48 lines
1.3 KiB
Plaintext
48 lines
1.3 KiB
Plaintext
WEBUI_SECRET_KEY=
|
|
|
|
ENABLE_PERSISTENT_CONFIG=true
|
|
|
|
CORS_ALLOW_ORIGIN=
|
|
|
|
|
|
# OAuth settings
|
|
|
|
ENABLE_OAUTH_SIGNUP=True # If set to True, must pair with ENABLE_LOGIN_FORM=False
|
|
ENABLE_LOGIN_FORM=False
|
|
ENABLE_OAUTH_PERSISTENT_CONFIG=False
|
|
# OAUTH_SUB_CLAIM=
|
|
OAUTH_MERGE_ACCOUNTS_BY_EMAIL=True
|
|
# ENABLE_OAUTH_WITHOUT_EMAIL=False
|
|
# OAUTH_UPDATE_PICTURE_ON_LOGIN=False
|
|
# ENABLE_OAUTH_ID_TOKEN_COOKIE=True
|
|
# ENABLE_OAUTH_TOKEN_EXCHANGE=False
|
|
OAUTH_CLIENT_INFO_ENCRYPTION_KEY=
|
|
|
|
ENABLE_PASSWORD_AUTH=False # this is labeled as a 'general' setting, but placed here because it implies ENABLE_OAUTH_SIGNUP=True (or login will be disabled completely).
|
|
|
|
|
|
## OIDC specific settings
|
|
|
|
OAUTH_CLIENT_ID=
|
|
OAUTH_CLIENT_SECRET=
|
|
OPENID_PROVIDER_URL=
|
|
OPENID_REDIRECT_URI=
|
|
OAUTH_SCOPES="openid email profile open-webui"
|
|
# OAUTH_CODE_CHALLENGE_METHOD=""
|
|
OAUTH_PROVIDER_NAME="Authentik"
|
|
# OAUTH_USERNAME_CLAIM="name"
|
|
# OAUTH_EMAIL_CLAIM="email"
|
|
# OAUTH_PICTURE_CLAIM="picture"
|
|
# OAUTH_GROUP_CLAIM="groups"
|
|
# ENABLE_OAUTH_ROLE_MANAGEMENT=False
|
|
# ENABLE_OAUTH_GROUP_MANAGEMENT=False
|
|
# ENABLE_OAUTH_GROUP_CREATION=False
|
|
# OAUTH_BLOCKED_GROUPS="[]"
|
|
# OAUTH_ROLES_CLAIM="roles"
|
|
# OAUTH_ALLOWED_ROLES="user,admin"
|
|
# OAUTH_ADMIN_ROLES="admin"
|
|
# OAUTH_ROLES_SEPARATOR=";"
|
|
# OAUTH_ALLOWED_DOMAINS="*"
|
|
# OAUTH_AUDIENCE=""
|
|
|