@lobehub/chat 1.22.1 → 1.22.3

package/docs/self-hosting/advanced/auth/next-auth/casdoor.zh-CN.mdx

@@ -0,0 +1,121 @@
+---
+title: 在 LobeChat 中配置 Casdoor 身份验证服务
+description: 学习如何在 LobeChat 中配置 Casdoor 身份验证服务，包括部署、创建、设置权限和环境变量。
+tags:
+  - Casdoor 身份验证
+  - 环境变量配置
+  - 单点登录
+  - LobeChat
+---
+
+# 配置 Casdoor 身份验证服务
+
+[Casdoor](https://github.com/casdoor/casdoor) 是一个开源的身份验证服务，功能配置丰富且易于上手。
+
+<Callout type={'tip'}>
+  若你想要私有部署 Casdoor，我们建议你将之与 LobeChat 数据库版本一同使用 Docker Compose 部署，此时
+  LobeChat 可以与之共用同一个 Postgres 实例。
+</Callout>
+
+## Casdoor 配置流程
+
+若你使用局域网 IP 部署，下文假设：
+
+- 你的 LobeChat 数据库版本 IP / 端口为 `http://LOBECHAT_IP:3210`。
+- 你私有部署 Casdoor，其域名为 `http://CASDOOR_IP:8000`。
+
+若你使用公网部署，下文假设：
+
+- 你的 LobeChat 数据库版本域名为 `https://lobe.example.com`。
+- 你私有部署 Casdoor，其域名为 `https://lobe-auth-api.example.com`。
+
+<Steps>
+  ### 创建 Casdoor 应用
+
+访问你私有部署的 Casdoor WebUI（默认为 `http://localhost:8000/`） 进入控制台，默认账号为 `admin`，密码为 `123`。
+
+前往 `身份认证` -> `应用`，创建一个 `LobeChat` 应用或直接修改内置的 `built-in` 应用，其他字段可以自行探索，但你至少需要配置以下字段：
+
+- 名称、显示名称：`LobeChat`
+- 重定向 URLs：
+  - 本地开发环境：`http://localhost:3210/api/auth/callback/casdoor`
+  - 局域网 IP 部署：`http://LOBECHAT_IP:3210/api/auth/callback/casdoor`
+  - 公网环境：`https://lobe.example.com/api/auth/callback/casdoor`
+
+还有一些不必需但是可以提高用户体验的字段：
+
+- Logo：`https://lobehub.com/icon-192x192.png`
+- 表单 CSS、表单 CSS（移动端）：
+
+  ```html
+  <style>
+    .login-panel {
+      padding: 40px 70px 0 70px;
+      border-radius: 10px;
+      background-color: #ffffff;
+      box-shadow: rgba(17, 12, 46, 0.15) 0px 48px 100px 0px;
+    }
+    .panel-logo {
+      width: 64px;
+    }
+    .login-logo-box {
+      margin-top: 20px;
+    }
+
+    #parent-area
+      > main
+      > div
+      > div.login-content
+      > div.login-panel
+      > div.login-form
+      > div
+      > div
+      > button {
+      box-shadow: none !important;
+      border-radius: 10px !important;
+      transition-property: all;
+      transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
+      transition-duration: 150ms;
+      border: 1px solid #eee !important;
+    }
+
+    @media (max-width: 640px) {
+      .login-panel {
+        padding: 40px 0 0 0;
+        box-shadow: none;
+      }
+    }
+ 
+</style>
+  ```
+
+随后，复制 `客户端 ID` 和 `客户端密钥`，并保存。
+
+### 配置环境变量
+
+将获取到的 `客户端 ID` 和 `客户端`，设为 LobeChat 环境变量中的 `AUTH_CASDOOR_ID` 和 `AUTH_CASDOOR_SECRET`。
+
+配置 LobeChat 环境变量中 `AUTH_CASDOOR_ISSUER` 为：
+
+- `http://localhost:8000/`，若你是本地开发环境
+- `http://CASDOOR_IP:8000/`，若你是局域网私有部署的 Casdoor
+- `https://lobe-auth-api.example.com/`，若你是公网环境部署的 Casdoor
+
+在部署 LobeChat 时，你需要配置以下环境变量：
+
+| 环境变量 | 类型 | 描述 |
+| --- | --- | --- |
+| `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥： `openssl rand -base64 32` |
+| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Casdoor 请填写 `casdoor`。 |
+| `AUTH_CASDOOR_ID` | 必选 | Casdoor 应用详情页的客户端 ID |
+| `AUTH_CASDOOR_SECRET` | 必选 | Casdoor 应用详情页的客户端密钥 |
+| `AUTH_CASDOOR_ISSUER` | 必选 | Casdoor 提供程序的 OpenID Connect 颁发者。 |
+| `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址，当默认生成的重定向地址发生不正确时才需要设置。`https://lobe.example.com/api/auth` |
+
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#casdoor) 可查阅相关变量详情。
+ 
+</Callout>
+</Steps>
+
+<Callout type={'info'}>部署成功后，用户将可以通过 Casdoor 身份认证并使用 LobeChat。</Callout>

package/docs/self-hosting/advanced/auth/next-auth/cloudflare-zero-trust.zh-CN.mdx

@@ -49,9 +49,9 @@ tags:
 | --- | --- | --- |
 | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥： `openssl rand -base64 32` |
 | `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Cloudflare Zero Trust 请填写 `cloudflare-zero-trust`。 |
-| `CLOUDFLARE_ZERO_TRUST_CLIENT_ID` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client ID`，示例值是 `lobe-chat` |
-| `CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client secret`，示例值是 `insecure_secret` |
-| `CLOUDFLARE_ZERO_TRUST_ISSUER` | 必选 | 在 Cloudflare Zero Trust 生成的 `Issuer`，例如 `https://example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/7db0f` |
+| `AUTH_CLOUDFLARE_ZERO_TRUST_CLIENT_ID` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client ID`，示例值是 `lobe-chat` |
+| `AUTH_CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET` | 必选 | 在 Cloudflare Zero Trust 生成的 `Client secret`，示例值是 `insecure_secret` |
+| `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER` | 必选 | 在 Cloudflare Zero Trust 生成的 `Issuer`，例如 `https://example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/7db0f` |
 | `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址，当默认生成的重定向地址发生不正确时才需要设置。`https://chat.example.com/api/auth` |
 
   <Callout type={'tip'}>

package/docs/self-hosting/advanced/auth/next-auth/logto.mdx

@@ -15,9 +15,9 @@ tags:
 [Logto](https://github.com/logto-io/logto) is an open-source authentication service with a simple and beautiful interface, rich in features and easy to use. You can choose to use the official Logto Cloud or opt for a private deployment of Logto.
 
 <Callout type={'tip'}>
-
-If you want to deploy Logto privately, we recommend using Docker Compose to deploy it together with the LobeChat database version. In this case, LobeChat can share the same Postgres instance with it.
-
+  If you want to deploy Logto privately, we recommend using Docker Compose to deploy it together
+  with the LobeChat database version. In this case, LobeChat can share the same Postgres instance
+  with it.
 </Callout>
 
 ## Logto Configuration Process
@@ -49,7 +49,7 @@ If you are using Logto Cloud, assume its endpoint domain is `https://example.log
 
   Set the obtained `Client ID` and `Client Secret` as `LOGTO_CLIENT_ID` and `LOGTO_CLIENT_SECRET` in the LobeChat environment variables.
 
-  Configure `LOGTO_ISSUER` in the LobeChat environment variables as follows:
+  Configure `AUTH_LOGTO_ISSUER` in the LobeChat environment variables as follows:
 
   - `https://lobe-auth-api.example.com/oidc` if you are using a privately deployed Logto
   - `https://example.logto.app/oidc` if you are using Logto Cloud
@@ -60,9 +60,9 @@ If you are using Logto Cloud, assume its endpoint domain is `https://example.log
   | ------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   | `NEXT_AUTH_SECRET`        | Required | The key used to encrypt Auth.js session tokens. You can generate a key using the command: `openssl rand -base64 32`                                                                    |
   | `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LobeChat. For Logto, enter `logto`.                                                                                                             |
-  | `AUTH_LOGTO_ID`         | Required | The Client ID from the Logto App details page                                                                                                                                          |
-  | `AUTH_LOGTO_SECRET`     | Required | The Client Secret from the Logto App details page                                                                                                                                      |
-  | `AUTH_LOGTO_ISSUER` | Required | OpenID Connect issuer of the Logto provider |
+  | `AUTH_LOGTO_ID`           | Required | The Client ID from the Logto App details page                                                                                                                                          |
+  | `AUTH_LOGTO_SECRET`       | Required | The Client Secret from the Logto App details page                                                                                                                                      |
+  | `AUTH_LOGTO_ISSUER`       | Required | OpenID Connect issuer of the Logto provider                                                                                                                                            |
   | `NEXTAUTH_URL`            | Required | This URL specifies the callback address for Auth.js during OAuth verification, needed only if the default generated redirect address is incorrect. `https://lobe.example.com/api/auth` |
 
   <Callout type={'tip'}>
@@ -71,4 +71,6 @@ If you are using Logto Cloud, assume its endpoint domain is `https://example.log
 </Callout>
 </Steps>
 
-<Callout type={'info'}>After successful deployment, users will be able to authenticate via Logto and use LobeChat.</Callout>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate via Logto and use LobeChat.
+</Callout>

package/docs/self-hosting/advanced/auth/next-auth/logto.zh-CN.mdx

@@ -53,7 +53,7 @@ tags:
 
 将获取到的 `Client ID` 和 `Client Secret`，设为 LobeChat 环境变量中的 `LOGTO_CLIENT_ID` 和 `LOGTO_CLIENT_SECRET`。
 
-配置 LobeChat 环境变量中 `LOGTO_ISSUER` 为：
+配置 LobeChat 环境变量中 `AUTH_LOGTO_ISSUER` 为：
 
 - `https://lobe-auth-api.example.com/oidc`，若你是私有部署的 Logto
 - `https://example.logto.app/oidc`，若你是使用的 Logto Cloud

package/docs/self-hosting/advanced/auth.mdx

@@ -63,9 +63,13 @@ The order corresponds to the display order of the SSO providers.
 | SSO Provider       | Value       |
 | ------------------ | ----------- |
 | Auth0              | `auth0`     |
-| Microsoft Entra ID | `azure-ad`  |
+| Authenlia          | `authenlia` |
 | Authentik          | `authentik` |
+| Casdoor            | `casdoor`   |
+| Cloudflare Zero Trust | `cloudflare-zero-trust` |
 | Github             | `github`    |
+| Logto              | `logto`     |
+| Microsoft Entra ID | `azure-ad`  |
 | ZITADEL            | `zitadel`   |
 
 ## Other SSO Providers

package/docs/self-hosting/advanced/auth.zh-CN.mdx

@@ -60,9 +60,13 @@ LobeChat 与 Clerk 做了深度集成，能够为用户提供一个更加安全
 | SSO 提供商         | 值          |
 | ------------------ | ----------- |
 | Auth0              | `auth0`     |
-| Microsoft Entra ID | `azure-ad`  |
+| Authenlia          | `authenlia` |
 | Authentik          | `authentik` |
+| Casdoor            | `casdoor`   |
+| Cloudflare Zero Trust | `cloudflare-zero-trust` |
 | Github             | `github`    |
+| Logto              | `logto`     |
+| Microsoft Entra ID | `azure-ad`  |
 | ZITADEL            | `zitadel`   |
 
 ## 其他 SSO 提供商

package/docs/self-hosting/environment-variables/auth.mdx

@@ -42,201 +42,226 @@ LobeChat provides a complete authentication service capability when deployed. Th
 
 ### Auth0
 
-#### `AUTH0_CLIENT_ID`
+#### `AUTH_AUTH_AUTH0_CLIENT_ID`
 
 - Type: Required
 - Description: Client ID of the Auth0 application. You can access it [here](https://manage.auth0.com/dashboard) and navigate to the application settings to view.
 - Default: `-`
 - Example: `evCnOJP1UX8FMnXR9Xkj5t0NyFn5p70P`
 
-#### `AUTH0_CLIENT_SECRET`
+#### `AUTH_AUTH0_CLIENT_SECRET`
 
 - Type: Required
 - Description: Client Secret of the Auth0 application.
 - Default: `-`
 - Example: `wnX7UbZg85ZUzF6ioxPLnJVEQa1Elbs7aqBUSF16xleBS5AdkVfASS49-fQIC8Rm`
 
-#### `AUTH0_ISSUER`
+#### `AUTH_AUTH0_ISSUER`
 
 - Type: Required
 - Description: Issuer/domain of the Auth0 application.
 - Default: `-`
 - Example: `https://example.auth0.com`
 
-### Microsoft Entra ID
+### Authelia
 
-#### `AZURE_AD_CLIENT_ID`
+#### `AUTH_AUTHELIA_CLIENT_ID`
 
 - Type: Required
-- Description: Client ID of the Microsoft Entra ID application.
+- Description: Client ID of the Authelia provider application.
 - Default: `-`
-- Example: `be8f6da1-58c3-4f16-ff1b-78f5148e10df`
+- Example: `lobe-chat`
 
-#### `AZURE_AD_CLIENT_SECRET`
+#### `AUTH_AUTHELIA_CLIENT_SECRET`
 
 - Type: Required
-- Description: Client Secret of the Microsoft Entra ID application.
+- Description: The plaintext of the Client Secret for the Authelia provider
 - Default: `-`
-- Example: `~gI8Q.pTiN1vwB6Gl.E1yFT1ojcXABkdACfJXaNj`
+- Example: `insecure_secret`
 
-#### `AZURE_AD_TENANT_ID`
+#### `AUTH_AUTHELIA_ISSUER`
 
 - Type: Required
-- Description: Tenant ID of the Microsoft Entra ID application.
+- Description: Issuer of the Authelia provider application.
 - Default: `-`
-- Example: `c8ae2f36-edf6-4cda-96b9-d3e198a47cba`
+- Example: `https://sso.example.com`
 
 ### Authentik
 
-#### `AUTHENTIK_CLIENT_ID`
+#### `AUTH_AUTHENTIK_CLIENT_ID`
 
 - Type: Required
-- Description: Client ID of the Authentik provider application. You can access it [here][auth0-client-page] and navigate to the application settings to view.
+- Description: Client ID of the Authentik provider application.
 - Default: `-`
 - Example: `evCnOJP1UX8FMnXR9Xkj5t0NyFn5p70P`
 
-#### `AUTHENTIK_CLIENT_SECRET`
+#### `AUTH_AUTHENTIK_CLIENT_SECRET`
 
 - Type: Required
 - Description: Client Secret of the Authentik provider application.
 - Default: `-`
 - Example: `wnX7UbZg85ZUzF6ioxPLnJVEQa1Elbs7aqBUSF16xleBS5AdkVfASS49-fQIC8Rm`
 
-#### `AUTHENTIK_ISSUER`
+#### `AUTH_AUTHENTIK_ISSUER`
 
 - Type: Required
 - Description: Issuer/domain of the Authentik provider application.
 - Default: `-`
 - Example: `https://your-authentik-domain.com/application/o/slug/`
 
-### Authelia
+### Casdoor
 
-#### `AUTHELIA_CLIENT_ID`
+#### `AUTH_CASDOOR_CLIENT_ID`
 
 - Type: Required
-- Description: Client ID of the Authelia provider application. You can access it [here][auth0-client-page] and navigate to the application settings to view.
+- Description: Client ID provided by Casdoor
 - Default: `-`
-- Example: `lobe-chat`
+- Example: `570bfa85a21800a25198`
 
-#### `AUTHELIA_CLIENT_SECRET`
+#### `AUTH_CASDOOR_CLIENT_SECRET`
 
 - Type: Required
-- Description: The plaintext of the Client Secret for the Authelia provider
+- Description: Plaintext Client Secret provided by Casdoor
 - Default: `-`
-- Example: `insecure_secret`
+- Example: `233a623a15eac2db2e43bb8a323eda729552c405`
 
-#### `AUTHELIA_ISSUER`
+#### `AUTH_CASDOOR_ISSUER`
 
 - Type: Required
-- Description: Issuer of the Authelia provider application.
+- Description: OpenID Connect issuer provided by Casdoor
 - Default: `-`
-- Example: `https://sso.example.com`
+- Example: `https://lobe-auth-api.example.com/`
 
 ### Cloudflare Zero Trust
 
-#### `CLOUDFLARE_ZERO_TRUST_CLIENT_ID`
+#### `AUTH_CLOUDFLARE_ZERO_TRUST_CLIENT_ID`
 
 - Type: Required
 - Description: Client ID of the Cloudflare Zero Trust provider application.
 - Default: `-`
 - Example: `711963a58df8c943cfd6c487cac99ce9f6ee0c88c0b7bf94584b8ff052fcb09c`
 
-#### `CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET`
+#### `AUTH_CLOUDFLARE_ZERO_TRUST_CLIENT_SECRET`
 
 - Type: Required
 - Description: The plaintext of the Client Secret for the Cloudflare Zero Trust provider
 - Default: `-`
 - Example: `8f26d4ef834a828045b401e032ae128dbb00471bca53f0d25332323f525dfa30`
 
-#### `CLOUDFLARE_ZERO_TRUST_ISSUER`
+#### `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER`
 
 - Type: Required
 - Description: Issuer of the Cloudflare Zero Trust provider application.
 - Default: `-`
 - Example: `https://example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/711963a58df8c943cfd6c487cac99ce9f6ee0c88c0b7bf94584b8ff052fcb09c`
 
-### Generic OIDC
+### Github
 
-#### `GENERIC_OIDC_CLIENT_ID`
+#### `AUTH_GITHUB_CLIENT_ID`
 
 - Type: Required
-- Description: Client ID of the Generic OIDC provider application.
+- Description: Client ID of the Github application. You can access it [here](https://github.com/settings/apps) and navigate to the application settings to view.
 - Default: `-`
-- Example: `_client_id_for_lobe_chat_`
+- Example: `abd94200333283550508`
 
-#### `GENERIC_OIDC_CLIENT_SECRET`
+#### `AUTH_GITHUB_CLIENT_SECRET`
 
 - Type: Required
-- Description: The plaintext of the Client Secret for the Generic OIDC provider
+- Description: Client Secret of the Github application.
 - Default: `-`
-- Example: `_client_secret_for_lobe_chat_`
+- Example: `dd262976ac0931d947e104891586a053f3d3750b`
 
-#### `GENERIC_OIDC_ISSUER`
+### Logto
+
+#### `AUTH_LOGTO_CLIENT_ID`
 
 - Type: Required
-- Description: Issuer of the Generic OIDC provider application.
-- Default: `-`
-- Example: `https://sso.example.com`
+- Description: The Client ID of the Logto application. You can find it in the Logto console for private deployment or [Logto Cloud](http://cloud.logto.io/) depending on the deployment mode.
+- Default value: `-`
+- Example: `123456789012345678@your-project`
 
-### Github
+#### `AUTH_LOGTO_CLIENT_SECRET`
+
+- Type: Required
+- Description: The Client Secret of the Logto application.
+- Default value: `-`
+- Example: `9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A`
 
-#### `GITHUB_CLIENT_ID`
+#### `AUTH_LOGTO_ISSUER`
 
 - Type: Required
-- Description: Client ID of the Github application. You can access it [here](https://github.com/settings/apps) and navigate to the application settings to view.
+- Description: The OpenID Connect issuer of the Logto application. You can find it in the Logto console for private deployment or [Logto Cloud](http://cloud.logto.io/) depending on the deployment mode.
+- Default value: `-`
+- Example: `https://lobe-auth-api.example.com/oidc`
+
+### Microsoft Entra ID
+
+#### `AUTH_AZURE_AD_CLIENT_ID`
+
+- Type: Required
+- Description: Client ID of the Microsoft Entra ID application.
 - Default: `-`
-- Example: `abd94200333283550508`
+- Example: `be8f6da1-58c3-4f16-ff1b-78f5148e10df`
 
-#### `GITHUB_CLIENT_SECRET`
+#### `AUTH_AZURE_AD_CLIENT_SECRET`
 
 - Type: Required
-- Description: Client Secret of the Github application.
+- Description: Client Secret of the Microsoft Entra ID application.
 - Default: `-`
-- Example: `dd262976ac0931d947e104891586a053f3d3750b`
+- Example: `~gI8Q.pTiN1vwB6Gl.E1yFT1ojcXABkdACfJXaNj`
+
+#### `AUTH_AZURE_AD_TENANT_ID`
+
+- Type: Required
+- Description: Tenant ID of the Microsoft Entra ID application.
+- Default: `-`
+- Example: `c8ae2f36-edf6-4cda-96b9-d3e198a47cba`
 
 ### ZITADEL
 
-#### `ZITADEL_CLIENT_ID`
+#### `AUTH_ZITADEL_CLIENT_ID`
 
 - Type: Required
 - Description: Client ID of the ZITADEL application. This can be found under your application in the ZITADEL console.
 - Default: `-`
 - Example: `123456789012345678@your-project`
 
-#### `ZITADEL_CLIENT_SECRET`
+#### `AUTH_ZITADEL_CLIENT_SECRET`
 
 - Type: Required
 - Description: Client Secret of the ZITADEL application.
 - Default: `-`
 - Example: `9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A`
 
-#### `ZITADEL_ISSUER`
+#### `AUTH_ZITADEL_ISSUER`
 
 - Type: Required
 - Description: Issuer of the ZITADEL application. This is usually the URL of the ZITADEL instance, and can be found in `URLs` tab of your application in the console.
 - Default: `-`
 - Example: `https://your-instance-abc123.zitadel.cloud`
 
-#### `LOGTO_CLIENT_ID`
+### Generic OIDC
+
+#### `GENERIC_OIDC_CLIENT_ID`
 
 - Type: Required
-- Description: The Client ID of the Logto application. You can find it in the Logto console for private deployment or [Logto Cloud](http://cloud.logto.io/) depending on the deployment mode.
-- Default value: `-`
-- Example: `123456789012345678@your-project`
+- Description: Client ID of the Generic OIDC provider application.
+- Default: `-`
+- Example: `_client_id_for_lobe_chat_`
 
-#### `LOGTO_CLIENT_SECRET`
+#### `GENERIC_OIDC_CLIENT_SECRET`
 
 - Type: Required
-- Description: The Client Secret of the Logto application.
-- Default value: `-`
-- Example: `9QF1n5ATzU7Z3mHp2Iw4gKX8kY6oR7uW1DnKcV3LqX2jF6iG3fBmJ1kV7nS5zE6A`
+- Description: The plaintext of the Client Secret for the Generic OIDC provider
+- Default: `-`
+- Example: `_client_secret_for_lobe_chat_`
 
-#### `LOGTO_ISSUER`
+#### `GENERIC_OIDC_ISSUER`
 
 - Type: Required
-- Description: The OpenID Connect issuer of the Logto application. You can find it in the Logto console for private deployment or [Logto Cloud](http://cloud.logto.io/) depending on the deployment mode.
-- Default value: `-`
-- Example: `https://lobe-auth-api.example.com/oidc`
+- Description: Issuer of the Generic OIDC provider application.
+- Default: `-`
+- Example: `https://sso.example.com`
 
 <Callout>
   Currently, we only support providers above. If you need to use other identity verification service