SSO (Single Sign On) Providers
SSOs are used to simplify the registration flow. You authorize the server to use an existing account from one of the available SSO providers.
Mbin supports a multitude of SSO providers:
- GitHub
- Keycloak
- Zitadel
- SimpleLogin
- Discord
- Authentik
- Privacy Portal
- Azure
To enable an SSO provider you (usually) have to create a developer account on the specific platform, create an app
and provide the app/client ID and a secret. These have to be entered in the correct environment variable
in the .env|.env.local file
Google
https://developers.google.com/
OAUTH_GOOGLE_ID=AS2easdioh912 # your client ID
OAUTH_GOOGLE_SECRET=sdfpsajh329ura39ßseaoßjf30u # your client secret
Facebook
https://developers.facebook.com
OAUTH_FACEBOOK_ID=AS2easdioh912 # your client ID
OAUTH_FACEBOOK_SECRET=sdfpsajh329ura39ßseaoßjf30u # your client secret
GitHub
You need a GitHub account, if you do no have one, yet, go and create one: https://github.com/signup
- Go to https://github.com/settings/developers
- Click on "New OAuth App"
- Enter the app name, description and Homepage URL (just your instance URL)
- Insert
https://YOURINSTANCE/oauth/github/verifyas the "Authorization callback URL" (replaceYOURINSTANCEwith the URL of your instance) - Scroll down and click "Register application"
- Now you have the chance to upload an icon (at the bottom of the page)
- Click "Generate a new client secret"
- Insert the "Client ID" and the generated client secret into the
.envfile:
OAUTH_GITHUB_ID=AS2easdioh912 # your client ID
OAUTH_GITHUB_SECRET=sdfpsajh329ura39ßseaoßjf30u # your client secret
Keycloak
Self-hosted, https://www.keycloak.org/
OAUTH_KEYCLOAK_ID=AS2easdioh912 # your client ID
OAUTH_KEYCLOAK_SECRET=sdfpsajh329ura39ßseaoßjf30u # your client secret
OAUTH_KEYCLOAK_URI=
OAUTH_KEYCLOAK_REALM=
OAUTH_KEYCLOAK_VERSION=
Zitadel
Self-hosted, https://zitadel.com/
OAUTH_ZITADEL_ID=AS2easdioh912 # your client ID
OAUTH_ZITADEL_SECRET=sdfpsajh329ura39ßseaoßjf30u # your client secret
OAUTH_ZITADEL_BASE_URL=
SimpleLogin
You need a SimpleLogin account, if you do not have one, yet, go and create one: https://app.simplelogin.io/auth/register
- Go to https://app.simplelogin.io/developer and click on "New website"
- Enter the name of your instance and the url to your instance
- Choose an icon (if you want to)
- Click on "OAuth Settings" on the right
- Insert the client ID ("AppID / OAuth2 Client ID") and the client secret ("AppSecret / OAuth2 Client Secret")
in your
.envfile
OAUTH_SIMPLELOGIN_ID=gehirneimer.de-vycjfiaznc # your client ID
OAUTH_SIMPLELOGIN_SECRET=fdiuasdfusdfsdfpsdagofweopf # your client secret
- Back in the browser, scroll down to "Authorized Redirect URIs" and click on "Add new uri"
Discord
You need a Discord account, if you do not have one, yet, go and create one: https://discord.com/register
- Go to https://discord.com/developers/applications and create a new application. If you want, add an image and a description.
- Click the "OAuth2" tab on the left
- Under "Client information" click "Reset Secret"
- The newly generated secret and the "Client ID" need to go in our
.envfile:
OAUTH_DISCORD_ID=3245498543 # your client ID
OAUTH_DISCORD_SECRET=xJHGApsadOPUIAsdoih # your client secret
- Back in the browser: click on "Add Redirect"
- enter the URL:
https://YOURINSTANCE/oauth/discord/verify, replaceYOURINSTANCEwith your instance domain - If you are on docker, restart the containers, on bare metal execute the
post-upgradescript - When you go to the login page you should see a button to "Continue with Discord"
Authentik
Self-hosted, https://goauthentik.io/
OAUTH_AUTHENTIK_ID=3245498543 # your client ID
OAUTH_AUTHENTIK_SECRET=xJHGApsadOPUIAsdoih # your client secret
OAUTH_AUTHENTIK_BASE_URL=
Privacy Portal
OAUTH_PRIVACYPORTAL_ID=3245498543 # your client ID
OAUTH_PRIVACYPORTAL_SECRET=xJHGApsadOPUIAsdoih # your client secret
Azure
https://login.microsoftonline.com
OAUTH_AZURE_ID=3245498543 # your client ID
OAUTH_AZURE_SECRET=xJHGApsadOPUIAsdoih # your client secret
OAUTH_AZURE_TENANT=