3pp-mirror/rallly
1
0
Fork 0
mirror of https://github.com/lukevella/rallly.git synced 2025-06-08 13:41:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

📝 Update SSO docs

Browse source
This commit is contained in:
Luke Vella 2023-11-26 13:08:42 +07:00
parent f7c8e8269b
commit 183ab09daa
6 changed files with 75 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

9
apps/docs/mint.json
View file

@ -62,11 +62,14 @@
{ {
"icon": "bolt", "icon": "bolt",
"group": "Get Started", "group": "Get Started",
"pages": ["self-hosting/docker-compose"] "pages": [
"self-hosting/docker-compose",
"self-hosting/single-sign-on",
"self-hosting/configuration-options"
]
}, },
"self-hosting/pricing", "self-hosting/pricing",
"self-hosting/managed-hosting", "self-hosting/managed-hosting"
"self-hosting/configuration-options"
] ]
}, },
{ {

46
apps/docs/self-hosting/configuration-options.mdx
View file

@ -69,48 +69,6 @@ These variables need to be configured to let Rallly send out transactional email
Enable TLS for your SMTP connection Enable TLS for your SMTP connection
</ParamField> </ParamField>
### Single Sign On (SSO) with OpenID Connect (OIDC) ### Single Sign On (SSO)
To enable SSO with an OIDC compliant identity provider you will need to configure the following variables. Go to [Single Sign On](/self-hosting/sso) for information on how to configure SSO.
<ParamField path="OIDC_ENABLED">
Must be set to `true` to enable OIDC Login
</ParamField>
<ParamField path="OIDC_NAME" default="OpenID Connect">
The user-facing name of your provider as it will be shown on the login page
</ParamField>
<ParamField path="OIDC_DISCOVERY_URL">
URL of the `.well-known/openid-configuration` endpoint for your OIDC provider
</ParamField>
<ParamField path="OIDC_CLIENT_ID">
The client ID of your OIDC application
</ParamField>
<ParamField path="OIDC_CLIENT_SECRET">
The client secret of your OIDC application
</ParamField>
#### Required Scopes
The following scopes are required for OIDC to function properly.
- `openid`: Essential for OIDC to function, used to perform authentication.
- `profile`: Access to the user's personal information such as name and picture.
- `email`: Access to the user's email address.
#### Callback URL / Redirect URI
The callback URL for your OIDC application must be set to:
```
{NEXT_PUBLIC_BASE_URL}/api/auth/callback/oidc
```
<Info>
Replace `{NEXT_PUBLIC_BASE_URL}` with the base URL of your Rallly instance.
</Info>
Ensure this URL is added to the list of allowed redirect URIs in your OIDC provider's application settings.

62
apps/docs/self-hosting/single-sign-on.mdx Normal file
View file

@ -0,0 +1,62 @@
---
icon: key
title: Single Sign On (SSO)
description: How to use your own identity provider
---
<Info>Available in v3.4.0 and later.</Info>
<Warning>
#### Account Linking
Accounts using the same email are linked together. This assumes
that you are using a trusted identity provider that uses verified email
addresses.
</Warning>
## OpenID Connect (OIDC)
If your identity provider supports OAuth 2.0 based authentication with OpenID Connect (OIDC), you can use it to authenticate users on your Rallly instance.
### Required Scopes
Your OAuth 2.0 application needs to be configured with the following scopes:
- `openid`: Essential for OIDC to function, used to perform authentication.
- `profile`: Access to the user's personal information such as name and picture.
- `email`: Access to the user's email address.
### Callback URL / Redirect URI
Your identity provider will redirect the user back to the following URL:
```
{BASE_URL}/api/auth/callback/oidc
```
<Info>
Replace `{BASE_URL}` with the base URL of your Rallly instance and add it to
the list of allowed redirect URIs.
</Info>
### Configuration
The following configuration options are available for OIDC.
All required fields must be set for OIDC to be enabled.
<ParamField path="OIDC_NAME" default="OpenID Connect">
The user-facing name of your provider as it will be shown on the login page
</ParamField>
<ParamField path="OIDC_DISCOVERY_URL" required>
URL of the `.well-known/openid-configuration` endpoint for your OIDC provider
</ParamField>
<ParamField path="OIDC_CLIENT_ID" required>
The client ID of your OIDC application
</ParamField>
<ParamField path="OIDC_CLIENT_SECRET" required>
The client secret of your OIDC application
</ParamField>

4
apps/web/declarations/environment.d.ts vendored
View file

@ -64,10 +64,6 @@ declare global {
* Determines what email provider to use. "smtp" or "ses" * Determines what email provider to use. "smtp" or "ses"
*/ */
EMAIL_PROVIDER?: "smtp" | "ses"; EMAIL_PROVIDER?: "smtp" | "ses";
/**
* Set to "true" to enable OIDC authentication
*/
OIDC_ENABLED?: string;
/** /**
* Name of the oidc provider * Name of the oidc provider
*/ */

6
apps/web/src/utils/constants.ts
View file

@ -13,6 +13,10 @@ export const monthlyPriceUsd = 7;
export const annualPriceUsd = 42; export const annualPriceUsd = 42;
export const appVersion = process.env.NEXT_PUBLIC_APP_VERSION; export const appVersion = process.env.NEXT_PUBLIC_APP_VERSION;
export const isOIDCEnabled = process.env.OIDC_ENABLED === "true"; export const isOIDCEnabled = Boolean(
process.env.OIDC_DISCOVERY_URL &&
process.env.OIDC_CLIENT_ID &&
process.env.OIDC_CLIENT_SECRET,
);
export const oidcName = process.env.OIDC_NAME ?? "OpenID Connect"; export const oidcName = process.env.OIDC_NAME ?? "OpenID Connect";

1
turbo.json
View file

@ -85,7 +85,6 @@
"NEXT_PUBLIC_VERCEL_URL", "NEXT_PUBLIC_VERCEL_URL",
"NODE_ENV", "NODE_ENV",
"NOREPLY_EMAIL", "NOREPLY_EMAIL",
"OIDC_ENABLED",
"OIDC_NAME", "OIDC_NAME",
"OIDC_DISCOVERY_URL", "OIDC_DISCOVERY_URL",
"OIDC_CLIENT_ID", "OIDC_CLIENT_ID",