0
mirror of https://github.com/Drop-OSS/drop-docs.git synced 2026-01-30 20:55:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
908251ef7543b618daabd56f95f57a1de8cbd8a4
archived-drop-docs/versioned_docs/version-0.3.0/authentication/oidc.md
DecDuck 908251ef75 Update oidc.md
2025-08-02 17:31:52 +10:00

2.0 KiB
Raw Blame History

OpenID Connect

OpenID Connect is a OAuth2 extension support by most identity providers.

Configure OpenID Connect

To configure OIDC, you must set the following environment variables:

Variable Usage
OIDC_CLIENT_ID Client ID from your identity provider.
OIDC_CLIENT_SECRET Client secret from your identity provider.
OIDC_ADMIN_GROUP Grant admin to users with this group configured in your identity provider. Tested with Authentik.
DISABLE_SIMPLE_AUTH (optional) Disable simple auth
OIDC_USERNAME_CLAIM (optional) Change the field that Drop pulls the username claim from. Users are merged based on their usernames

And then, you must configure either:

OIDC_WELLKNOWN: A unprotected endpoint that returns a OIDC well-known JSON. Fetched on startup.

Individual endpoints:

Variable Usage
OIDC_AUTHORIZATION Authorization endpoint. Usually ends with authorize.
OIDC_TOKEN Token endpoint. Usually ends with token.
OIDC_USERINFO Userinfo endpoint. Usually ends with userinfo.
OIDC_SCOPES Comma separated list of scopes. Requires, at least, openid and email.

Redirect URL

Drop uses the EXTERNAL_URL environment variable to create the callback URL: $EXTERNAL_URL/auth/callback/oidc.