OpenID Connect (OIDC) SSO
PromptPanel integrates with OpenID Connect (OIDC), enabling Single Sign-On (SSO) capabilities for enhanced user convenience and security.
This allows users to authenticate using their existing credentials from other services, eliminating the need for separate logins.
Environment Variables
To enable OIDC SSO, you'll need to configure the following environment variables during container startup:
PROMPT_OIDC_DISPLAY_NAME
: This sets the display name for the button that users will click to initiate the OIDC login process.
PROMPT_OIDC_CLIENT_ID
and PROMPT_OIDC_CLIENT_SECRET
: These variables hold the client ID and client secret provided by your OIDC identity provider.
PROMPT_OIDC_AUTHORIZE_URL
and PROMPT_OIDC_ACCESS_TOKEN_URL
: Specify the URLs for authorization and access token retrieval from your OIDC provider.
PROMPT_OIDC_KWARGS
: This optional variable allows you to pass additional keyword arguments for customizing the OIDC configuration.
PROMPT_OIDC_USERINFO_URL
: This URL should point to the endpoint that provides user information, including the user's email address, which is required for PromptPanel.
PROMPT_USER_ALLOWED_DOMAINS
Recommended
For enhanced security and control over user registration, it's highly recommended to set the PROMPT_USER_ALLOWED_DOMAINS
environment variable.
This variable allows you to define a list of approved domains from which users can register and log in using OIDC. By restricting registration to specific domains, you can prevent unauthorized access and ensure that only trusted users can access your PromptPanel instance.
The variable expects a comma-separated string of domains, for example: domain1.com,domain2.com
.
Docker Compose Example
The following is an example docker-compose.yml
with the required fields for setting up GitHub OIDC:
version: "3.9"
services:
promptpanel:
image: promptpanel/promptpanel:latest
container_name: promptpanel
restart: always
volumes:
- ./database:/app/database
- ./media:/app/media
ports:
- 4000:4000
environment:
# OIDC SSO
PROMPT_OIDC_DISPLAY_NAME: GitHub
PROMPT_OIDC_CLIENT_ID: CLIENT_ID
PROMPT_OIDC_CLIENT_SECRET: CLIENT_SECRET
PROMPT_OIDC_AUTHORIZE_URL: https://github.com/login/oauth/authorize
PROMPT_OIDC_ACCESS_TOKEN_URL: https://github.com/login/oauth/access_token
PROMPT_OIDC_USERINFO_URL: https://api.github.com/user/emails
PROMPT_OIDC_KWARGS: '{"scope": "user:email"}'
PROMPT_USER_ALLOWED_DOMAINS: promptpanel.com