npm - @lobehub/lobehub - Versions diffs - 2.0.0-next.331 → 2.0.0-next.333 - Mend

@lobehub/lobehub 2.0.0-next.331 → 2.0.0-next.333

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/docs/self-hosting/advanced/auth/better-auth/microsoft.mdx ADDED Viewed

@@ -0,0 +1,113 @@
+---
+title: Configuring Microsoft Authentication for LobeChat
+description: >-
+  Learn how to configure Microsoft (Entra ID / Azure AD) SSO for LobeChat,
+  including creating applications in Azure Portal and setting up environment
+  variables.
+tags:
+  - Microsoft
+  - Authentication
+  - Azure AD
+  - LobeChat
+  - Single Sign-On
+---
+# Configuring Microsoft Authentication
+<Steps>
+  ### Create a Microsoft Entra ID Application
+  1. Go to [Microsoft Entra Admin Center](https://entra.microsoft.com/)
+  2. Navigate to **Identity** > **Applications** > **App registrations** > **New registration**
+  3. Fill in the application name
+  4. Choose supported account types:
+     - **Single tenant**: Only users in your organization
+     - **Multitenant**: Users in any Azure AD organization
+     - **Multitenant + personal**: Also includes personal Microsoft accounts
+  <Image alt="App Register" inStep src="https://github.com/lobehub/lobe-chat/assets/13883964/4f9d83bd-b3fc-4abc-bcf4-ccbad65c219d" />
+  ### Configure Redirect URI
+  In the **Redirect URI** section:
+  1. Select **Web** as the platform
+  2. Enter the callback URL
+  <Callout type={'info'}>
+    Callback URL format:
+    - Local development: `http://localhost:3210/api/auth/callback/microsoft`
+    - Production: `https://your-domain.com/api/auth/callback/microsoft`
+  </Callout>
+  Click **Register**.
+  ### Get Application Credentials
+  After creation, view the **Overview** tab:
+  <Image alt="App Overview" inStep src="https://github.com/lobehub/lobe-chat/assets/13883964/48a0b702-05bd-4ce4-a007-a8ad00a36e5a" />
+  Note down:
+  - **Application (client) ID** - This is your `AUTH_MICROSOFT_ID`
+  - **Directory (tenant) ID** - Needed for single-tenant apps
+  ### Create Client Secret
+  1. Go to **Certificates & secrets** > **Client secrets**
+  2. Click **New client secret**
+  3. Fill in description and select expiration time
+  4. Click **Add**
+  <Image alt="Create App Client Secret" inStep src="https://github.com/lobehub/lobe-chat/assets/13883964/c9d66fa0-158c-4bd3-a1fa-969e638259d2" />
+  <Callout type={'warning'}>
+    Copy the client secret **Value** immediately - you won't be able to see it
+    again.
+  </Callout>
+  ### Configure Environment Variables
+  | Environment Variable             | Type     | Description                                                     |
+  | -------------------------------- | -------- | --------------------------------------------------------------- |
+  | `AUTH_SECRET`                    | Required | Session encryption key, generate with `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | Required | Set to `microsoft`                                              |
+  | `AUTH_MICROSOFT_ID`              | Required | Application (client) ID                                         |
+  | `AUTH_MICROSOFT_SECRET`          | Required | Client secret value                                             |
+  <Callout type={'info'}>
+    **Alternative Environment Variables**: For backward compatibility, these
+    aliases are also supported:
+    - `AUTH_MICROSOFT_ENTRA_ID_ID` / `AUTH_MICROSOFT_ENTRA_ID_SECRET`
+    - `AUTH_AZURE_AD_ID` / `AUTH_AZURE_AD_SECRET`
+    - `AZURE_AD_CLIENT_ID` / `AZURE_AD_CLIENT_SECRET`
+  </Callout>
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#microsoft)
+    for detailed information.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with Microsoft
+  and use LobeChat.
+</Callout>
+## Common Issues
+### Tenant Configuration
+By default, LobeChat uses `common` tenant which allows both organizational and personal Microsoft accounts. If you need single-tenant configuration, you may need to customize the tenant settings.
+### Client Secret Expiration
+Microsoft client secrets have a maximum validity of 24 months. Remember to rotate secrets before they expire.
+## Related Resources
+- [Microsoft Entra Admin Center](https://entra.microsoft.com/)
+- [Quickstart: Register an application](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app)

package/docs/self-hosting/advanced/auth/better-auth/microsoft.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,109 @@
+---
+title: 在 LobeChat 中配置 Microsoft 身份验证
+description: >-
+  学习如何在 LobeChat 中配置 Microsoft (Entra ID / Azure AD) SSO，包括在 Azure Portal
+  创建应用和设置环境变量。
+tags:
+  - Microsoft
+  - 身份验证
+  - Azure AD
+  - LobeChat
+  - 单点登录
+---
+# 配置 Microsoft 身份验证
+<Steps>
+  ### 创建 Microsoft Entra ID 应用
+  1. 前往 [Microsoft Entra 管理中心](https://entra.microsoft.com/)
+  2. 导航到 **Identity** > **Applications** > **App registrations** > **New registration**
+  3. 填写应用名称
+  4. 选择支持的帐户类型：
+     - **Single tenant**：仅限组织内用户
+     - **Multitenant**：任何 Azure AD 组织的用户
+     - **Multitenant + personal**：也包括个人 Microsoft 帐户
+  <Image alt="应用注册" inStep src="https://github.com/lobehub/lobe-chat/assets/13883964/4f9d83bd-b3fc-4abc-bcf4-ccbad65c219d" />
+  ### 配置重定向 URI
+  在 **Redirect URI** 部分：
+  1. 选择 **Web** 作为平台
+  2. 输入回调 URL
+  <Callout type={'info'}>
+    回调 URL 格式：
+    - 本地开发: `http://localhost:3210/api/auth/callback/microsoft`
+    - 生产环境: `https://your-domain.com/api/auth/callback/microsoft`
+  </Callout>
+  点击 **Register**。
+  ### 获取应用凭证
+  创建后，查看 **Overview** 标签页：
+  <Image alt="应用概览" inStep src="https://github.com/lobehub/lobe-chat/assets/13883964/48a0b702-05bd-4ce4-a007-a8ad00a36e5a" />
+  记录：
+  - **Application (client) ID** - 即 `AUTH_MICROSOFT_ID`
+  - **Directory (tenant) ID** - 单租户应用需要
+  ### 创建客户端密钥
+  1. 前往 **Certificates & secrets** > **Client secrets**
+  2. 点击 **New client secret**
+  3. 填写描述并选择过期时间
+  4. 点击 **Add**
+  <Image alt="创建客户端密钥" inStep src="https://github.com/lobehub/lobe-chat/assets/13883964/c9d66fa0-158c-4bd3-a1fa-969e638259d2" />
+  <Callout type={'warning'}>
+    立即复制客户端密钥的 **Value** - 之后将无法再次查看。
+  </Callout>
+  ### 配置环境变量
+  | 环境变量                             | 类型 | 描述                                     |
+  | -------------------------------- | -- | -------------------------------------- |
+  | `AUTH_SECRET`                    | 必选 | 会话加密密钥，使用 `openssl rand -base64 32` 生成 |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | 填写 `microsoft`                         |
+  | `AUTH_MICROSOFT_ID`              | 必选 | Application (client) ID                |
+  | `AUTH_MICROSOFT_SECRET`          | 必选 | 客户端密钥值                                 |
+  <Callout type={'info'}>
+    **兼容的环境变量**：为了向后兼容，以下别名也支持：
+    - `AUTH_MICROSOFT_ENTRA_ID_ID` / `AUTH_MICROSOFT_ENTRA_ID_SECRET`
+    - `AUTH_AZURE_AD_ID` / `AUTH_AZURE_AD_SECRET`
+    - `AZURE_AD_CLIENT_ID` / `AZURE_AD_CLIENT_SECRET`
+  </Callout>
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#microsoft)
+    可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  部署成功后，用户将可以通过 Microsoft 身份认证并使用 LobeChat。
+</Callout>
+## 常见问题
+### 租户配置
+默认情况下，LobeChat 使用 `common` 租户，允许组织帐户和个人 Microsoft 帐户登录。如果需要单租户配置，可能需要自定义租户设置。
+### 客户端密钥过期
+Microsoft 客户端密钥最长有效期为 24 个月。请记得在过期前轮换密钥。
+## 相关资源
+- [Microsoft Entra 管理中心](https://entra.microsoft.com/)
+- [快速入门：注册应用](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app)

package/docs/self-hosting/advanced/auth/better-auth/okta.mdx ADDED Viewed

@@ -0,0 +1,67 @@
+---
+title: Configuring Okta Authentication for LobeChat
+description: >-
+  Learn how to configure Okta SSO for LobeChat, including creating an
+  application and setting up environment variables.
+tags:
+  - Okta
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+  - OIDC
+---
+# Configuring Okta Authentication
+[Okta](https://www.okta.com/) is a leading identity and access management platform.
+<Steps>
+  ### Create Application in Okta
+  1. Log in to Okta Admin Console
+  2. Go to **Applications** > **Applications**
+  3. Click **Create App Integration**
+  4. Select:
+     - Sign-in method: **OIDC - OpenID Connect**
+     - Application type: **Web Application**
+  5. Configure the application:
+     - App integration name: `LobeChat`
+     - Sign-in redirect URIs: Add your callback URL
+  <Callout type={'info'}>
+    **Callback URL Format**: `https://your-domain.com/api/auth/callback/okta`
+  </Callout>
+  6. After creation, note down the **Client ID** and **Client Secret**
+  ### Get Issuer URL
+  The issuer URL is typically: `https://your-okta-domain.okta.com`
+  For custom authorization servers: `https://your-okta-domain.okta.com/oauth2/default`
+  ### Configure Environment Variables
+  When deploying LobeChat, you need to configure the following environment variables:
+  | Environment Variable             | Type     | Description                                                                   |
+  | -------------------------------- | -------- | ----------------------------------------------------------------------------- |
+  | `AUTH_SECRET`                    | Required | Key used to encrypt session tokens. Generate using: `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | Required | SSO provider for LobeChat. Use `okta` for Okta                                |
+  | `AUTH_OKTA_ID`                   | Required | Client ID from Okta application                                               |
+  | `AUTH_OKTA_SECRET`               | Required | Client Secret from Okta application                                           |
+  | `AUTH_OKTA_ISSUER`               | Required | Okta issuer URL (e.g., `https://your-okta-domain.okta.com`)                   |
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#okta) for detailed information on these variables.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with Okta and use LobeChat.
+</Callout>
+## Related Resources
+- [Okta Developer Documentation](https://developer.okta.com/docs/)
+- [Create OIDC App Integration](https://developer.okta.com/docs/guides/implement-grant-type/authcode/main/)

package/docs/self-hosting/advanced/auth/better-auth/okta.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,63 @@
+---
+title: 在 LobeChat 中配置 Okta 身份验证
+description: 学习如何在 LobeChat 中配置 Okta SSO，包括创建应用和设置环境变量。
+tags:
+  - Okta
+  - 身份验证
+  - LobeChat
+  - 单点登录
+  - OIDC
+---
+# 配置 Okta 身份验证
+[Okta](https://www.okta.com/) 是领先的身份和访问管理平台。
+<Steps>
+  ### 在 Okta 中创建应用
+  1. 登录 Okta 管理控制台
+  2. 前往 **Applications** > **Applications**
+  3. 点击 **Create App Integration**
+  4. 选择：
+     - Sign-in method: **OIDC - OpenID Connect**
+     - Application type: **Web Application**
+  5. 配置应用：
+     - App integration name: `LobeChat`
+     - Sign-in redirect URIs: 添加回调 URL
+  <Callout type={'info'}>
+    **回调 URL 格式**: `https://your-domain.com/api/auth/callback/okta`
+  </Callout>
+  6. 创建后，记下 **Client ID** 和 **Client Secret**
+  ### 获取 Issuer URL
+  Issuer URL 通常为：`https://your-okta-domain.okta.com`
+  对于自定义授权服务器：`https://your-okta-domain.okta.com/oauth2/default`
+  ### 配置环境变量
+  在部署 LobeChat 时，你需要配置以下环境变量：
+  | 环境变量                             | 类型 | 描述                                                      |
+  | -------------------------------- | -- | ------------------------------------------------------- |
+  | `AUTH_SECRET`                    | 必选 | 用于加密会话令牌的密钥。使用以下命令生成：`openssl rand -base64 32`          |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | SSO 提供商。使用 Okta 请填写 `okta`                              |
+  | `AUTH_OKTA_ID`                   | 必选 | Okta 应用的 Client ID                                      |
+  | `AUTH_OKTA_SECRET`               | 必选 | Okta 应用的 Client Secret                                  |
+  | `AUTH_OKTA_ISSUER`               | 必选 | Okta Issuer URL（例如 `https://your-okta-domain.okta.com`） |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#okta) 可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>部署成功后，用户将可以通过 Okta 身份认证并使用 LobeChat。</Callout>
+## 相关资源
+- [Okta 开发者文档](https://developer.okta.com/docs/)
+- [创建 OIDC 应用集成](https://developer.okta.com/docs/guides/implement-grant-type/authcode/main/)

package/docs/self-hosting/advanced/auth/better-auth/wechat.mdx ADDED Viewed

@@ -0,0 +1,77 @@
+---
+title: Configuring WeChat Authentication for LobeChat
+description: >-
+  Learn how to configure WeChat SSO for LobeChat, including creating an
+  application on WeChat Open Platform.
+tags:
+  - WeChat
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+---
+# Configuring WeChat Authentication
+[WeChat Open Platform](https://open.weixin.qq.com/) enables third-party applications to integrate WeChat login.
+<Callout type={'warning'}>
+  WeChat Web Login requires a verified WeChat Open Platform account and an
+  approved website application. This process requires business verification in
+  China.
+</Callout>
+<Steps>
+  ### Create Website Application on WeChat Open Platform
+  1. Go to [WeChat Open Platform](https://open.weixin.qq.com/)
+  2. Register and verify your developer account
+  3. Go to **Management Center** > **Website Application**
+  4. Click **Create Website Application**
+  5. Fill in the application information and submit for review
+  ### Configure OAuth Settings
+  After your application is approved:
+  1. Go to your application settings
+  2. In **Website Information**, configure the callback domain
+  <Callout type={'info'}>
+    Callback domain format:
+    - **Callback Domain**: `your-domain.com` (without protocol or path)
+    - **Full Callback URL**: `https://your-domain.com/api/auth/callback/wechat`
+  </Callout>
+  3. Note down the **AppID** and **AppSecret**
+  ### Configure Environment Variables
+  | Environment Variable             | Type     | Description                                                     |
+  | -------------------------------- | -------- | --------------------------------------------------------------- |
+  | `AUTH_SECRET`                    | Required | Session encryption key, generate with `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | Required | Set to `wechat`                                                 |
+  | `AUTH_WECHAT_ID`                 | Required | AppID from WeChat Open Platform                                 |
+  | `AUTH_WECHAT_SECRET`             | Required | AppSecret from WeChat Open Platform                             |
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#wechat)
+    for detailed information.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with WeChat
+  and use LobeChat.
+</Callout>
+## Notes
+- WeChat login uses QR code scanning, users need to use WeChat mobile app
+- A verified WeChat Open Platform account is required
+- The callback domain must be filed with ICP in China
+## Related Resources
+- [WeChat Open Platform](https://open.weixin.qq.com/)
+- [WeChat Login Documentation](https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html)

package/docs/self-hosting/advanced/auth/better-auth/wechat.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,72 @@
+---
+title: 在 LobeChat 中配置微信身份验证
+description: 学习如何在 LobeChat 中配置微信 SSO，包括在微信开放平台创建应用。
+tags:
+  - 微信
+  - 身份验证
+  - LobeChat
+  - 单点登录
+---
+# 配置微信身份验证
+[微信开放平台](https://open.weixin.qq.com/) 支持第三方应用接入微信登录功能。
+<Callout type={'warning'}>
+  微信网页登录需要经过认证的微信开放平台账号，以及通过微信审核的网站应用。此流程需要在中国进行企业认证。
+</Callout>
+<Steps>
+  ### 在微信开放平台创建网站应用
+  1. 前往 [微信开放平台](https://open.weixin.qq.com/)
+  2. 注册并验证开发者账号
+  3. 前往 **管理中心** > **网站应用**
+  4. 点击 **创建网站应用**
+  5. 填写应用信息并提交审核
+  ### 配置 OAuth 设置
+  应用审核通过后：
+  1. 进入应用设置
+  2. 在 **网站信息** 中配置回调域名
+  <Callout type={'info'}>
+    回调域名格式：
+    - **回调域名**: `your-domain.com`（不含协议和路径）
+    - **完整回调 URL**: `https://your-domain.com/api/auth/callback/wechat`
+  </Callout>
+  3. 记下 **AppID** 和 **AppSecret**
+  ### 配置环境变量
+  | 环境变量                             | 类型 | 描述                                     |
+  | -------------------------------- | -- | -------------------------------------- |
+  | `AUTH_SECRET`                    | 必选 | 会话加密密钥，使用 `openssl rand -base64 32` 生成 |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | 填写 `wechat`                            |
+  | `AUTH_WECHAT_ID`                 | 必选 | 微信开放平台的 AppID                          |
+  | `AUTH_WECHAT_SECRET`             | 必选 | 微信开放平台的 AppSecret                      |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#wechat)
+    可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  部署成功后，用户将可以通过微信身份认证并使用 LobeChat。
+</Callout>
+## 注意事项
+- 微信登录使用扫码方式，用户需要使用微信手机端扫码
+- 需要经过认证的微信开放平台账号
+- 回调域名需要在中国进行 ICP 备案
+## 相关资源
+- [微信开放平台](https://open.weixin.qq.com/)
+- [微信登录文档](https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html)

package/docs/self-hosting/advanced/auth/better-auth/zitadel.mdx ADDED Viewed

@@ -0,0 +1,73 @@
+---
+title: Configuring ZITADEL Authentication for LobeChat
+description: >-
+  Learn how to configure ZITADEL SSO for LobeChat, including creating an
+  application and setting up environment variables.
+tags:
+  - ZITADEL
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+  - OIDC
+---
+# Configuring ZITADEL Authentication
+[ZITADEL](https://zitadel.com/) is an open-source identity infrastructure with built-in multi-tenancy.
+<Steps>
+  ### Create Application in ZITADEL
+  1. Log in to ZITADEL Console
+  2. Go to your project (or create a new one)
+  3. Click **New** to create a new application
+  4. Select **Web** as the application type
+  5. Configure:
+     - Name: `LobeChat`
+     - Authentication Method: `CODE` (for confidential clients)
+  6. Add redirect URI:
+  <Callout type={'info'}>
+    **Callback URL Format**: `https://your-domain.com/api/auth/callback/zitadel`
+  </Callout>
+  7. After creation, note down the **Client ID** and generate a **Client Secret**
+  ### Get Issuer URL
+  The issuer URL is your ZITADEL instance URL, typically:
+  - Cloud: `https://your-instance.zitadel.cloud`
+  - Self-hosted: `https://your-zitadel-domain`
+  ### Configure Environment Variables
+  When deploying LobeChat, you need to configure the following environment variables:
+  | Environment Variable             | Type     | Description                                                                   |
+  | -------------------------------- | -------- | ----------------------------------------------------------------------------- |
+  | `AUTH_SECRET`                    | Required | Key used to encrypt session tokens. Generate using: `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | Required | SSO provider for LobeChat. Use `zitadel` for ZITADEL                          |
+  | `AUTH_ZITADEL_ID`                | Required | Client ID from ZITADEL application                                            |
+  | `AUTH_ZITADEL_SECRET`            | Required | Client Secret from ZITADEL application                                        |
+  | `AUTH_ZITADEL_ISSUER`            | Required | ZITADEL issuer URL (e.g., `https://your-instance.zitadel.cloud`)              |
+  <Callout type={'info'}>
+    **Alternative Environment Variables**: For backward compatibility, the following aliases are also supported:
+    - `ZITADEL_CLIENT_ID` / `ZITADEL_CLIENT_SECRET` / `ZITADEL_ISSUER`
+  </Callout>
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#zitadel) for detailed information on these variables.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with ZITADEL and use LobeChat.
+</Callout>
+## Related Resources
+- [ZITADEL Documentation](https://zitadel.com/docs)
+- [ZITADEL Application Setup](https://zitadel.com/docs/guides/integrate/login-users)

package/docs/self-hosting/advanced/auth/better-auth/zitadel.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,69 @@
+---
+title: 在 LobeChat 中配置 ZITADEL 身份验证
+description: 学习如何在 LobeChat 中配置 ZITADEL SSO，包括创建应用和设置环境变量。
+tags:
+  - ZITADEL
+  - 身份验证
+  - LobeChat
+  - 单点登录
+  - OIDC
+---
+# 配置 ZITADEL 身份验证
+[ZITADEL](https://zitadel.com/) 是一个开源的身份基础设施，内置多租户支持。
+<Steps>
+  ### 在 ZITADEL 中创建应用
+  1. 登录 ZITADEL 控制台
+  2. 前往你的项目（或创建新项目）
+  3. 点击 **New** 创建新应用
+  4. 选择 **Web** 作为应用类型
+  5. 配置：
+     - Name: `LobeChat`
+     - Authentication Method: `CODE`（用于机密客户端）
+  6. 添加重定向 URI：
+  <Callout type={'info'}>
+    **回调 URL 格式**: `https://your-domain.com/api/auth/callback/zitadel`
+  </Callout>
+  7. 创建后，记下 **Client ID** 并生成 **Client Secret**
+  ### 获取 Issuer URL
+  Issuer URL 是 ZITADEL 实例 URL，通常为：
+  - 云版：`https://your-instance.zitadel.cloud`
+  - 自托管：`https://your-zitadel-domain`
+  ### 配置环境变量
+  在部署 LobeChat 时，你需要配置以下环境变量：
+  | 环境变量                             | 类型 | 描述                                                           |
+  | -------------------------------- | -- | ------------------------------------------------------------ |
+  | `AUTH_SECRET`                    | 必选 | 用于加密会话令牌的密钥。使用以下命令生成：`openssl rand -base64 32`               |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | SSO 提供商。使用 ZITADEL 请填写 `zitadel`                             |
+  | `AUTH_ZITADEL_ID`                | 必选 | ZITADEL 应用的 Client ID                                        |
+  | `AUTH_ZITADEL_SECRET`            | 必选 | ZITADEL 应用的 Client Secret                                    |
+  | `AUTH_ZITADEL_ISSUER`            | 必选 | ZITADEL Issuer URL（例如 `https://your-instance.zitadel.cloud`） |
+  <Callout type={'info'}>
+    **兼容的环境变量**：为了向后兼容，以下别名也支持：
+    - `ZITADEL_CLIENT_ID` / `ZITADEL_CLIENT_SECRET` / `ZITADEL_ISSUER`
+  </Callout>
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#zitadel) 可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>部署成功后，用户将可以通过 ZITADEL 身份认证并使用 LobeChat。</Callout>
+## 相关资源
+- [ZITADEL 文档](https://zitadel.com/docs)
+- [ZITADEL 应用设置](https://zitadel.com/docs/guides/integrate/login-users)

package/docs/self-hosting/advanced/auth/clerk.mdx CHANGED Viewed

@@ -1,8 +1,8 @@
 ---
 title: Configure Clerk Authentication Service - Step-by-Step Guide
 description: >-
-  Learn how to set up Clerk authentication with environment variables and webhooks.
+  Learn how to set up Clerk authentication with environment variables and
+  webhooks.
 tags:
   - Clerk Authentication
   - Environment Variables