Files
drop-docs/docs/authentication/oidc.md
T
2025-05-25 18:29:46 +10:00

1.8 KiB

OpenID Connect

OpenID Connect is a OAuth2 extension support by most identity providers.

Configure OpenID Connect

To configure OIDC, you must set the following environment variables:

Variable Usage
OIDC_CLIENT_ID Client ID from your identity provider.
OIDC_CLIENT_SECRET Client secret from your identity provider.
OIDC_ADMIN_GROUP Grant admin to users with this group configured in your identity provider. Tested with Authentik.
DISABLE_SIMPLE_AUTH (optional) Disable simple auth

And then, you must configure either:

OIDC_WELLKNOWN: A unprotected endpoint that returns a OIDC well-known JSON. Fetched on startup.


Individual endpoints:

Variable Usage
OIDC_AUTHORIZATION Authorization endpoint. Usually ends with authorize.
OIDC_TOKEN Token endpoint. Usually ends with token.
OIDC_USERINFO Userinfo endpoint. Usually ends with userinfo.
OIDC_SCOPES Comma separated list of scopes. Requires, at least, openid and email.