npm - @lobehub/lobehub - Versions diffs - 2.0.0-next.332 → 2.0.0-next.333 - Mend

@lobehub/lobehub 2.0.0-next.332 → 2.0.0-next.333

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/docs/self-hosting/advanced/auth/better-auth/casdoor.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,58 @@
+---
+title: 在 LobeChat 中配置 Casdoor 身份验证
+description: 学习如何在 LobeChat 中配置 Casdoor SSO，包括创建应用和设置环境变量。
+tags:
+  - Casdoor
+  - 身份验证
+  - LobeChat
+  - 单点登录
+  - OIDC
+---
+# 配置 Casdoor 身份验证
+[Casdoor](https://casdoor.org/) 是一个开源的身份访问管理 (IAM) 平台，提供 Web UI 支持单点登录。
+<Steps>
+  ### 在 Casdoor 中创建应用
+  1. 登录 Casdoor 管理控制台
+  2. 前往 **Applications**，点击 **Add**
+  3. 配置应用：
+     - Name: `LobeChat`
+     - Organization: 选择你的组织
+     - Redirect URLs: 添加回调 URL
+  <Callout type={'info'}>
+    **回调 URL 格式**: `https://your-domain.com/api/auth/callback/casdoor`
+  </Callout>
+  4. 保存并记下 **Client ID** 和 **Client Secret**
+  ### 获取 Issuer URL
+  Issuer URL 是 Casdoor 服务器 URL，通常为：`https://your-casdoor-domain`
+  ### 配置环境变量
+  在部署 LobeChat 时，你需要配置以下环境变量：
+  | 环境变量                             | 类型 | 描述                                                |
+  | -------------------------------- | -- | ------------------------------------------------- |
+  | `AUTH_SECRET`                    | 必选 | 用于加密会话令牌的密钥。使用以下命令生成：`openssl rand -base64 32`    |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | SSO 提供商。使用 Casdoor 请填写 `casdoor`                  |
+  | `AUTH_CASDOOR_ID`                | 必选 | Casdoor 应用的 Client ID                             |
+  | `AUTH_CASDOOR_SECRET`            | 必选 | Casdoor 应用的 Client Secret                         |
+  | `AUTH_CASDOOR_ISSUER`            | 必选 | Casdoor 服务器 URL（例如 `https://your-casdoor-domain`） |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#casdoor) 可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>部署成功后，用户将可以通过 Casdoor 身份认证并使用 LobeChat。</Callout>
+## 相关资源
+- [Casdoor 文档](https://casdoor.org/docs/overview)
+- [Casdoor 应用配置](https://casdoor.org/docs/application/config)

package/docs/self-hosting/advanced/auth/better-auth/cloudflare-zero-trust.mdx ADDED Viewed

@@ -0,0 +1,59 @@
+---
+title: Configuring Cloudflare Zero Trust Authentication for LobeChat
+description: >-
+  Learn how to configure Cloudflare Zero Trust SSO for LobeChat, including
+  creating an Access application.
+tags:
+  - Cloudflare Zero Trust
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+  - OIDC
+---
+# Configuring Cloudflare Zero Trust Authentication
+[Cloudflare Zero Trust](https://www.cloudflare.com/zero-trust/) provides secure access to your applications without a VPN.
+<Steps>
+  ### Create Access Application
+  1. Log in to [Cloudflare Zero Trust Dashboard](https://one.dash.cloudflare.com/)
+  2. Go to **Access** > **Applications**
+  3. Click **Add an application** and select **SaaS**
+  4. Configure the application:
+     - Application name: `LobeChat`
+     - Select OIDC as the authentication protocol
+     - Add the callback URL in redirect URIs
+  <Callout type={'info'}>
+    **Callback URL Format**: `https://your-domain.com/api/auth/callback/cloudflare-zero-trust`
+  </Callout>
+  5. Note down the **Client ID**, **Client Secret**, and **Issuer URL**
+  ### Configure Environment Variables
+  When deploying LobeChat, you need to configure the following environment variables:
+  | Environment Variable                | Type     | Description                                                                   |
+  | ----------------------------------- | -------- | ----------------------------------------------------------------------------- |
+  | `AUTH_SECRET`                       | Required | Key used to encrypt session tokens. Generate using: `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`                | Required | SSO provider for LobeChat. Use `cloudflare-zero-trust`                        |
+  | `AUTH_CLOUDFLARE_ZERO_TRUST_ID`     | Required | Client ID from Cloudflare Access                                              |
+  | `AUTH_CLOUDFLARE_ZERO_TRUST_SECRET` | Required | Client Secret from Cloudflare Access                                          |
+  | `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER` | Required | Issuer URL (e.g., `https://your-team.cloudflareaccess.com`)                   |
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#cloudflare-zero-trust) for detailed information on these variables.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with Cloudflare Zero Trust and use LobeChat.
+</Callout>
+## Related Resources
+- [Cloudflare Zero Trust Documentation](https://developers.cloudflare.com/cloudflare-one/)
+- [Configure OIDC Application](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/generic-oidc/)

package/docs/self-hosting/advanced/auth/better-auth/cloudflare-zero-trust.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,55 @@
+---
+title: 在 LobeChat 中配置 Cloudflare Zero Trust 身份验证
+description: 学习如何在 LobeChat 中配置 Cloudflare Zero Trust SSO，包括创建 Access 应用。
+tags:
+  - Cloudflare Zero Trust
+  - 身份验证
+  - LobeChat
+  - 单点登录
+  - OIDC
+---
+# 配置 Cloudflare Zero Trust 身份验证
+[Cloudflare Zero Trust](https://www.cloudflare.com/zero-trust/) 无需 VPN 即可提供应用程序的安全访问。
+<Steps>
+  ### 创建 Access 应用
+  1. 登录 [Cloudflare Zero Trust Dashboard](https://one.dash.cloudflare.com/)
+  2. 前往 **Access** > **Applications**
+  3. 点击 **Add an application**，选择 **SaaS**
+  4. 配置应用：
+     - Application name: `LobeChat`
+     - 选择 OIDC 作为认证协议
+     - 在 redirect URIs 中添加回调 URL
+  <Callout type={'info'}>
+    **回调 URL 格式**: `https://your-domain.com/api/auth/callback/cloudflare-zero-trust`
+  </Callout>
+  5. 记下 **Client ID**、**Client Secret** 和 **Issuer URL**
+  ### 配置环境变量
+  在部署 LobeChat 时，你需要配置以下环境变量：
+  | 环境变量                                | 类型 | 描述                                                      |
+  | ----------------------------------- | -- | ------------------------------------------------------- |
+  | `AUTH_SECRET`                       | 必选 | 用于加密会话令牌的密钥。使用以下命令生成：`openssl rand -base64 32`          |
+  | `AUTH_SSO_PROVIDERS`                | 必选 | SSO 提供商。填写 `cloudflare-zero-trust`                      |
+  | `AUTH_CLOUDFLARE_ZERO_TRUST_ID`     | 必选 | Cloudflare Access 的 Client ID                           |
+  | `AUTH_CLOUDFLARE_ZERO_TRUST_SECRET` | 必选 | Cloudflare Access 的 Client Secret                       |
+  | `AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER` | 必选 | Issuer URL（例如 `https://your-team.cloudflareaccess.com`） |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#cloudflare-zero-trust) 可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>部署成功后，用户将可以通过 Cloudflare Zero Trust 身份认证并使用 LobeChat。</Callout>
+## 相关资源
+- [Cloudflare Zero Trust 文档](https://developers.cloudflare.com/cloudflare-one/)
+- [配置 OIDC 应用](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/generic-oidc/)

package/docs/self-hosting/advanced/auth/better-auth/cognito.mdx ADDED Viewed

@@ -0,0 +1,88 @@
+---
+title: Configuring AWS Cognito Authentication for LobeChat
+description: >-
+  Learn how to configure AWS Cognito SSO for LobeChat, including creating a User
+  Pool and App Client in AWS Console.
+tags:
+  - AWS Cognito
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+---
+# Configuring AWS Cognito Authentication
+<Steps>
+  ### Create a Cognito User Pool
+  1. Go to [AWS Cognito Console](https://console.aws.amazon.com/cognito/)
+  2. Click **Create user pool**
+  3. Configure sign-in experience:
+     - Select **Email** as the sign-in option
+     - Configure password policy and MFA settings as needed
+     - Configure user account recovery options
+  ### Configure App Client
+  In the **App integration** section:
+  1. Click **Add an app client**
+  2. Select **Confidential client** as the app type
+  3. Enter a name for the app client
+  4. Under **OAuth 2.0 grant types**, enable **Authorization code grant**
+  5. Under **OpenID Connect scopes**, select `email`, `openid`, and `profile`
+  ### Configure Callback URL
+  In the app client settings, add the callback URL:
+  <Callout type={'info'}>
+    Callback URL format:
+    - Local development: `http://localhost:3210/api/auth/callback/cognito`
+    - Production: `https://your-domain.com/api/auth/callback/cognito`
+  </Callout>
+  ### Configure Domain
+  1. Go to **App integration** > **Domain**
+  2. Configure a Cognito domain (e.g., `your-app-name`) or custom domain
+  3. Note your full domain (e.g., `your-app-name.auth.us-east-1.amazoncognito.com`)
+  ### Get Configuration Values
+  Collect the following:
+  - **Client ID**: From App client settings
+  - **Client Secret**: From App client settings (click "Show client secret")
+  - **User Pool ID**: From User pool overview (e.g., `us-east-1_XXXXXXXXX`)
+  - **Region**: AWS region (e.g., `us-east-1`)
+  - **Domain**: Your Cognito domain
+  ### Configure Environment Variables
+  | Environment Variable             | Type     | Description                                                        |
+  | -------------------------------- | -------- | ------------------------------------------------------------------ |
+  | `AUTH_SECRET`                    | Required | Session encryption key, generate with `openssl rand -base64 32`    |
+  | `AUTH_SSO_PROVIDERS`             | Required | Set to `cognito`                                                   |
+  | `AUTH_COGNITO_ID`                | Required | App Client ID                                                      |
+  | `AUTH_COGNITO_SECRET`            | Required | App Client Secret                                                  |
+  | `AUTH_COGNITO_DOMAIN`            | Required | Cognito domain (e.g., `your-app.auth.us-east-1.amazoncognito.com`) |
+  | `AUTH_COGNITO_REGION`            | Required | AWS Region (e.g., `us-east-1`)                                     |
+  | `AUTH_COGNITO_USERPOOL_ID`       | Required | User Pool ID (e.g., `us-east-1_XXXXXXXXX`)                         |
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#cognito)
+    for detailed information.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with AWS
+  Cognito and use LobeChat.
+</Callout>
+## Related Resources
+- [AWS Cognito Console](https://console.aws.amazon.com/cognito/)
+- [Amazon Cognito Documentation](https://docs.aws.amazon.com/cognito/)

package/docs/self-hosting/advanced/auth/better-auth/cognito.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,85 @@
+---
+title: 在 LobeChat 中配置 AWS Cognito 身份验证
+description: 学习如何在 LobeChat 中配置 AWS Cognito SSO，包括在 AWS Console 创建用户池和应用客户端。
+tags:
+  - AWS Cognito
+  - 身份验证
+  - LobeChat
+  - 单点登录
+---
+# 配置 AWS Cognito 身份验证
+<Steps>
+  ### 创建 Cognito 用户池
+  1. 前往 [AWS Cognito Console](https://console.aws.amazon.com/cognito/)
+  2. 点击 **Create user pool**
+  3. 配置登录体验：
+     - 选择 **Email** 作为登录选项
+     - 根据需要配置密码策略和 MFA 设置
+     - 配置用户账户恢复选项
+  ### 配置应用客户端
+  在 **App integration** 部分：
+  1. 点击 **Add an app client**
+  2. 选择 **Confidential client** 作为应用类型
+  3. 输入应用客户端名称
+  4. 在 **OAuth 2.0 grant types** 下，启用 **Authorization code grant**
+  5. 在 **OpenID Connect scopes** 下，选择 `email`、`openid` 和 `profile`
+  ### 配置回调 URL
+  在应用客户端设置中，添加回调 URL：
+  <Callout type={'info'}>
+    回调 URL 格式：
+    - 本地开发: `http://localhost:3210/api/auth/callback/cognito`
+    - 生产环境: `https://your-domain.com/api/auth/callback/cognito`
+  </Callout>
+  ### 配置域名
+  1. 前往 **App integration** > **Domain**
+  2. 配置 Cognito 域名（如 `your-app-name`）或自定义域名
+  3. 记录完整域名（如 `your-app-name.auth.us-east-1.amazoncognito.com`）
+  ### 获取配置值
+  收集以下信息：
+  - **Client ID**：来自应用客户端设置
+  - **Client Secret**：来自应用客户端设置（点击 "Show client secret"）
+  - **User Pool ID**：来自用户池概览（如 `us-east-1_XXXXXXXXX`）
+  - **Region**：AWS 区域（如 `us-east-1`）
+  - **Domain**：你的 Cognito 域名
+  ### 配置环境变量
+  | 环境变量                             | 类型 | 描述                                                        |
+  | -------------------------------- | -- | --------------------------------------------------------- |
+  | `AUTH_SECRET`                    | 必选 | 会话加密密钥，使用 `openssl rand -base64 32` 生成                    |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | 填写 `cognito`                                              |
+  | `AUTH_COGNITO_ID`                | 必选 | 应用客户端 ID                                                  |
+  | `AUTH_COGNITO_SECRET`            | 必选 | 应用客户端 Secret                                              |
+  | `AUTH_COGNITO_DOMAIN`            | 必选 | Cognito 域名（如 `your-app.auth.us-east-1.amazoncognito.com`） |
+  | `AUTH_COGNITO_REGION`            | 必选 | AWS 区域（如 `us-east-1`）                                     |
+  | `AUTH_COGNITO_USERPOOL_ID`       | 必选 | 用户池 ID（如 `us-east-1_XXXXXXXXX`）                           |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#cognito)
+    可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  部署成功后，用户将可以通过 AWS Cognito 身份认证并使用 LobeChat。
+</Callout>
+## 相关资源
+- [AWS Cognito Console](https://console.aws.amazon.com/cognito/)
+- [Amazon Cognito 文档](https://docs.aws.amazon.com/cognito/)

package/docs/self-hosting/advanced/auth/better-auth/feishu.mdx ADDED Viewed

@@ -0,0 +1,73 @@
+---
+title: Configuring Feishu (Lark) Authentication for LobeChat
+description: >-
+  Learn how to configure Feishu (Lark) SSO for LobeChat, including creating an
+  application and setting up environment variables.
+tags:
+  - Feishu
+  - Lark
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+---
+# Configuring Feishu (Lark) Authentication
+[Feishu](https://www.feishu.cn/) (also known as Lark internationally) is an enterprise collaboration platform by ByteDance.
+<Steps>
+  ### Create Application in Feishu Open Platform
+  1. Go to [Feishu Open Platform](https://open.feishu.cn/)
+  2. Click **Create App** > **Enterprise Self-built App**
+  3. Fill in the app name and description
+  4. After creation, go to **Credentials & Basic Info** to get:
+     - **App ID**
+     - **App Secret**
+  ### Configure OAuth Permissions
+  1. In app settings, go to **Security Settings**
+  2. Add the redirect URI
+  <Callout type={'info'}>
+    Callback URL format:
+    - Local development: `http://localhost:3210/api/auth/callback/feishu`
+    - Production: `https://your-domain.com/api/auth/callback/feishu`
+  </Callout>
+  3. Go to **Permissions & Scopes** and add:
+     - `contact:user.email:readonly` (read user email)
+     - `contact:user.base:readonly` (read basic user info)
+  ### Publish the Application
+  1. Go to **Version Management & Release**
+  2. Create a new version and submit for review
+  3. Once approved, publish the app
+  ### Configure Environment Variables
+  | Environment Variable             | Type     | Description                                                     |
+  | -------------------------------- | -------- | --------------------------------------------------------------- |
+  | `AUTH_SECRET`                    | Required | Session encryption key, generate with `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | Required | Set to `feishu`                                                 |
+  | `AUTH_FEISHU_APP_ID`             | Required | App ID from Feishu Open Platform                                |
+  | `AUTH_FEISHU_APP_SECRET`         | Required | App Secret from Feishu Open Platform                            |
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#feishu)
+    for detailed information.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with Feishu
+  and use LobeChat.
+</Callout>
+## Related Resources
+- [Feishu Open Platform](https://open.feishu.cn/)
+- [Feishu OAuth 2.0 Guide](https://open.feishu.cn/document/common-capabilities/sso/web-application-sso/web-app-overview)

package/docs/self-hosting/advanced/auth/better-auth/feishu.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,69 @@
+---
+title: 在 LobeChat 中配置飞书身份验证
+description: 学习如何在 LobeChat 中配置飞书 SSO，包括创建应用和设置环境变量。
+tags:
+  - 飞书
+  - 身份验证
+  - LobeChat
+  - 单点登录
+---
+# 配置飞书身份验证
+[飞书](https://www.feishu.cn/) 是字节跳动推出的企业协作平台。
+<Steps>
+  ### 在飞书开放平台创建应用
+  1. 前往 [飞书开放平台](https://open.feishu.cn/)
+  2. 点击 **创建应用** > **企业自建应用**
+  3. 填写应用名称和描述
+  4. 创建后，前往 **凭证与基础信息** 获取：
+     - **App ID**
+     - **App Secret**
+  ### 配置 OAuth 权限
+  1. 在应用设置中，前往 **安全设置**
+  2. 添加重定向 URI
+  <Callout type={'info'}>
+    回调 URL 格式：
+    - 本地开发: `http://localhost:3210/api/auth/callback/feishu`
+    - 生产环境: `https://your-domain.com/api/auth/callback/feishu`
+  </Callout>
+  3. 前往 **权限管理** 添加：
+     - `contact:user.email:readonly`（读取用户邮箱）
+     - `contact:user.base:readonly`（读取用户基本信息）
+  ### 发布应用
+  1. 前往 **版本管理与发布**
+  2. 创建新版本并提交审核
+  3. 审核通过后，发布应用
+  ### 配置环境变量
+  | 环境变量                             | 类型 | 描述                                     |
+  | -------------------------------- | -- | -------------------------------------- |
+  | `AUTH_SECRET`                    | 必选 | 会话加密密钥，使用 `openssl rand -base64 32` 生成 |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | 填写 `feishu`                            |
+  | `AUTH_FEISHU_APP_ID`             | 必选 | 飞书开放平台的 App ID                         |
+  | `AUTH_FEISHU_APP_SECRET`         | 必选 | 飞书开放平台的 App Secret                     |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#feishu)
+    可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  部署成功后，用户将可以通过飞书身份认证并使用 LobeChat。
+</Callout>
+## 相关资源
+- [飞书开放平台](https://open.feishu.cn/)
+- [飞书 OAuth 2.0 指南](https://open.feishu.cn/document/common-capabilities/sso/web-application-sso/web-app-overview)

package/docs/self-hosting/advanced/auth/better-auth/generic-oidc.mdx ADDED Viewed

@@ -0,0 +1,86 @@
+---
+title: Configuring Generic OIDC Authentication for LobeChat
+description: >-
+  Learn how to configure any OpenID Connect provider for LobeChat using Generic
+  OIDC integration.
+tags:
+  - Generic OIDC
+  - OpenID Connect
+  - Authentication
+  - LobeChat
+  - Single Sign-On
+---
+# Configuring Generic OIDC Authentication
+Use Generic OIDC to integrate LobeChat with any OpenID Connect compliant identity provider not explicitly listed in our supported providers.
+<Steps>
+  ### Configure Your OIDC Provider
+  In your identity provider's admin console:
+  1. Create a new OIDC/OAuth2 application
+  2. Set the application type to **Web Application** or **Confidential Client**
+  3. Enable required scopes: `openid`, `profile`, `email`
+  4. Note down **Client ID** and **Client Secret**
+  ### Configure Redirect URI
+  Add the callback URL to your OIDC provider:
+  <Callout type={'info'}>
+    Callback URL format:
+    - Local development: `http://localhost:3210/api/auth/callback/generic-oidc`
+    - Production: `https://your-domain.com/api/auth/callback/generic-oidc`
+  </Callout>
+  ### Find Your Issuer URL
+  The issuer URL is typically found in your provider's OIDC discovery document:
+  ```
+  https://your-provider/.well-known/openid-configuration
+  ```
+  Look for the `issuer` field in the JSON response.
+  ### Configure Environment Variables
+  | Environment Variable             | Type     | Description                                                     |
+  | -------------------------------- | -------- | --------------------------------------------------------------- |
+  | `AUTH_SECRET`                    | Required | Session encryption key, generate with `openssl rand -base64 32` |
+  | `AUTH_SSO_PROVIDERS`             | Required | Set to `generic-oidc`                                           |
+  | `AUTH_GENERIC_OIDC_ID`           | Required | Client ID                                                       |
+  | `AUTH_GENERIC_OIDC_SECRET`       | Required | Client Secret                                                   |
+  | `AUTH_GENERIC_OIDC_ISSUER`       | Required | OIDC issuer URL (e.g., `https://your-provider.com`)             |
+  <Callout type={'tip'}>
+    Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#generic-oidc)
+    for detailed information.
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  After successful deployment, users will be able to authenticate with your OIDC
+  provider and use LobeChat.
+</Callout>
+## Troubleshooting
+### Common Issues
+1. **Invalid redirect URI**: Ensure the callback URL exactly matches what you configured in your provider
+2. **Missing scopes**: Make sure `openid`, `profile`, and `email` scopes are enabled
+3. **Invalid issuer**: The issuer URL must match exactly what's in the OIDC discovery document
+### Testing OIDC Configuration
+Verify your OIDC configuration by accessing:
+```
+https://your-provider/.well-known/openid-configuration
+```
+This should return a JSON document with all required endpoints.

package/docs/self-hosting/advanced/auth/better-auth/generic-oidc.zh-CN.mdx ADDED Viewed

@@ -0,0 +1,83 @@
+---
+title: 在 LobeChat 中配置 Generic OIDC 身份验证
+description: 学习如何使用 Generic OIDC 集成将 LobeChat 与任何 OpenID Connect 提供商对接。
+tags:
+  - Generic OIDC
+  - OpenID Connect
+  - 身份验证
+  - LobeChat
+  - 单点登录
+---
+# 配置 Generic OIDC 身份验证
+使用 Generic OIDC 可以将 LobeChat 与任何符合 OpenID Connect 标准的身份提供商集成，适用于不在我们支持列表中的提供商。
+<Steps>
+  ### 配置你的 OIDC 提供商
+  在身份提供商的管理控制台中：
+  1. 创建新的 OIDC/OAuth2 应用
+  2. 设置应用类型为 **Web Application** 或 **Confidential Client**
+  3. 启用必需的 scopes：`openid`、`profile`、`email`
+  4. 记下 **Client ID** 和 **Client Secret**
+  ### 配置重定向 URI
+  在 OIDC 提供商中添加回调 URL：
+  <Callout type={'info'}>
+    回调 URL 格式：
+    - 本地开发: `http://localhost:3210/api/auth/callback/generic-oidc`
+    - 生产环境: `https://your-domain.com/api/auth/callback/generic-oidc`
+  </Callout>
+  ### 查找 Issuer URL
+  Issuer URL 通常在提供商的 OIDC 发现文档中：
+  ```
+  https://your-provider/.well-known/openid-configuration
+  ```
+  在 JSON 响应中查找 `issuer` 字段。
+  ### 配置环境变量
+  | 环境变量                             | 类型 | 描述                                             |
+  | -------------------------------- | -- | ---------------------------------------------- |
+  | `AUTH_SECRET`                    | 必选 | 会话加密密钥，使用 `openssl rand -base64 32` 生成         |
+  | `AUTH_SSO_PROVIDERS`             | 必选 | 填写 `generic-oidc`                              |
+  | `AUTH_GENERIC_OIDC_ID`           | 必选 | Client ID                                      |
+  | `AUTH_GENERIC_OIDC_SECRET`       | 必选 | Client Secret                                  |
+  | `AUTH_GENERIC_OIDC_ISSUER`       | 必选 | OIDC Issuer URL（如 `https://your-provider.com`） |
+  <Callout type={'tip'}>
+    前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#generic-oidc)
+    可查阅相关变量详情。
+  </Callout>
+</Steps>
+<Callout type={'info'}>
+  部署成功后，用户将可以通过你的 OIDC 提供商身份认证并使用 LobeChat。
+</Callout>
+## 故障排除
+### 常见问题
+1. **无效的重定向 URI**：确保回调 URL 与提供商中配置的完全匹配
+2. **缺少 scopes**：确保 `openid`、`profile` 和 `email` scopes 已启用
+3. **无效的 issuer**：Issuer URL 必须与 OIDC 发现文档中的完全匹配
+### 测试 OIDC 配置
+通过访问以下地址验证 OIDC 配置：
+```
+https://your-provider/.well-known/openid-configuration
+```
+这应该返回包含所有必需端点的 JSON 文档。