Skip to content

docs: document OAUTH_AUTO_REDIRECT #1260

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zaid-marji wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

docs: document OAUTH_AUTO_REDIRECT #1260

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/features/authentication-access/auth/sso/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ You cannot have Microsoft **and** Google as OIDC providers simultaneously.
| `WEBUI_URL` | — | **Required.** Your public WebUI address, e.g., `http://localhost:8080`. |
| `ENABLE_OAUTH_PERSISTENT_CONFIG` | `true` | Persist OAuth config to the database; set to `false` for stateless/containerized environments. |
| `ENABLE_OAUTH_SIGNUP` | `false` | Allows account creation upon OAuth login (separate from `ENABLE_SIGNUP`). |
| `OAUTH_AUTO_REDIRECT` | `false` | When `true` with exactly one OAuth provider configured, sends unauthenticated users from `/auth` straight to the provider, skipping the "Continue with" screen. Visit `/auth?form=true` to reach the local login form. |
| `OAUTH_MERGE_ACCOUNTS_BY_EMAIL` | `false` | Merge OAuth logins based on matching email (caution: can be insecure if provider doesn't verify emails). |
| `OAUTH_UPDATE_PICTURE_ON_LOGIN` | `false` | Update user profile pictures from OAuth provider with each login. |
| `OAUTH_PICTURE_CLAIM` | `picture` | Field in the claim containing the profile picture. Set to empty string to disable picture updates (users receive default icon).|
Expand Down
13 changes: 13 additions & 0 deletions docs/reference/env-configuration.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5050,6 +5050,19 @@ You can only configure one OAUTH provider at a time. You cannot have two or more

:::

#### `OAUTH_AUTO_REDIRECT`

- Type: `bool`
- Default: `False`
- Description: When `True` and exactly one OAuth provider is configured, an unauthenticated visit to the `/auth` page is redirected straight to that provider's login, skipping the intermediate `Continue with <provider>` button. The redirect is suppressed when the local login form is explicitly requested (`/auth?form=true`), after a failed sign-in (`/auth?error=...`), for an already-authenticated session, during initial onboarding, and when trusted-header authentication is enabled. Has no effect when zero or multiple OAuth providers are configured.
- Persistence: This environment variable is a `PersistentConfig` variable.

:::tip

Visit `/auth?form=true` to reach the local login form when `OAUTH_AUTO_REDIRECT` is enabled — useful for administrators who need password access if the OAuth provider is unavailable.

:::

#### `ENABLE_OAUTH_PERSISTENT_CONFIG`

- Type: `bool`
Expand Down