WEBUI_SECRET_KEY=

ENABLE_PERSISTENT_CONFIG=true

CORS_ALLOW_ORIGIN=


# OAuth settings

ENABLE_OAUTH_SIGNUP=True # If set to True, must pair with ENABLE_LOGIN_FORM=False
ENABLE_LOGIN_FORM=False
ENABLE_OAUTH_PERSISTENT_CONFIG=False
# OAUTH_SUB_CLAIM=
OAUTH_MERGE_ACCOUNTS_BY_EMAIL=True
# ENABLE_OAUTH_WITHOUT_EMAIL=False
# OAUTH_UPDATE_PICTURE_ON_LOGIN=False
# ENABLE_OAUTH_ID_TOKEN_COOKIE=True
# ENABLE_OAUTH_TOKEN_EXCHANGE=False
OAUTH_CLIENT_INFO_ENCRYPTION_KEY=

ENABLE_PASSWORD_AUTH=False # this is labeled as a 'general' setting, but placed here because it implies ENABLE_OAUTH_SIGNUP=True (or login will be disabled completely).


## OIDC specific settings

OAUTH_CLIENT_ID=
OAUTH_CLIENT_SECRET=
OPENID_PROVIDER_URL=
OPENID_REDIRECT_URI=
OAUTH_SCOPES="openid email profile open-webui"
# OAUTH_CODE_CHALLENGE_METHOD=""
OAUTH_PROVIDER_NAME="Authentik"
# OAUTH_USERNAME_CLAIM="name"
# OAUTH_EMAIL_CLAIM="email"
# OAUTH_PICTURE_CLAIM="picture"
# OAUTH_GROUP_CLAIM="groups"
# ENABLE_OAUTH_ROLE_MANAGEMENT=False
# ENABLE_OAUTH_GROUP_MANAGEMENT=False
# ENABLE_OAUTH_GROUP_CREATION=False
# OAUTH_BLOCKED_GROUPS="[]"
# OAUTH_ROLES_CLAIM="roles"
# OAUTH_ALLOWED_ROLES="user,admin"
# OAUTH_ADMIN_ROLES="admin"
# OAUTH_ROLES_SEPARATOR=";"
# OAUTH_ALLOWED_DOMAINS="*"
# OAUTH_AUDIENCE=""