Skip to content

authentication.mdx

Latest commit

 

History

History
118 lines (76 loc) · 4.56 KB

authentication.mdx

File metadata and controls

118 lines (76 loc) · 4.56 KB
title Authentication
sidebarTitle Authentication

Make sure the AUTH_URL environment variable is configured correctly when using Sourcebot behind a domain.

Sourcebot has built-in authentication that gates access to your organization. OAuth, email codes, and email / password are supported.

The first account that's registered on a Sourcebot deployment is made the owner. All other users who register must be approved by the owner.

Login Page

Approving New Members

All account registrations after the first account must be approved by the owner. The owner can see all join requests by going into Settings -> Members.

If you have an enterprise license, you can enable AUTH_EE_ENABLE_JIT_PROVISIONING to have Sourcebot accounts automatically created and approved on registration.

You can setup emails to be sent when new join requests are created/approved by configurating transactional emails

Authentication Providers

To enable an authentication provider in Sourcebot, configure the required environment variables for the provider. Under the hood, Sourcebot uses Auth.js which supports many providers. Submit a feature request on GitHub if you want us to add support for a specific provider.

Core Authentication Providers

Email / Password

Email / password authentication is enabled by default. It can be disabled by setting AUTH_CREDENTIALS_LOGIN_ENABLED to false.

Email codes

Email codes are 6 digit codes sent to a provided email. Email codes are enabled when transactional emails are configured using the following environment variables:

  • AUTH_EMAIL_CODE_LOGIN_ENABLED
  • SMTP_CONNECTION_URL
  • EMAIL_FROM_ADDRESS

See transactional emails for more details.

Enterprise Authentication Providers

The following authentication providers require an enterprise license to be enabled.

By default, a new user registering using these providers must have their join request accepted by the owner of the organization to join. To allow a user to join automatically when they register for the first time, set the AUTH_EE_ENABLE_JIT_PROVISIONING environment variable to true.

GitHub

Auth.js GitHub Provider Docs

Required environment variables:

  • AUTH_EE_GITHUB_CLIENT_ID
  • AUTH_EE_GITHUB_CLIENT_SECRET

Optional environment variables:

GitLab

Auth.js GitLab Provider Docs

Required environment variables:

  • AUTH_EE_GITLAB_CLIENT_ID
  • AUTH_EE_GITLAB_CLIENT_SECRET

Optional environment variables:

Google

Auth.js Google Provider Docs

Required environment variables:

  • AUTH_EE_GOOGLE_CLIENT_ID
  • AUTH_EE_GOOGLE_CLIENT_SECRET

Okta

Auth.js Okta Provider Docs

Required environment variables:

  • AUTH_EE_OKTA_CLIENT_ID
  • AUTH_EE_OKTA_CLIENT_SECRET
  • AUTH_EE_OKTA_ISSUER

Keycloak

Auth.js Keycloak Provider Docs

Required environment variables:

  • AUTH_EE_KEYCLOAK_CLIENT_ID
  • AUTH_EE_KEYCLOAK_CLIENT_SECRET
  • AUTH_EE_KEYCLOAK_ISSUER

Microsoft Entra ID

Auth.js Microsoft Entra ID Provider Docs

Required environment variables:

  • AUTH_EE_MICROSOFT_ENTRA_ID_CLIENT_ID
  • AUTH_EE_MICROSOFT_ENTRA_ID_CLIENT_SECRET
  • AUTH_EE_MICROSOFT_ENTRA_ID_ISSUER

Troubleshooting

  • If you experience issues logging in, logging out, or accessing an organization you should have access to, try clearing your cookies & performing a full page refresh (Cmd/Ctrl + Shift + R on most browsers).
  • Still not working? Reach out to us on our discord or github discussions