refactor: remove OIDC authentication
This commit is contained in:
29
README.md
29
README.md
@@ -40,35 +40,6 @@ PG_CONNECTION_STRING=postgres://user:password@host:5432/database
|
||||
|
||||
The app uses this variable in `lib/db.ts` to create a `pg` connection pool.
|
||||
|
||||
OIDC authentication is optional. If no OIDC variables are set, the dashboard and API remain open.
|
||||
To require login through a standard OIDC provider such as Sinodoor, add:
|
||||
|
||||
```bash
|
||||
OIDC_ISSUER=https://casdoor.example.com
|
||||
OIDC_CLIENT_ID=analytics
|
||||
OIDC_CLIENT_SECRET=replace-me
|
||||
AUTH_SECRET=replace-with-random-secret
|
||||
NEXTAUTH_URL=https://your-analytics-domain
|
||||
# Optional login button label:
|
||||
OIDC_PROVIDER_NAME=Sinodoor
|
||||
```
|
||||
|
||||
Generate `AUTH_SECRET` with a stable random value, for example:
|
||||
|
||||
```bash
|
||||
openssl rand -base64 32
|
||||
```
|
||||
|
||||
When OIDC is enabled, configure the provider redirect URI as:
|
||||
|
||||
```text
|
||||
https://your-analytics-domain/api/auth/callback/oidc
|
||||
```
|
||||
|
||||
`NEXTAUTH_URL` must be the same public `https://` origin that users open through the reverse proxy. This keeps login redirects and callback URLs from using the container listener such as `http://0.0.0.0:8019`.
|
||||
|
||||
Partial OIDC configuration is treated as an error instead of falling back to open access.
|
||||
|
||||
## Deployment
|
||||
|
||||
The included Dockerfile builds a standalone Next.js output and starts `server.js` on port `8019`.
|
||||
|
||||
Reference in New Issue
Block a user