OpenID Connect login (SSO)

After #33 is done, Wakapi supports external authentication providers via OpenID Connect (OIDC). This way, users can benefit from single sign-on (SSO) and won't have to create a local account using e-mail address and password. Authentication is entirely delegated to the upstream provider. OIDC can be used for login and signup, that is, for new users, a new Wakapi account will be created upon first login.

Setup

You can configure one or more via the YAML configuration file or using environment variables. Follow the respective provider's instructions to get client ID and -secret. When you register your Wakapi instance as a new application with the provider, make sure to apply these settings:

Scopes: openid, profile, email
Redirect URL: https://<your-wakapi-instance>/oidc/<provider>/callback
- Note: The <provider> is the name of the provider in your config, e.g. gitlab, google, ...

Config example

# ...
security:
  # ...
  oidc:
    - name: codeberg
      display_name: Codeberg
      client_id: <your oauth2 client id>
      client_secret: <your oauth2 client secret>
      endpoint: https://codeberg.org
# ...

Providers

Here's a list of common providers including links to their documentation and OIDC base endpoints.

Note: While GitHub supports OAuth 2.0 in general, it unfortunately does not support acting as an OpenID Connect provider.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

OpenID Connect login (SSO)

Setup

Config example

Providers

Codeberg

GitLab

Google

Microsoft Entra

Okta

Authentik (self-hosted)

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally