3pp-mirror/rallly
1
0
Fork 0
mirror of https://github.com/lukevella/rallly.git synced 2025-04-29 02:06:34 +02:00
Code Issues Projects Releases Packages Wiki Activity
rallly/apps/docs/self-hosting/single-sign-on.mdx
Luke Vella 104d214d2e
️ Add support for custom claim paths (#1197) 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2024-07-05 08:03:10 +00:00

72 lines
2.1 KiB
Text
Raw Permalink Blame History

---
icon: key
title: Single Sign On (SSO)
description: How to use your own identity provider
---
<Info>Available in v3.4.0 and later.</Info>
<Warning>
Accounts using the same email are linked together. This assumes that you are
using a trusted identity provider that uses verified email addresses.
</Warning>
## OpenID Connect (OIDC)
If your identity provider supports OAuth 2.0 based authentication with OpenID Connect (OIDC), you can use it to authenticate users on your Rallly instance.
### Required Scopes
Your OAuth 2.0 application needs to be configured with the following scopes:
- `openid`: Essential for OIDC to function, used to perform authentication.
- `profile`: Access to the user's personal information such as name and picture.
- `email`: Access to the user's email address.
### Callback URL / Redirect URI
Your identity provider should redirect the user back to the following URL:
```
{BASE_URL}/api/auth/callback/oidc
```
<Info>
Replace `{BASE_URL}` with the base URL of your Rallly instance and add it to
the list of allowed redirect URIs.
</Info>
### Configuration
The following configuration options are available for OIDC.
All required fields must be set for OIDC to be enabled.
<ParamField path="OIDC_NAME" default="OpenID Connect">
The display name of your provider as it will be shown on the login page
</ParamField>
<ParamField path="OIDC_DISCOVERY_URL" required>
URL of the `.well-known/openid-configuration` endpoint for your OIDC provider
</ParamField>
<ParamField path="OIDC_CLIENT_ID" required>
The client ID of your OIDC application
</ParamField>
<ParamField path="OIDC_CLIENT_SECRET" required>
The client secret of your OIDC application
</ParamField>
<ParamField path="OIDC_NAME_CLAIM_PATH" default="name">
The path to the claim that contains the user's name
</ParamField>
<ParamField path="OIDC_EMAIL_CLAIM_PATH" default="email">
The path to the claim that contains the user's email address
</ParamField>
<ParamField path="OIDC_PICTURE_CLAIM_PATH" default="picture">
The path to the claim that contains the user's profile picture
</ParamField>
<Info>Use dot notation in `_CLAIM_PATH` fields to access nested objects.</Info>
Reference in a new issue View git blame Copy permalink