Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added environment variables to OpenID page #650

Open
wants to merge 27 commits into
base: master
Choose a base branch
from
Open

Added environment variables to OpenID page #650

Changes from 25 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
c50f275
Multiuser and OpenId
lelemm Sep 4, 2024
7b3dcb4
fixes
lelemm Sep 4, 2024
ae4aae4
words
lelemm Sep 4, 2024
9926026
new line at the end
lelemm Sep 4, 2024
471858d
fixes
lelemm Sep 4, 2024
85d1425
spelling
lelemm Sep 4, 2024
703a658
Merge branch 'master' into master
lelemm Sep 4, 2024
2ce9b45
added environment variables section
lelemm Sep 4, 2024
b5061d9
Merge branch 'master' of https://github.com/lelemm/actual_docs
lelemm Sep 4, 2024
a01cefd
changed oauth
lelemm Sep 4, 2024
f979124
round images
lelemm Sep 4, 2024
712c1e6
Apply suggestions from code review
lelemm Dec 17, 2024
ef28309
Apply suggestions from code review
lelemm Dec 17, 2024
8740aa6
Apply suggestions from code review
lelemm Dec 17, 2024
6ad41f8
code review
lelemm Dec 17, 2024
50ae0ef
Merge remote-tracking branch 'org/master'
lelemm Dec 17, 2024
7c761c3
Apply suggestions from code review
lelemm Dec 24, 2024
eb5cc06
changes from review
lelemm Dec 24, 2024
a726c29
allow passwordless
lelemm Dec 24, 2024
2508f20
Merge branch 'master' into master
lelemm Dec 24, 2024
abf2bd6
Added all environment variables
lelemm Feb 27, 2025
2b94f79
Merge remote-tracking branch 'org/master'
lelemm Feb 27, 2025
d4447d8
fixes
lelemm Feb 27, 2025
d394acc
removed dups
lelemm Feb 27, 2025
10f4f45
removed dup
lelemm Feb 27, 2025
a3273ae
added to expect
lelemm Feb 27, 2025
05bfbad
missing bold start
lelemm Feb 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 50 additions & 1 deletion docs/experimental/oauth-auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,55 @@

![](/static/img/oauth/first-login.png)

### Environment Variables

#### `ACTUAL_OPENID_DISCOVERY_URL`
- Purpose:** If your OpenID provider supports discovery, this is the URL where discovery metadata can be found.
**Example Value:** `https://provider.tld/.well-known/openid-configuration`

#### `ACTUAL_OPENID_CLIENT_ID`
- **Purpose:** The client ID issued by your OpenID provider.
**Example Value:** `my-actual-app`

#### `ACTUAL_OPENID_CLIENT_SECRET`
- **Purpose:** The client secret issued by your OpenID provider.
**Example Value:** `super-secret-value`

#### `ACTUAL_OPENID_SERVER_HOSTNAME`
- **Purpose:** The public URL of your Actual Server, which the provider redirects to after authentication.
**Example Value:** `https://actual.myserver.com`

#### `ACTUAL_OPENID_AUTHORIZATION_ENDPOINT`
- **Purpose:** Provider’s authorization endpoint (for providers that don’t support discovery).
**Example Value:** `https://provider.com/oauth2/authorize`

#### `ACTUAL_OPENID_TOKEN_ENDPOINT`
- **Purpose:** Provider’s token endpoint (for providers that don’t support discovery).
**Example Value:** `https://provider.com/oauth2/token`

#### `ACTUAL_OPENID_USERINFO_ENDPOINT`
- **Purpose:** Provider’s user-info endpoint (for providers that don’t support discovery).
**Example Value:** `https://provider.com/oauth2/userinfo`

#### `ACTUAL_OPENID_AUTH_METHOD`
- **Purpose:** Tells the server whether it should use the OpenID (OIDC) or a more general OAuth2 flow.
**Possible Values:**
- `openid` (default)
- `oauth2`

**Tip:** Use `oauth2` for providers like GitHub that don’t fully support OpenID discovery.

#### `ACTUAL_OPENID_ENFORCE`
- **Purpose:** Forces OpenID/OAuth2 authentication as the only allowed login method when set to `true`.
**Example Value:** `true` or `false` (default is `false`)

#### `ACTUAL_TOKEN_EXPIRATION`
- **Purpose:** Controls how access tokens expire.
**Possible Values:**
- `"never"` (tokens never expire - **current default**)
- `"openid-provider"` (tokens follow the expiration time from the OpenID provider)
- A numeric value in seconds (e.g., `3600` for 1 hour)


:::tip
Configuring the OpenID provider from options supports discovery; otherwise, use [file configuration](oauth-auth#config-using-configuration-file)
:::
Loading