OpenID Connect
OpenID Connect (OIDC) is an authentication layer built on top of the OAuth 2.0 protocol. This guide will help you configure OIDC integration for your Teable application.
Environment Variables Configuration
To enable OIDC integration in Teable, set the following environment variables in your .env file:
Configuration Details
BACKEND_OIDC_CLIENT_ID
: Your OIDC client ID for Teable, provided by your OIDC provider.BACKEND_OIDC_CLIENT_SECRET
: Your OIDC client secret for Teable, provided by your OIDC provider.BACKEND_OIDC_CALLBACK_URL
: The callback URL for Teable. This is set to https://app.teable.io/api/auth/oidc/callback. Ensure this matches the callback URL registered with your OIDC provider.BACKEND_OIDC_USER_INFO_URL
: The endpoint URL for retrieving user information from your OIDC provider.BACKEND_OIDC_TOKEN_URL
: The endpoint URL for obtaining access tokens from your OIDC provider.BACKEND_OIDC_AUTHORIZATION_URL
: The endpoint URL where users authenticate with your OIDC provider.BACKEND_OIDC_ISSUER
: The identifier URL of your OIDC provider.BACKEND_OIDC_OTHER
: Additional OIDC configuration options, provided in JSON format. In this example, we're requesting "email" and "profile" scopes.
Enabling OIDC Authentication in Teable
To enable OIDC as an authentication method for Teable, include "oidc" in the SOCIAL_AUTH_PROVIDERS
environment variable:
SOCIAL_AUTH_PROVIDERS=github,google,oidc
This will allow users to authenticate using OIDC, GitHub, and Google in Teable.
Important Notes
Ensure all URLs use the HTTPS protocol for security.
Never hardcode these sensitive details directly into your Teable application in a production environment. Always use environment variables or a secure key management system.
Specific URLs and configurations may vary depending on your chosen OIDC provider (e.g., Google, Okta, Auth0). Refer to your OIDC provider's documentation for accurate endpoint URLs and configuration requirements.
When setting BACKEND_OIDC_OTHER, you may need to add additional parameters based on your requirements and what your OIDC provider supports.
The example in your .env.example file uses Google as an OIDC provider. If you're using a different provider, make sure to update the URLs accordingly.
By correctly configuring these environment variables, your Teable application should be able to successfully integrate OIDC authentication. If you encounter any issues, check your OIDC provider's documentation and ensure all URLs and credentials are correct.
Example: Using Authentik as OIDC Provider
Follow these steps to configure Authentik as an OIDC provider for your Teable application:
Log into your Authentik admin panel and create a new OAuth2 Provider.
In the OAuth2 Provider settings, set the Redirect URIs to match your
BACKEND_OIDC_CALLBACK_URL
. This should be in the format:After creating the OAuth2 Provider, you'll need to map the Authentik configuration to your Teable environment variables. Use the following correspondence:
Client ID →
BACKEND_OIDC_CLIENT_ID
Userinfo URL →
BACKEND_OIDC_USER_INFO_URL
Token URL →
BACKEND_OIDC_TOKEN_URL
Authorize URL →
BACKEND_OIDC_AUTHORIZATION_URL
OpenID Configuration Issuer →
BACKEND_OIDC_ISSUER
Generate a client secret in Authentik and set it as
BACKEND_OIDC_CLIENT_SECRET
in your Teable environment variables.Update your Teable
.env
file with these values. Your configuration should look similar to this:
Remember to replace your-teable-domain.com
and your-authentik-domain.com
with your actual domain names.
By following these steps, you should have successfully configured Authentik as an OIDC provider for your Teable application. Make sure to restart your Teable application after updating the environment variables for the changes to take effect.
Last updated