starred/MediaManager
1
0
Fork 0
mirror of https://github.com/maxdorninger/MediaManager.git synced 2026-04-20 15:55:42 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
626aa85d483081dcd317a24cbec70054b1e2330a
MediaManager/Writerside/topics/authentication-setup.md
maxDorninger 626aa85d48 add docs
2025-05-30 22:40:14 +02:00

3.9 KiB
Raw Blame History

Authentication

MediaManager supports multiple authentication methods. Email/password authentication is the default, but you can also enable OpenID Connect (OAuth 2.0) for integration with external identity providers.

Note the lack of a trailing slash in some env vars like FRONTEND_URL. This is important.
Variable Description Default Example Required
AUTH_TOKEN_SECRET Strong secret key for signing JWTs (create with openssl rand -hex 32). - AUTH_TOKEN_SECRET=your_super_secret_key Yes
AUTH_SESSION_LIFETIME Lifetime of user sessions in seconds. 86400 (1 day) AUTH_SESSION_LIFETIME=604800 (1 week) No
AUTH_ADMIN_EMAIL Email address of the administrator accounts. - AUTH_ADMIN_EMAIL=admin@example.com Yes
FRONTEND_URL The url the frontend will be accessed from. - https://mediamanager.example Yes
On login/registration, every user whose email is in `AUTH_ADMIN_EMAIL` will be granted admin privileges. Users whose email is not in `AUTH_ADMIN_EMAIL` will be regular users and will need to be verified by an administrator, this can be done in the settings page. ## OpenID Connect (OAuth 2.0)
Variable Description Default Example
OPENID_ENABLED Enables OpenID authentication FALSE TRUE
OPENID_CLIENT_ID Client ID from your OpenID provider. - -
OPENID_CLIENT_SECRET Client Secret from your OpenID provider. - -
OPENID_CONFIGURATION_ENDPOINT URL of your OpenID provider's discovery document (e.g., .../.well-known/openid-configuration). - https://authentik.example.com/application/o/mediamanager/.well-known/openid-configuration
OPENID_NAME Display name for this OpenID provider. OpenID Authentik

Configuring OpenID Connect

  1. Set OPENID_ENABLED=TRUE

  2. Configure the following environment variables:

    • OPENID_CLIENT_ID
    • OPENID_CLIENT_SECRET
    • OPENID_CONFIGURATION_ENDPOINT
    • OPENID_NAME (optional)
    • FRONTEND_URL (it is important that this is set correctly, as it is used for the redirect URIs)

  3. Your OpenID server will likely want a redirect URI. This URL will be like: {FRONTEND_URL}/api/v1/auth/cookie/{OPENID_NAME}/callback. The exact path depends on the OPENID_NAME.

  4. Example URL: https://mediamanager.example/api/v1/auth/cookie/Authentik/callback

Reference in New Issue View Git Blame Copy Permalink