OpenID example configurations #
On this page you will find examples about how to set up Vikunja with a third-party OpenID provider. To add another example, please edit this document and send a PR.
Table of contents
openid: enabled: true redirecturl: https://vikunja.mydomain.com/auth/openid/ <---- slash at the end is important providers: - name: Authelia authurl: https://login.mydomain.com clientid: <vikunja-id> clientsecret: <vikunja secret>
- id: <vikunja-id> description: Vikunja secret: <vikunja secret> redirect_uris: - https://vikunja.mydomain.com/auth/openid/authelia scopes: - openid - email - profile
Google / Google Workspace #
openid: enabled: true redirecturl: https://vikunja.mydomain.com/auth/openid/ <---- slash at the end is important providers: - name: Google authurl: https://accounts.google.com clientid: <google-oauth-client-id> clientsecret: <google-oauth-client-secret>
- Navigate to https://console.cloud.google.com/apis/credentials in the target project
- Create a new OAuth client ID
- Configure an authorized redirect URI of https://vikunja.mydomain.com/auth/openid/google
Note that there currently seems to be no way to stop creation of new users, even when enableregistration is false in the configuration. This means that this approach works well only with an “Internal Organization” app for Google Workspace, which limits the allowed users to organizational accounts only. External / public applications will potentially allow every Google user to register.