starred/MediaManager
1
0
Fork 0
mirror of https://github.com/maxdorninger/MediaManager.git synced 2026-04-23 17:28:42 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
31874aeb318547cd8785e81f2880dfbfe4bd83a5
MediaManager/Writerside/topics/authentication-setup.md

4.0 KiB
Raw Blame History

Authentication

MediaManager supports multiple authentication methods. Email/password authentication is the default, but you can also enable OpenID Connect (OAuth 2.0) for integration with external identity providers.

Note the lack of a trailing slash in some env vars like FRONTEND_URL. This is important.
Variable Description Default Example Required
AUTH_TOKEN_SECRET Strong secret key for signing JWTs (create with openssl rand -hex 32). - AUTH_TOKEN_SECRET=your_super_secret_key Yes
AUTH_SESSION_LIFETIME Lifetime of user sessions in seconds. 86400 (1 day) AUTH_SESSION_LIFETIME=604800 (1 week) No
AUTH_ADMIN_EMAIL A list of email address of the administrator accounts. - AUTH_ADMIN_EMAIL=admin@example.com Yes
FRONTEND_URL The url the frontend will be accessed from. - https://mediamanager.example Yes
On login/registration, every user whose email is in AUTH_ADMIN_EMAIL will be granted admin privileges. Users whose email is not in AUTH_ADMIN_EMAIL will be regular users and will need to be verified by an administrator, this can be done in the settings page.

OpenID Connect (OAuth 2.0)

Variable Description Default Example
OPENID_ENABLED Enables OpenID authentication FALSE TRUE
OPENID_CLIENT_ID Client ID from your OpenID provider. - -
OPENID_CLIENT_SECRET Client Secret from your OpenID provider. - -
OPENID_CONFIGURATION_ENDPOINT URL of your OpenID provider's discovery document (e.g., .../.well-known/openid-configuration). - https://authentik.example.com/application/o/mediamanager/.well-known/openid-configuration
OPENID_NAME Display name for this OpenID provider. OpenID Authentik

Configuring OpenID Connect

  1. Set OPENID_ENABLED=TRUE

  2. Configure the following environment variables:

    • OPENID_CLIENT_ID
    • OPENID_CLIENT_SECRET
    • OPENID_CONFIGURATION_ENDPOINT
    • OPENID_NAME (optional)
    • FRONTEND_URL (it is important that this is set correctly, as it is used for the redirect URIs)

  3. Your OpenID server will likely want a redirect URI. This URL will be like: {FRONTEND_URL}/api/v1/auth/cookie/{OPENID_NAME}/callback. The exact path depends on the OPENID_NAME.

  4. Example URL: https://mediamanager.example/api/v1/auth/cookie/Authentik/callback

Reference in New Issue View Git Blame Copy Permalink