docs/self-hosting/auth/providers/authelia.mdx
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on.
<Steps> ### Configure OIDC Client in AutheliaAdd a new OIDC client in your Authelia configuration file:
identity_providers:
oidc:
clients:
- client_id: 'lobechat'
client_name: 'LobeHub'
client_secret: 'your-client-secret'
redirect_uris:
- 'https://your-domain.com/api/auth/callback/authelia'
scopes:
- 'openid'
- 'profile'
- 'email'
<Callout type={'info'}>
Callback URL Format: https://your-domain.com/api/auth/callback/authelia
</Callout>
When deploying LobeHub, you need to configure the following environment variables:
| Environment Variable | Type | Description |
|---|---|---|
AUTH_SECRET | Required | Key used to encrypt session tokens. Generate using: openssl rand -base64 32 |
AUTH_SSO_PROVIDERS | Required | SSO provider for LobeHub. Use authelia for Authelia |
AUTH_AUTHELIA_ID | Required | Client ID configured in Authelia |
AUTH_AUTHELIA_SECRET | Required | Client Secret configured in Authelia |
AUTH_AUTHELIA_ISSUER | Required | Authelia issuer URL (e.g., https://auth.your-domain.com) |
<Callout type={'tip'}> Go to 📘 Environment Variables for detailed information on these variables. </Callout> </Steps>
<Callout type={'info'}> After successful deployment, users will be able to authenticate with Authelia and use LobeHub. </Callout>