Available in v3.4.0 and later.

Account Linking

Accounts using the same email are linked together. This assumes that you are using a trusted identity provider that uses verified email addresses.

OpenID Connect (OIDC)

If your identity provider supports OAuth 2.0 based authentication with OpenID Connect (OIDC), you can use it to authenticate users on your Rallly instance.

Required Scopes

Your OAuth 2.0 application needs to be configured with the following scopes:

  • openid: Essential for OIDC to function, used to perform authentication.
  • profile: Access to the user’s personal information such as name and picture.
  • email: Access to the user’s email address.

Callback URL / Redirect URI

Your identity provider will redirect the user back to the following URL:

{BASE_URL}/api/auth/callback/oidc

Replace {BASE_URL} with the base URL of your Rallly instance and add it to the list of allowed redirect URIs.

Configuration

The following configuration options are available for OIDC. All required fields must be set for OIDC to be enabled.

OIDC_NAME
default: "OpenID Connect"

The user-facing name of your provider as it will be shown on the login page

OIDC_DISCOVERY_URL
required

URL of the .well-known/openid-configuration endpoint for your OIDC provider

OIDC_CLIENT_ID
required

The client ID of your OIDC application

OIDC_CLIENT_SECRET
required

The client secret of your OIDC application

Docker ComposeConfiguration Options