starred/MediaManager
1
0
Fork 0
mirror of https://github.com/maxdorninger/MediaManager.git synced 2026-04-19 05:54:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d9c6f2d068b4bb582d8aad6ff8a5e7a9ebebb53d
MediaManager/Writerside/topics/authentication-setup.md

71 lines
2.2 KiB
Markdown
Raw Blame History

# Authentication
MediaManager supports multiple authentication methods. Email/password authentication is the default, but you can also enable OpenID Connect (OAuth 2.0) for integration with external identity providers.
All authentication settings are configured in the `[auth]` section of your `config.toml` file.
## General Authentication Settings (`[auth]`)
- `token_secret`
Strong secret key for signing JWTs (create with `openssl rand -hex 32`). This is a required field.
- `session_lifetime`
Lifetime of user sessions in seconds. Default is `86400` (1 day).
- `admin_emails`
A list of email addresses for administrator accounts. This is a required field.
- `email_password_resets`
Toggle for enabling password resets via email. If users request a password reset because they forgot their password, they will be sent an email with a link to reset it. Default is `false`.
<note>
To use email password resets, you must also configure SMTP settings in the <code>[notifications.smtp_config]</code> section.
</note>
## OpenID Connect Settings (`[auth.openid_connect]`)
OpenID Connect allows you to integrate with external identity providers like Google, Microsoft Azure AD, Keycloak, or any other OIDC-compliant provider.
- `enabled`
Set to `true` to enable OpenID Connect authentication. Default is `false`.
- `client_id`
Client ID provided by your OpenID Connect provider.
- `client_secret`
Client secret provided by your OpenID Connect provider.
- `configuration_endpoint`
OpenID Connect configuration endpoint URL. Note the lack of a trailing slash - this is important.
- `name`
Display name for the OpenID Connect provider that will be shown on the login page.
## Example Configuration
Here's a complete example of the authentication section in your `config.toml`:
```toml
[auth]
token_secret = "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6"
session_lifetime = 604800 # 1 week
admin_emails = ["admin@example.com", "manager@example.com"]
email_password_resets = true
[auth.openid_connect]
enabled = true
client_id = "mediamanager-client"
client_secret = "your-secret-key-here"
configuration_endpoint = "https://auth.example.com/.well-known/openid-configuration"
name = "Authentik"
```
Reference in New Issue View Git Blame Copy Permalink