ContextQMD
Back to Lobehub

Configuring Auth0 Authentication for LobeHub

docs/self-hosting/auth/providers/auth0.mdx

2.1.563.9 KB
Original Source

Configuring Auth0 Authentication

<Steps> ### Create Auth0 Application
  1. Go to Auth0 Dashboard
  2. Click Applications > Create Application
<Image alt="Create Auth0 Application S1" inStep src="https://github.com/lobehub/lobehub/assets/30863298/f068190f-0027-4d3b-8667-d632e43d5a86" />
  1. Fill in the application name
  2. Select Regular Web Applications as the application type
  3. Click Create
<Image alt="Create Auth0 Application S2" inStep src="https://github.com/lobehub/lobehub/assets/30863298/3e0082df-9b6f-46f3-b67f-bdc79e1eb2cc" />

Configure Application Settings

After creation, go to the Settings tab:

<Image alt="Create Auth0 Application S3" inStep src="https://github.com/lobehub/lobehub/assets/30863298/df4cea85-616a-46f5-b2de-42725d9b82a6" />

Note down:

  • Domain (e.g., your-tenant.auth0.com)
  • Client ID
  • Client Secret

Configure Callback URL

In Allowed Callback URLs, add:

<Callout type={'info'}> Callback URL format:

- Local development: `http://localhost:3210/api/auth/callback/auth0`
- Production: `https://your-domain.com/api/auth/callback/auth0`
</Callout> <Image alt="Create Auth0 Application S4" inStep src="https://github.com/lobehub/lobehub/assets/30863298/62fbd09f-a69a-4460-949b-0f6285fa65b9" />

Add Users (Optional)

Click User Management to create users for your organization.

<Image alt="Add Users" inStep src="https://github.com/lobehub/lobehub/assets/30863298/0beda150-d0b6-43cf-a9f1-fce928b83a96" />

Configure Environment Variables

Environment VariableTypeDescription
AUTH_SECRETRequiredSession encryption key, generate with openssl rand -base64 32
AUTH_SSO_PROVIDERSRequiredSet to auth0
AUTH_AUTH0_IDRequiredClient ID
AUTH_AUTH0_SECRETRequiredClient Secret
AUTH_AUTH0_ISSUERRequiredhttps://your-tenant.auth0.com

<Callout type={'tip'}> Go to 📘 Environment Variables for detailed information. </Callout> </Steps>

<Callout type={'info'}> After successful deployment, users will be able to authenticate with Auth0 and use LobeHub. </Callout>

Advanced Configuration

Connect Existing SSO Services

If your organization has existing identity infrastructure, connect to SSO services in Applications > SSO Integrations.

Auth0 supports Azure AD, Slack, Google Workspace, Office 365, Zoom, and more. See Auth0 SSO Integrations.

<Image alt="Connecting to Existing SSO Service" src="https://github.com/lobehub/lobehub/assets/30863298/9891347e-a338-4aa9-8714-f16c8dbcfcec" />

Configure Social Login

Configure social login in Authentication > Social.

<Image alt="Configuring Social Login" src="https://github.com/lobehub/lobehub/assets/30863298/880749a6-5ba4-4e20-a968-b583a54de7fa" />

<Callout type={'warning'}> Social login by default allows anyone to authenticate. Configure blocking policies to restrict access. </Callout>

<Callout type={'warning'}> When creating a GitHub connection, make sure to enable the Email Address permission in the Attributes section. LobeHub requires user email for authentication.

<Image alt="GitHub Connection Email Permission" src="https://hub-apac-1.lobeobjects.space/docs/afdf22891dda3e5e44c690db184c548e.png" /> </Callout>