Configuring Logto Authentication

Logto is an open-source Auth0 alternative designed for modern apps and SaaS products.

<Steps> ### Create Application in Logto

<Callout type={'info'}> Callback URL Format: https://your-domain.com/api/auth/callback/logto </Callout>

The issuer URL is your Logto endpoint, typically:

When deploying LobeHub, you need to configure the following environment variables:

Environment Variable	Type	Description
`AUTH_SECRET`	Required	Key used to encrypt session tokens. Generate using: `openssl rand -base64 32`
`AUTH_SSO_PROVIDERS`	Required	SSO provider for LobeHub. Use `logto` for Logto
`AUTH_LOGTO_ID`	Required	App ID from Logto application
`AUTH_LOGTO_SECRET`	Required	App Secret from Logto application
`AUTH_LOGTO_ISSUER`	Required	Logto issuer URL (e.g., `https://your-tenant.logto.app/oidc`)
`LOGTO_WEBHOOK_SIGNING_KEY`	Optional	Secret key for validating Webhook requests from Logto

<Callout type={'tip'}> Go to 📘 Environment Variables for detailed information on these variables. </Callout>

Configure Logto Webhook to sync user data updates to LobeHub.

Go to Webhooks in Logto Console and create a Webhook
Fill in the following fields:
- Endpoint URL: https://your-domain.com/api/webhooks/logto
- Events:
  - User.Data.Updated: Sync user profile updates
  - User.SuspensionStatus.Updated: Sync user suspension status
After creation, copy the Signing Key and set it in the LOGTO_WEBHOOK_SIGNING_KEY environment variable </Steps>

<Callout type={'info'}> After successful deployment, users will be able to authenticate with Logto and use LobeHub. </Callout>

Configuring Logto Authentication for LobeHub