From a00800fc97d4c2d56e730e5213ccc731ffbf8738 Mon Sep 17 00:00:00 2001 From: Alex Jarvis-Blanks <45558436+ajb3932@users.noreply.github.com> Date: Sat, 21 Sep 2024 17:49:33 +0100 Subject: [PATCH] authelia.mdx (#126) --- .../authentication/OAuth2-OIDC/authelia.mdx | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 pages/docs/configuration/authentication/OAuth2-OIDC/authelia.mdx diff --git a/pages/docs/configuration/authentication/OAuth2-OIDC/authelia.mdx b/pages/docs/configuration/authentication/OAuth2-OIDC/authelia.mdx new file mode 100644 index 00000000..9d5b58d0 --- /dev/null +++ b/pages/docs/configuration/authentication/OAuth2-OIDC/authelia.mdx @@ -0,0 +1,41 @@ +--- +title: Authelia +description: Learn how to configure LibreChat to use Authelia for user authentication. +--- + +# Authelia + +- Generate a client secret using: + ``` + docker run authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 + ``` +- Then in your `configuration.yml` add the following in the oidc section: + ```bash filename="configuration.yml" + - id: librechat + description: LibreChat + secret: '$pbkdf2-GENERATED_SECRET_KEY_HERE' + public: false + authorization_policy: two_factor + redirect_uris: + - 'https://LIBRECHAT.URL/oauth/openid/callback' + scopes: + - openid + - profile + - email + userinfo_signing_algorithm: none + ``` +- Then restart Authelia + +# LibreChat + +- Open the `.env` file in your project folder and add the following variables: + ```bash filename=".env" + ALLOW_SOCIAL_LOGIN=true + OPENID_BUTTON_LABEL='Log in with Authelia' + OPENID_ISSUER=https://auth.example.com + OPENID_CLIENT_ID=librechat + OPENID_CLIENT_SECRET=ACTUAL_GENERATED_SECRET_HERE + OPENID_SESSION_SECRET=ANY_RANDOM_STRING + OPENID_CALLBACK_URL=https://auth.example.com/api/oidc/authorization + OPENID_SCOPE="openid profile email" + ```