@lobehub/lobehub 2.0.0-next.332 → 2.0.0-next.334
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +60 -0
- package/apps/desktop/src/main/const/dir.ts +3 -0
- package/apps/desktop/src/main/controllers/SystemCtr.ts +19 -0
- package/apps/desktop/src/main/controllers/__tests__/SystemCtr.test.ts +1 -0
- package/apps/desktop/src/main/menus/impls/macOS.test.ts +1 -0
- package/changelog/v1.json +21 -0
- package/docs/changelog/2023-09-09-plugin-system.mdx +3 -2
- package/docs/changelog/2023-11-14-gpt4-vision.mdx +6 -4
- package/docs/changelog/2023-11-19-tts-stt.mdx +3 -2
- package/docs/changelog/2023-12-22-dalle-3.mdx +5 -2
- package/docs/changelog/2023-12-22-dalle-3.zh-CN.mdx +2 -2
- package/docs/changelog/2024-02-08-sso-oauth.mdx +2 -2
- package/docs/changelog/2024-06-19-lobe-chat-v1.mdx +3 -2
- package/docs/changelog/2024-06-19-lobe-chat-v1.zh-CN.mdx +2 -2
- package/docs/changelog/2024-07-19-gpt-4o-mini.mdx +3 -2
- package/docs/changelog/2024-07-19-gpt-4o-mini.zh-CN.mdx +2 -2
- package/docs/changelog/2024-08-02-lobe-chat-database-docker.mdx +3 -2
- package/docs/changelog/2024-08-21-file-upload-and-knowledge-base.mdx +5 -4
- package/docs/changelog/2024-09-13-openai-o1-models.mdx +2 -2
- package/docs/changelog/2024-09-20-artifacts.mdx +3 -2
- package/docs/changelog/2024-09-20-artifacts.zh-CN.mdx +2 -2
- package/docs/changelog/2024-10-27-pin-assistant.mdx +3 -2
- package/docs/changelog/2024-11-06-share-text-json.mdx +4 -2
- package/docs/changelog/2024-11-06-share-text-json.zh-CN.mdx +2 -2
- package/docs/changelog/2024-11-25-november-providers.mdx +2 -2
- package/docs/changelog/2024-11-27-forkable-chat.mdx +2 -2
- package/docs/changelog/2025-01-03-user-profile.mdx +2 -2
- package/docs/changelog/2025-01-22-new-ai-provider.mdx +2 -2
- package/docs/changelog/2025-02-02-deepseek-r1.mdx +4 -4
- package/docs/development/basic/add-new-authentication-providers.mdx +4 -0
- package/docs/development/basic/add-new-authentication-providers.zh-CN.mdx +4 -0
- package/docs/development/basic/add-new-image-model.mdx +4 -0
- package/docs/development/basic/add-new-image-model.zh-CN.mdx +4 -0
- package/docs/development/basic/architecture.mdx +4 -0
- package/docs/development/basic/architecture.zh-CN.mdx +4 -0
- package/docs/development/basic/chat-api.mdx +4 -0
- package/docs/development/basic/chat-api.zh-CN.mdx +4 -0
- package/docs/development/basic/comfyui-development.mdx +3 -1
- package/docs/development/basic/contributing-guidelines.mdx +4 -0
- package/docs/development/basic/contributing-guidelines.zh-CN.mdx +4 -0
- package/docs/development/basic/feature-development-frontend.mdx +11 -3
- package/docs/development/basic/feature-development-frontend.zh-CN.mdx +11 -3
- package/docs/development/basic/feature-development.mdx +14 -5
- package/docs/development/basic/feature-development.zh-CN.mdx +14 -5
- package/docs/development/basic/folder-structure.mdx +7 -0
- package/docs/development/basic/folder-structure.zh-CN.mdx +7 -0
- package/docs/development/basic/resources.mdx +4 -0
- package/docs/development/basic/resources.zh-CN.mdx +4 -0
- package/docs/development/basic/setup-development.mdx +4 -0
- package/docs/development/basic/setup-development.zh-CN.mdx +4 -0
- package/docs/development/basic/test.mdx +4 -0
- package/docs/development/basic/test.zh-CN.mdx +4 -0
- package/docs/development/basic/work-with-server-side-database.mdx +5 -5
- package/docs/development/basic/work-with-server-side-database.zh-CN.mdx +5 -5
- package/docs/development/internationalization/add-new-locale.mdx +4 -0
- package/docs/development/internationalization/add-new-locale.zh-CN.mdx +4 -0
- package/docs/development/internationalization/internationalization-implementation.mdx +4 -0
- package/docs/development/internationalization/internationalization-implementation.zh-CN.mdx +4 -0
- package/docs/development/others/lighthouse.mdx +4 -0
- package/docs/development/others/lighthouse.zh-CN.mdx +4 -0
- package/docs/development/start.mdx +4 -0
- package/docs/development/start.zh-CN.mdx +4 -0
- package/docs/development/state-management/state-management-intro.mdx +4 -2
- package/docs/development/state-management/state-management-intro.zh-CN.mdx +4 -2
- package/docs/development/state-management/state-management-selectors.mdx +6 -1
- package/docs/development/state-management/state-management-selectors.zh-CN.mdx +6 -1
- package/docs/development/tests/integration-testing.zh-CN.mdx +4 -0
- package/docs/self-hosting/advanced/analytics.mdx +2 -2
- package/docs/self-hosting/advanced/auth/better-auth/apple.mdx +132 -0
- package/docs/self-hosting/advanced/auth/better-auth/apple.zh-CN.mdx +127 -0
- package/docs/self-hosting/advanced/auth/better-auth/auth0.mdx +111 -0
- package/docs/self-hosting/advanced/auth/better-auth/auth0.zh-CN.mdx +107 -0
- package/docs/self-hosting/advanced/auth/better-auth/authelia.mdx +66 -0
- package/docs/self-hosting/advanced/auth/better-auth/authelia.zh-CN.mdx +62 -0
- package/docs/self-hosting/advanced/auth/better-auth/authentik.mdx +67 -0
- package/docs/self-hosting/advanced/auth/better-auth/authentik.zh-CN.mdx +63 -0
- package/docs/self-hosting/advanced/auth/better-auth/casdoor.mdx +62 -0
- package/docs/self-hosting/advanced/auth/better-auth/casdoor.zh-CN.mdx +58 -0
- package/docs/self-hosting/advanced/auth/better-auth/cloudflare-zero-trust.mdx +59 -0
- package/docs/self-hosting/advanced/auth/better-auth/cloudflare-zero-trust.zh-CN.mdx +55 -0
- package/docs/self-hosting/advanced/auth/better-auth/cognito.mdx +88 -0
- package/docs/self-hosting/advanced/auth/better-auth/cognito.zh-CN.mdx +85 -0
- package/docs/self-hosting/advanced/auth/better-auth/feishu.mdx +73 -0
- package/docs/self-hosting/advanced/auth/better-auth/feishu.zh-CN.mdx +69 -0
- package/docs/self-hosting/advanced/auth/better-auth/generic-oidc.mdx +86 -0
- package/docs/self-hosting/advanced/auth/better-auth/generic-oidc.zh-CN.mdx +83 -0
- package/docs/self-hosting/advanced/auth/better-auth/github.mdx +93 -0
- package/docs/self-hosting/advanced/auth/better-auth/github.zh-CN.mdx +90 -0
- package/docs/self-hosting/advanced/auth/better-auth/google.mdx +80 -0
- package/docs/self-hosting/advanced/auth/better-auth/google.zh-CN.mdx +77 -0
- package/docs/self-hosting/advanced/auth/better-auth/keycloak.mdx +77 -0
- package/docs/self-hosting/advanced/auth/better-auth/keycloak.zh-CN.mdx +74 -0
- package/docs/self-hosting/advanced/auth/better-auth/logto.mdx +64 -0
- package/docs/self-hosting/advanced/auth/better-auth/logto.zh-CN.mdx +60 -0
- package/docs/self-hosting/advanced/auth/better-auth/microsoft.mdx +113 -0
- package/docs/self-hosting/advanced/auth/better-auth/microsoft.zh-CN.mdx +109 -0
- package/docs/self-hosting/advanced/auth/better-auth/okta.mdx +67 -0
- package/docs/self-hosting/advanced/auth/better-auth/okta.zh-CN.mdx +63 -0
- package/docs/self-hosting/advanced/auth/better-auth/wechat.mdx +77 -0
- package/docs/self-hosting/advanced/auth/better-auth/wechat.zh-CN.mdx +72 -0
- package/docs/self-hosting/advanced/auth/better-auth/zitadel.mdx +73 -0
- package/docs/self-hosting/advanced/auth/better-auth/zitadel.zh-CN.mdx +69 -0
- package/docs/self-hosting/advanced/auth/clerk.mdx +2 -2
- package/docs/self-hosting/advanced/auth/legacy.mdx +106 -0
- package/docs/self-hosting/advanced/auth/legacy.zh-CN.mdx +101 -0
- package/docs/self-hosting/advanced/auth/next-auth/auth0.mdx +3 -2
- package/docs/self-hosting/advanced/auth/next-auth/authelia.mdx +3 -2
- package/docs/self-hosting/advanced/auth/next-auth/authentik.mdx +3 -2
- package/docs/self-hosting/advanced/auth/next-auth/casdoor.mdx +5 -2
- package/docs/self-hosting/advanced/auth/next-auth/casdoor.zh-CN.mdx +2 -0
- package/docs/self-hosting/advanced/auth/next-auth/cloudflare-zero-trust.mdx +3 -2
- package/docs/self-hosting/advanced/auth/next-auth/cloudflare-zero-trust.zh-CN.mdx +2 -2
- package/docs/self-hosting/advanced/auth/next-auth/github.mdx +3 -2
- package/docs/self-hosting/advanced/auth/next-auth/google.mdx +10 -12
- package/docs/self-hosting/advanced/auth/next-auth/keycloak.mdx +3 -2
- package/docs/self-hosting/advanced/auth/next-auth/logto.mdx +2 -2
- package/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx +3 -2
- package/docs/self-hosting/advanced/auth/next-auth/okta.mdx +3 -2
- package/docs/self-hosting/advanced/auth/next-auth/okta.zh-CN.mdx +1 -3
- package/docs/self-hosting/advanced/auth/next-auth/wechat.mdx +2 -2
- package/docs/self-hosting/advanced/auth/next-auth/zitadel.mdx +3 -2
- package/docs/self-hosting/advanced/auth.mdx +86 -139
- package/docs/self-hosting/advanced/auth.zh-CN.mdx +84 -135
- package/docs/self-hosting/advanced/desktop.mdx +9 -3
- package/docs/self-hosting/advanced/desktop.zh-CN.mdx +9 -3
- package/docs/self-hosting/advanced/feature-flags.mdx +3 -2
- package/docs/self-hosting/advanced/knowledge-base.mdx +2 -2
- package/docs/self-hosting/advanced/model-list.mdx +2 -2
- package/docs/self-hosting/advanced/observability/grafana.mdx +4 -2
- package/docs/self-hosting/advanced/observability/grafana.zh-CN.mdx +2 -1
- package/docs/self-hosting/advanced/observability/langfuse.mdx +3 -2
- package/docs/self-hosting/advanced/online-search.mdx +4 -6
- package/docs/self-hosting/advanced/s3/tencent-cloud.mdx +2 -2
- package/docs/self-hosting/advanced/settings-url-share.mdx +3 -2
- package/docs/self-hosting/advanced/upstream-sync.mdx +3 -4
- package/docs/self-hosting/advanced/upstream-sync.zh-CN.mdx +0 -2
- package/docs/self-hosting/environment-variables/analytics.mdx +3 -2
- package/docs/self-hosting/environment-variables/auth.mdx +5 -12
- package/docs/self-hosting/environment-variables/auth.zh-CN.mdx +2 -9
- package/docs/self-hosting/environment-variables/basic.mdx +3 -10
- package/docs/self-hosting/environment-variables/basic.zh-CN.mdx +0 -7
- package/docs/self-hosting/environment-variables/model-provider.mdx +3 -4
- package/docs/self-hosting/environment-variables/s3.mdx +2 -2
- package/docs/self-hosting/environment-variables.mdx +2 -3
- package/docs/self-hosting/examples/azure-openai.mdx +2 -3
- package/docs/self-hosting/examples/azure-openai.zh-CN.mdx +0 -1
- package/docs/self-hosting/examples/ollama.mdx +3 -2
- package/docs/self-hosting/faq/no-v1-suffix.mdx +4 -4
- package/docs/self-hosting/faq/proxy-with-unable-to-verify-leaf-signature.mdx +3 -2
- package/docs/self-hosting/faq/vercel-ai-image-timeout.mdx +2 -2
- package/docs/self-hosting/migration/v2/breaking-changes.mdx +73 -0
- package/docs/self-hosting/migration/v2/breaking-changes.zh-CN.mdx +71 -0
- package/docs/self-hosting/platform/alibaba-cloud.mdx +2 -7
- package/docs/self-hosting/platform/alibaba-cloud.zh-CN.mdx +1 -6
- package/docs/self-hosting/platform/btpanel.mdx +4 -2
- package/docs/self-hosting/platform/btpanel.zh-CN.mdx +2 -2
- package/docs/self-hosting/platform/docker-compose.mdx +3 -3
- package/docs/self-hosting/platform/docker-compose.zh-CN.mdx +0 -1
- package/docs/self-hosting/platform/docker.mdx +2 -11
- package/docs/self-hosting/platform/docker.zh-CN.mdx +0 -8
- package/docs/self-hosting/platform/netlify.mdx +5 -17
- package/docs/self-hosting/platform/netlify.zh-CN.mdx +3 -17
- package/docs/self-hosting/platform/railway.mdx +3 -7
- package/docs/self-hosting/platform/railway.zh-CN.mdx +1 -7
- package/docs/self-hosting/platform/repocloud.mdx +3 -7
- package/docs/self-hosting/platform/repocloud.zh-CN.mdx +1 -6
- package/docs/self-hosting/platform/sealos.mdx +2 -7
- package/docs/self-hosting/platform/sealos.zh-CN.mdx +1 -6
- package/docs/self-hosting/platform/tencentcloud-lighthouse.mdx +2 -7
- package/docs/self-hosting/platform/tencentcloud-lighthouse.zh-CN.mdx +1 -6
- package/docs/self-hosting/platform/vercel.mdx +4 -9
- package/docs/self-hosting/platform/vercel.zh-CN.mdx +3 -8
- package/docs/self-hosting/platform/zeabur.mdx +2 -11
- package/docs/self-hosting/platform/zeabur.zh-CN.mdx +1 -10
- package/docs/self-hosting/server-database/docker-compose.mdx +11 -19
- package/docs/self-hosting/server-database/docker-compose.zh-CN.mdx +12 -21
- package/docs/self-hosting/server-database/docker.mdx +9 -24
- package/docs/self-hosting/server-database/docker.zh-CN.mdx +7 -24
- package/docs/self-hosting/server-database/dokploy.mdx +27 -25
- package/docs/self-hosting/server-database/dokploy.zh-CN.mdx +23 -21
- package/docs/self-hosting/server-database/netlify.mdx +2 -2
- package/docs/self-hosting/server-database/netlify.zh-CN.mdx +2 -2
- package/docs/self-hosting/server-database/railway.mdx +2 -2
- package/docs/self-hosting/server-database/repocloud.mdx +2 -2
- package/docs/self-hosting/server-database/sealos.mdx +2 -2
- package/docs/self-hosting/server-database/vercel.mdx +19 -72
- package/docs/self-hosting/server-database/vercel.zh-CN.mdx +17 -68
- package/docs/self-hosting/server-database/zeabur.mdx +2 -2
- package/docs/self-hosting/server-database.mdx +1 -19
- package/docs/self-hosting/server-database.zh-CN.mdx +0 -17
- package/docs/self-hosting/start.mdx +2 -2
- package/docs/self-hosting/start.zh-CN.mdx +2 -2
- package/locales/ar/common.json +1 -0
- package/locales/bg-BG/common.json +1 -0
- package/locales/de-DE/common.json +1 -0
- package/locales/en-US/common.json +1 -0
- package/locales/en-US/desktop-onboarding.json +1 -0
- package/locales/es-ES/common.json +1 -0
- package/locales/fa-IR/common.json +1 -0
- package/locales/fr-FR/common.json +1 -0
- package/locales/it-IT/common.json +1 -0
- package/locales/ja-JP/common.json +1 -0
- package/locales/ko-KR/common.json +1 -0
- package/locales/nl-NL/common.json +1 -0
- package/locales/pl-PL/common.json +1 -0
- package/locales/pt-BR/common.json +1 -0
- package/locales/ru-RU/common.json +1 -0
- package/locales/tr-TR/common.json +1 -0
- package/locales/vi-VN/common.json +1 -0
- package/locales/zh-CN/common.json +1 -0
- package/locales/zh-CN/desktop-onboarding.json +1 -0
- package/locales/zh-TW/common.json +1 -0
- package/package.json +2 -2
- package/packages/builtin-tool-cloud-sandbox/src/systemRole.ts +62 -2
- package/packages/const/src/url.ts +6 -0
- package/packages/conversation-flow/src/__tests__/fixtures/inputs/tasks/index.ts +2 -0
- package/packages/conversation-flow/src/__tests__/fixtures/inputs/tasks/multi-tasks-with-summary.json +234 -0
- package/packages/conversation-flow/src/__tests__/parse.test.ts +25 -0
- package/packages/conversation-flow/src/transformation/ContextTreeBuilder.ts +15 -0
- package/packages/conversation-flow/src/transformation/FlatListBuilder.ts +20 -0
- package/packages/types/src/serverConfig.ts +0 -1
- package/src/app/[variants]/(desktop)/desktop-onboarding/features/LoginStep.tsx +39 -1
- package/src/app/[variants]/(main)/settings/common/features/Common/Common.tsx +34 -14
- package/src/app/[variants]/(mobile)/me/(home)/features/useCategory.tsx +16 -9
- package/src/app/[variants]/layout.tsx +0 -4
- package/src/envs/app.ts +0 -13
- package/src/features/User/UserPanel/useMenu.tsx +18 -9
- package/src/hooks/usePlatform.test.ts +5 -0
- package/src/hooks/usePlatform.ts +1 -0
- package/src/locales/default/common.ts +1 -0
- package/src/locales/default/desktop-onboarding.ts +1 -0
- package/src/server/globalConfig/index.ts +1 -2
- package/src/services/electron/system.ts +4 -0
- package/src/store/serverConfig/selectors.ts +0 -1
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Configuring GitHub Authentication for LobeChat
|
|
3
|
+
description: >-
|
|
4
|
+
Learn how to configure GitHub SSO for LobeChat, including creating a GitHub
|
|
5
|
+
App, setting up environment variables, and deployment.
|
|
6
|
+
tags:
|
|
7
|
+
- GitHub
|
|
8
|
+
- Authentication
|
|
9
|
+
- LobeChat
|
|
10
|
+
- Single Sign-On
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
# Configuring GitHub Authentication
|
|
14
|
+
|
|
15
|
+
<Steps>
|
|
16
|
+
### Create a GitHub App
|
|
17
|
+
|
|
18
|
+
1. Go to [GitHub Developer Settings](https://github.com/settings/apps/new)
|
|
19
|
+
2. Fill in the **GitHub App name** and **Homepage URL**
|
|
20
|
+
|
|
21
|
+
<Image alt="Create a GitHub App" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/2f919f99-2aaa-4fa7-9938-169d3ed09db7" />
|
|
22
|
+
|
|
23
|
+
### Configure Callback URL
|
|
24
|
+
|
|
25
|
+
<Callout type={'info'}>
|
|
26
|
+
Callback URL format:
|
|
27
|
+
|
|
28
|
+
- Local development: `http://localhost:3210/api/auth/callback/github`
|
|
29
|
+
- Production: `https://your-domain.com/api/auth/callback/github`
|
|
30
|
+
</Callout>
|
|
31
|
+
|
|
32
|
+
Set the Webhook URL according to your needs (can be disabled if not used).
|
|
33
|
+
|
|
34
|
+
<Image alt="Fill in other fields" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/d7ef5ad1-b1a3-435e-b1bc-4436d2b6fecd" />
|
|
35
|
+
|
|
36
|
+
### Configure Permissions
|
|
37
|
+
|
|
38
|
+
Set permission to read user email addresses:
|
|
39
|
+
|
|
40
|
+
<Image alt="Set required permissions" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/23131ca1-9e84-4a89-a840-ef79c4bc0251" />
|
|
41
|
+
|
|
42
|
+
<Image alt="Set permission to read email addresses" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/358bca8d-3d82-4e76-9a5e-90d16a39efde" />
|
|
43
|
+
|
|
44
|
+
Set whether the app is publicly accessible or only accessible to yourself.
|
|
45
|
+
|
|
46
|
+
<Image alt="Set accessibility" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/995780cb-9096-4a36-ab17-d422703ab970" />
|
|
47
|
+
|
|
48
|
+
Click **Create GitHub App**.
|
|
49
|
+
|
|
50
|
+
### Generate Client Secret
|
|
51
|
+
|
|
52
|
+
After creation, click **Generate a new client secret**.
|
|
53
|
+
|
|
54
|
+
<Image alt="Create a new client secret" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/6d69bdca-7d18-4cbc-b3e0-220d8815cd29" />
|
|
55
|
+
|
|
56
|
+
Save the **Client ID** and **Client Secret**.
|
|
57
|
+
|
|
58
|
+
<Image alt="Save credentials" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/c6108133-a918-48b0-ab1a-e3fa607572a4" />
|
|
59
|
+
|
|
60
|
+
### Configure Environment Variables
|
|
61
|
+
|
|
62
|
+
| Environment Variable | Type | Description |
|
|
63
|
+
| -------------------------------- | -------- | --------------------------------------------------------------- |
|
|
64
|
+
| `AUTH_SECRET` | Required | Session encryption key, generate with `openssl rand -base64 32` |
|
|
65
|
+
| `AUTH_SSO_PROVIDERS` | Required | Set to `github` |
|
|
66
|
+
| `AUTH_GITHUB_ID` | Required | Client ID from the GitHub App |
|
|
67
|
+
| `AUTH_GITHUB_SECRET` | Required | Client Secret from the GitHub App |
|
|
68
|
+
|
|
69
|
+
<Callout type={'tip'}>
|
|
70
|
+
Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#github)
|
|
71
|
+
for detailed information.
|
|
72
|
+
</Callout>
|
|
73
|
+
</Steps>
|
|
74
|
+
|
|
75
|
+
<Callout type={'info'}>
|
|
76
|
+
After successful deployment, users will be able to authenticate with GitHub
|
|
77
|
+
and use LobeChat.
|
|
78
|
+
</Callout>
|
|
79
|
+
|
|
80
|
+
## Common Issues
|
|
81
|
+
|
|
82
|
+
### email\_not\_found Error
|
|
83
|
+
|
|
84
|
+
This usually happens when the GitHub App doesn't have email read permission. Go to your app settings, navigate to **Permissions & events** > **Account permissions** > **Email addresses** and set it to **Read-only**.
|
|
85
|
+
|
|
86
|
+
### No Refresh Token
|
|
87
|
+
|
|
88
|
+
GitHub OAuth does not issue refresh tokens. Access tokens remain valid until the user revokes access, the app revokes access, or the token hasn't been used for one year.
|
|
89
|
+
|
|
90
|
+
## Related Resources
|
|
91
|
+
|
|
92
|
+
- [GitHub Developer Settings](https://github.com/settings/developers)
|
|
93
|
+
- [GitHub Apps Documentation](https://docs.github.com/en/apps)
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: 在 LobeChat 中配置 GitHub 身份验证
|
|
3
|
+
description: 学习如何在 LobeChat 中配置 GitHub SSO,包括创建 GitHub App、设置环境变量和部署。
|
|
4
|
+
tags:
|
|
5
|
+
- GitHub
|
|
6
|
+
- 身份验证
|
|
7
|
+
- LobeChat
|
|
8
|
+
- 单点登录
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# 配置 GitHub 身份验证
|
|
12
|
+
|
|
13
|
+
<Steps>
|
|
14
|
+
### 创建 GitHub App
|
|
15
|
+
|
|
16
|
+
1. 前往 [GitHub 开发者设置](https://github.com/settings/apps/new)
|
|
17
|
+
2. 填写 **GitHub App name** 和 **Homepage URL**
|
|
18
|
+
|
|
19
|
+
<Image alt="创建 GitHub App" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/2f919f99-2aaa-4fa7-9938-169d3ed09db7" />
|
|
20
|
+
|
|
21
|
+
### 配置回调 URL
|
|
22
|
+
|
|
23
|
+
<Callout type={'info'}>
|
|
24
|
+
回调 URL 格式:
|
|
25
|
+
|
|
26
|
+
- 本地开发: `http://localhost:3210/api/auth/callback/github`
|
|
27
|
+
- 生产环境: `https://your-domain.com/api/auth/callback/github`
|
|
28
|
+
</Callout>
|
|
29
|
+
|
|
30
|
+
按需设置 Webhook URL(不需要可禁用)。
|
|
31
|
+
|
|
32
|
+
<Image alt="填写其他字段" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/d7ef5ad1-b1a3-435e-b1bc-4436d2b6fecd" />
|
|
33
|
+
|
|
34
|
+
### 配置权限
|
|
35
|
+
|
|
36
|
+
设置读取用户邮箱地址的权限:
|
|
37
|
+
|
|
38
|
+
<Image alt="设置所需权限" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/23131ca1-9e84-4a89-a840-ef79c4bc0251" />
|
|
39
|
+
|
|
40
|
+
<Image alt="设置读取邮件地址权限" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/358bca8d-3d82-4e76-9a5e-90d16a39efde" />
|
|
41
|
+
|
|
42
|
+
设置公开访问还是仅自己访问。
|
|
43
|
+
|
|
44
|
+
<Image alt="设置访问权限" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/995780cb-9096-4a36-ab17-d422703ab970" />
|
|
45
|
+
|
|
46
|
+
点击 **Create GitHub App**。
|
|
47
|
+
|
|
48
|
+
### 生成客户端密钥
|
|
49
|
+
|
|
50
|
+
创建成功后,点击 **Generate a new client secret**。
|
|
51
|
+
|
|
52
|
+
<Image alt="创建客户端密钥" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/6d69bdca-7d18-4cbc-b3e0-220d8815cd29" />
|
|
53
|
+
|
|
54
|
+
保存 **Client ID** 和 **Client Secret**。
|
|
55
|
+
|
|
56
|
+
<Image alt="保存凭证" inStep src="https://github.com/lobehub/lobe-chat/assets/64475363/c6108133-a918-48b0-ab1a-e3fa607572a4" />
|
|
57
|
+
|
|
58
|
+
### 配置环境变量
|
|
59
|
+
|
|
60
|
+
| 环境变量 | 类型 | 描述 |
|
|
61
|
+
| -------------------------------- | -- | -------------------------------------- |
|
|
62
|
+
| `AUTH_SECRET` | 必选 | 会话加密密钥,使用 `openssl rand -base64 32` 生成 |
|
|
63
|
+
| `AUTH_SSO_PROVIDERS` | 必选 | 填写 `github` |
|
|
64
|
+
| `AUTH_GITHUB_ID` | 必选 | GitHub App 的 Client ID |
|
|
65
|
+
| `AUTH_GITHUB_SECRET` | 必选 | GitHub App 的 Client Secret |
|
|
66
|
+
|
|
67
|
+
<Callout type={'tip'}>
|
|
68
|
+
前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#github)
|
|
69
|
+
可查阅相关变量详情。
|
|
70
|
+
</Callout>
|
|
71
|
+
</Steps>
|
|
72
|
+
|
|
73
|
+
<Callout type={'info'}>
|
|
74
|
+
部署成功后,用户将可以通过 GitHub 身份认证并使用 LobeChat。
|
|
75
|
+
</Callout>
|
|
76
|
+
|
|
77
|
+
## 常见问题
|
|
78
|
+
|
|
79
|
+
### email\_not\_found 错误
|
|
80
|
+
|
|
81
|
+
这通常是因为 GitHub App 没有邮箱读取权限。前往应用设置,导航到 **Permissions & events** > **Account permissions** > **Email addresses**,设置为 **Read-only**。
|
|
82
|
+
|
|
83
|
+
### 没有 Refresh Token
|
|
84
|
+
|
|
85
|
+
GitHub OAuth 不发放 refresh token。访问令牌在用户撤销、应用撤销或一年未使用前会一直有效。
|
|
86
|
+
|
|
87
|
+
## 相关资源
|
|
88
|
+
|
|
89
|
+
- [GitHub 开发者设置](https://github.com/settings/developers)
|
|
90
|
+
- [GitHub Apps 文档](https://docs.github.com/en/apps)
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Configuring Google Authentication for LobeChat
|
|
3
|
+
description: >-
|
|
4
|
+
Learn how to configure Google SSO for LobeChat, including creating OAuth
|
|
5
|
+
credentials in Google Cloud Console and setting up environment variables.
|
|
6
|
+
tags:
|
|
7
|
+
- Google
|
|
8
|
+
- Authentication
|
|
9
|
+
- LobeChat
|
|
10
|
+
- Single Sign-On
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
# Configuring Google Authentication
|
|
14
|
+
|
|
15
|
+
<Steps>
|
|
16
|
+
### Create Google OAuth Credentials
|
|
17
|
+
|
|
18
|
+
1. Go to [Google Cloud Console](https://console.cloud.google.com/apis/credentials)
|
|
19
|
+
2. Create a new project or select an existing one
|
|
20
|
+
3. Click **Create Credentials** > **OAuth client ID**
|
|
21
|
+
4. If this is your first time, configure the OAuth consent screen first (see below)
|
|
22
|
+
5. Select **Web application** as the application type
|
|
23
|
+
6. Add authorized redirect URIs (see callback URL configuration below)
|
|
24
|
+
7. Click Create and save the **Client ID** and **Client Secret**
|
|
25
|
+
|
|
26
|
+
### Configure OAuth Consent Screen
|
|
27
|
+
|
|
28
|
+
1. Go to **APIs & Services** > **OAuth consent screen**
|
|
29
|
+
2. Choose user type:
|
|
30
|
+
- **External**: For any Google account
|
|
31
|
+
- **Internal**: For Google Workspace organization users only
|
|
32
|
+
3. Fill in required information: app name, user support email, etc.
|
|
33
|
+
4. Add scopes: `email` and `profile`
|
|
34
|
+
5. If in testing mode, add test users
|
|
35
|
+
|
|
36
|
+
### Configure Callback URL
|
|
37
|
+
|
|
38
|
+
Add to authorized redirect URIs:
|
|
39
|
+
|
|
40
|
+
<Callout type={'info'}>
|
|
41
|
+
Callback URL format:
|
|
42
|
+
|
|
43
|
+
- Local development: `http://localhost:3210/api/auth/callback/google`
|
|
44
|
+
- Production: `https://your-domain.com/api/auth/callback/google`
|
|
45
|
+
</Callout>
|
|
46
|
+
|
|
47
|
+
### Configure Environment Variables
|
|
48
|
+
|
|
49
|
+
| Environment Variable | Type | Description |
|
|
50
|
+
| -------------------------------- | -------- | --------------------------------------------------------------- |
|
|
51
|
+
| `AUTH_SECRET` | Required | Session encryption key, generate with `openssl rand -base64 32` |
|
|
52
|
+
| `AUTH_SSO_PROVIDERS` | Required | Set to `google` |
|
|
53
|
+
| `AUTH_GOOGLE_ID` | Required | Client ID from Google Cloud Console |
|
|
54
|
+
| `AUTH_GOOGLE_SECRET` | Required | Client Secret from Google Cloud Console |
|
|
55
|
+
|
|
56
|
+
<Callout type={'tip'}>
|
|
57
|
+
Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#google)
|
|
58
|
+
for detailed information.
|
|
59
|
+
</Callout>
|
|
60
|
+
</Steps>
|
|
61
|
+
|
|
62
|
+
<Callout type={'info'}>
|
|
63
|
+
After successful deployment, users will be able to authenticate with Google
|
|
64
|
+
and use LobeChat.
|
|
65
|
+
</Callout>
|
|
66
|
+
|
|
67
|
+
## Common Issues
|
|
68
|
+
|
|
69
|
+
### redirect\_uri\_mismatch Error
|
|
70
|
+
|
|
71
|
+
Ensure the callback URL configured in Google Cloud Console exactly matches your deployment address, including the protocol (http/https) and port number.
|
|
72
|
+
|
|
73
|
+
### Testing Mode Limitations
|
|
74
|
+
|
|
75
|
+
If the OAuth consent screen is in testing mode, only Google accounts added as test users can sign in.
|
|
76
|
+
|
|
77
|
+
## Related Resources
|
|
78
|
+
|
|
79
|
+
- [Google Cloud Console](https://console.cloud.google.com/)
|
|
80
|
+
- [Google OAuth 2.0 Documentation](https://developers.google.com/identity/protocols/oauth2)
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: 在 LobeChat 中配置 Google 身份验证
|
|
3
|
+
description: 学习如何在 LobeChat 中配置 Google SSO,包括在 Google Cloud Console 创建 OAuth 凭证和设置环境变量。
|
|
4
|
+
tags:
|
|
5
|
+
- Google
|
|
6
|
+
- 身份验证
|
|
7
|
+
- LobeChat
|
|
8
|
+
- 单点登录
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# 配置 Google 身份验证
|
|
12
|
+
|
|
13
|
+
<Steps>
|
|
14
|
+
### 创建 Google OAuth 凭证
|
|
15
|
+
|
|
16
|
+
1. 前往 [Google Cloud Console](https://console.cloud.google.com/apis/credentials)
|
|
17
|
+
2. 创建新项目或选择现有项目
|
|
18
|
+
3. 点击 **Create Credentials** > **OAuth client ID**
|
|
19
|
+
4. 如果是首次创建,需先配置 OAuth 同意屏幕(见下方步骤)
|
|
20
|
+
5. 选择 **Web application** 作为应用类型
|
|
21
|
+
6. 添加授权重定向 URI(见下方回调 URL 配置)
|
|
22
|
+
7. 点击创建,保存 **Client ID** 和 **Client Secret**
|
|
23
|
+
|
|
24
|
+
### 配置 OAuth 同意屏幕
|
|
25
|
+
|
|
26
|
+
1. 前往 **APIs & Services** > **OAuth consent screen**
|
|
27
|
+
2. 选择用户类型:
|
|
28
|
+
- **External**:适用于任何 Google 账户
|
|
29
|
+
- **Internal**:仅限 Google Workspace 组织用户
|
|
30
|
+
3. 填写应用名称、用户支持邮箱等必填信息
|
|
31
|
+
4. 添加授权范围:`email` 和 `profile`
|
|
32
|
+
5. 如果处于测试模式,需添加测试用户
|
|
33
|
+
|
|
34
|
+
### 配置回调 URL
|
|
35
|
+
|
|
36
|
+
在授权重定向 URI 中添加:
|
|
37
|
+
|
|
38
|
+
<Callout type={'info'}>
|
|
39
|
+
回调 URL 格式:
|
|
40
|
+
|
|
41
|
+
- 本地开发: `http://localhost:3210/api/auth/callback/google`
|
|
42
|
+
- 生产环境: `https://your-domain.com/api/auth/callback/google`
|
|
43
|
+
</Callout>
|
|
44
|
+
|
|
45
|
+
### 配置环境变量
|
|
46
|
+
|
|
47
|
+
| 环境变量 | 类型 | 描述 |
|
|
48
|
+
| -------------------------------- | -- | -------------------------------------- |
|
|
49
|
+
| `AUTH_SECRET` | 必选 | 会话加密密钥,使用 `openssl rand -base64 32` 生成 |
|
|
50
|
+
| `AUTH_SSO_PROVIDERS` | 必选 | 填写 `google` |
|
|
51
|
+
| `AUTH_GOOGLE_ID` | 必选 | Google Cloud Console 中的 Client ID |
|
|
52
|
+
| `AUTH_GOOGLE_SECRET` | 必选 | Google Cloud Console 中的 Client Secret |
|
|
53
|
+
|
|
54
|
+
<Callout type={'tip'}>
|
|
55
|
+
前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#google)
|
|
56
|
+
可查阅相关变量详情。
|
|
57
|
+
</Callout>
|
|
58
|
+
</Steps>
|
|
59
|
+
|
|
60
|
+
<Callout type={'info'}>
|
|
61
|
+
部署成功后,用户将可以通过 Google 身份认证并使用 LobeChat。
|
|
62
|
+
</Callout>
|
|
63
|
+
|
|
64
|
+
## 常见问题
|
|
65
|
+
|
|
66
|
+
### redirect\_uri\_mismatch 错误
|
|
67
|
+
|
|
68
|
+
确保 Google Cloud Console 中配置的回调 URL 与实际部署地址完全匹配,包括协议(http/https)和端口号。
|
|
69
|
+
|
|
70
|
+
### 测试模式限制
|
|
71
|
+
|
|
72
|
+
如果 OAuth 同意屏幕处于测试模式,只有添加为测试用户的 Google 账户才能登录。
|
|
73
|
+
|
|
74
|
+
## 相关资源
|
|
75
|
+
|
|
76
|
+
- [Google Cloud Console](https://console.cloud.google.com/)
|
|
77
|
+
- [Google OAuth 2.0 文档](https://developers.google.com/identity/protocols/oauth2)
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Configuring Keycloak Authentication for LobeChat
|
|
3
|
+
description: >-
|
|
4
|
+
Learn how to configure Keycloak SSO for LobeChat, including creating a client
|
|
5
|
+
and setting up environment variables.
|
|
6
|
+
tags:
|
|
7
|
+
- Keycloak
|
|
8
|
+
- Authentication
|
|
9
|
+
- LobeChat
|
|
10
|
+
- Single Sign-On
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
# Configuring Keycloak Authentication
|
|
14
|
+
|
|
15
|
+
[Keycloak](https://www.keycloak.org/) is an open-source Identity and Access Management solution.
|
|
16
|
+
|
|
17
|
+
<Steps>
|
|
18
|
+
### Create Client in Keycloak
|
|
19
|
+
|
|
20
|
+
1. Log in to your Keycloak Admin Console
|
|
21
|
+
2. Select your realm (or create a new one)
|
|
22
|
+
3. Go to **Clients** > **Create client**
|
|
23
|
+
4. Configure the client:
|
|
24
|
+
- **Client type**: `OpenID Connect`
|
|
25
|
+
- **Client ID**: `lobechat` (or any name you prefer)
|
|
26
|
+
5. Click **Next**
|
|
27
|
+
6. Enable **Client authentication** (On)
|
|
28
|
+
7. Click **Next** and then **Save**
|
|
29
|
+
|
|
30
|
+
### Configure Redirect URI
|
|
31
|
+
|
|
32
|
+
In the client **Settings** tab:
|
|
33
|
+
|
|
34
|
+
1. Add redirect URI under **Valid redirect URIs**
|
|
35
|
+
|
|
36
|
+
<Callout type={'info'}>
|
|
37
|
+
Callback URL format:
|
|
38
|
+
|
|
39
|
+
- Local development: `http://localhost:3210/api/auth/callback/keycloak`
|
|
40
|
+
- Production: `https://your-domain.com/api/auth/callback/keycloak`
|
|
41
|
+
</Callout>
|
|
42
|
+
|
|
43
|
+
### Get Client Secret
|
|
44
|
+
|
|
45
|
+
Go to the **Credentials** tab and copy the **Client secret**.
|
|
46
|
+
|
|
47
|
+
### Get Issuer URL
|
|
48
|
+
|
|
49
|
+
The issuer URL format: `https://your-keycloak-domain/realms/your-realm`
|
|
50
|
+
|
|
51
|
+
For example: `https://keycloak.example.com/realms/master`
|
|
52
|
+
|
|
53
|
+
### Configure Environment Variables
|
|
54
|
+
|
|
55
|
+
| Environment Variable | Type | Description |
|
|
56
|
+
| -------------------------------- | -------- | --------------------------------------------------------------- |
|
|
57
|
+
| `AUTH_SECRET` | Required | Session encryption key, generate with `openssl rand -base64 32` |
|
|
58
|
+
| `AUTH_SSO_PROVIDERS` | Required | Set to `keycloak` |
|
|
59
|
+
| `AUTH_KEYCLOAK_ID` | Required | Client ID |
|
|
60
|
+
| `AUTH_KEYCLOAK_SECRET` | Required | Client Secret |
|
|
61
|
+
| `AUTH_KEYCLOAK_ISSUER` | Required | `https://your-keycloak-domain/realms/your-realm` |
|
|
62
|
+
|
|
63
|
+
<Callout type={'tip'}>
|
|
64
|
+
Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#keycloak)
|
|
65
|
+
for detailed information.
|
|
66
|
+
</Callout>
|
|
67
|
+
</Steps>
|
|
68
|
+
|
|
69
|
+
<Callout type={'info'}>
|
|
70
|
+
After successful deployment, users will be able to authenticate with Keycloak
|
|
71
|
+
and use LobeChat.
|
|
72
|
+
</Callout>
|
|
73
|
+
|
|
74
|
+
## Related Resources
|
|
75
|
+
|
|
76
|
+
- [Keycloak Documentation](https://www.keycloak.org/documentation)
|
|
77
|
+
- [Keycloak OpenID Connect Guide](https://www.keycloak.org/docs/latest/securing_apps/#_oidc)
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: 在 LobeChat 中配置 Keycloak 身份验证
|
|
3
|
+
description: 学习如何在 LobeChat 中配置 Keycloak SSO,包括创建客户端和设置环境变量。
|
|
4
|
+
tags:
|
|
5
|
+
- Keycloak
|
|
6
|
+
- 身份验证
|
|
7
|
+
- LobeChat
|
|
8
|
+
- 单点登录
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# 配置 Keycloak 身份验证
|
|
12
|
+
|
|
13
|
+
[Keycloak](https://www.keycloak.org/) 是一个开源的身份和访问管理解决方案。
|
|
14
|
+
|
|
15
|
+
<Steps>
|
|
16
|
+
### 在 Keycloak 中创建客户端
|
|
17
|
+
|
|
18
|
+
1. 登录 Keycloak 管理控制台
|
|
19
|
+
2. 选择你的 realm(或创建新的)
|
|
20
|
+
3. 前往 **Clients** > **Create client**
|
|
21
|
+
4. 配置客户端:
|
|
22
|
+
- **Client type**: `OpenID Connect`
|
|
23
|
+
- **Client ID**: `lobechat`(或任意名称)
|
|
24
|
+
5. 点击 **Next**
|
|
25
|
+
6. 启用 **Client authentication**(On)
|
|
26
|
+
7. 点击 **Next** 然后 **Save**
|
|
27
|
+
|
|
28
|
+
### 配置重定向 URI
|
|
29
|
+
|
|
30
|
+
在客户端 **Settings** 标签页中:
|
|
31
|
+
|
|
32
|
+
1. 在 **Valid redirect URIs** 下添加重定向 URI
|
|
33
|
+
|
|
34
|
+
<Callout type={'info'}>
|
|
35
|
+
回调 URL 格式:
|
|
36
|
+
|
|
37
|
+
- 本地开发: `http://localhost:3210/api/auth/callback/keycloak`
|
|
38
|
+
- 生产环境: `https://your-domain.com/api/auth/callback/keycloak`
|
|
39
|
+
</Callout>
|
|
40
|
+
|
|
41
|
+
### 获取客户端密钥
|
|
42
|
+
|
|
43
|
+
前往 **Credentials** 标签页复制 **Client secret**。
|
|
44
|
+
|
|
45
|
+
### 获取 Issuer URL
|
|
46
|
+
|
|
47
|
+
Issuer URL 格式:`https://your-keycloak-domain/realms/your-realm`
|
|
48
|
+
|
|
49
|
+
例如:`https://keycloak.example.com/realms/master`
|
|
50
|
+
|
|
51
|
+
### 配置环境变量
|
|
52
|
+
|
|
53
|
+
| 环境变量 | 类型 | 描述 |
|
|
54
|
+
| -------------------------------- | -- | ------------------------------------------------ |
|
|
55
|
+
| `AUTH_SECRET` | 必选 | 会话加密密钥,使用 `openssl rand -base64 32` 生成 |
|
|
56
|
+
| `AUTH_SSO_PROVIDERS` | 必选 | 填写 `keycloak` |
|
|
57
|
+
| `AUTH_KEYCLOAK_ID` | 必选 | Client ID |
|
|
58
|
+
| `AUTH_KEYCLOAK_SECRET` | 必选 | Client Secret |
|
|
59
|
+
| `AUTH_KEYCLOAK_ISSUER` | 必选 | `https://your-keycloak-domain/realms/your-realm` |
|
|
60
|
+
|
|
61
|
+
<Callout type={'tip'}>
|
|
62
|
+
前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#keycloak)
|
|
63
|
+
可查阅相关变量详情。
|
|
64
|
+
</Callout>
|
|
65
|
+
</Steps>
|
|
66
|
+
|
|
67
|
+
<Callout type={'info'}>
|
|
68
|
+
部署成功后,用户将可以通过 Keycloak 身份认证并使用 LobeChat。
|
|
69
|
+
</Callout>
|
|
70
|
+
|
|
71
|
+
## 相关资源
|
|
72
|
+
|
|
73
|
+
- [Keycloak 文档](https://www.keycloak.org/documentation)
|
|
74
|
+
- [Keycloak OpenID Connect 指南](https://www.keycloak.org/docs/latest/securing_apps/#_oidc)
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Configuring Logto Authentication for LobeChat
|
|
3
|
+
description: >-
|
|
4
|
+
Learn how to configure Logto SSO for LobeChat, including creating an
|
|
5
|
+
application and setting up environment variables.
|
|
6
|
+
tags:
|
|
7
|
+
- Logto
|
|
8
|
+
- Authentication
|
|
9
|
+
- LobeChat
|
|
10
|
+
- Single Sign-On
|
|
11
|
+
- OIDC
|
|
12
|
+
---
|
|
13
|
+
|
|
14
|
+
# Configuring Logto Authentication
|
|
15
|
+
|
|
16
|
+
[Logto](https://logto.io/) is an open-source Auth0 alternative designed for modern apps and SaaS products.
|
|
17
|
+
|
|
18
|
+
<Steps>
|
|
19
|
+
### Create Application in Logto
|
|
20
|
+
|
|
21
|
+
1. Log in to your Logto Console
|
|
22
|
+
2. Go to **Applications** and click **Create application**
|
|
23
|
+
3. Select **Traditional web** as the application type
|
|
24
|
+
4. Fill in the application name: `LobeChat`
|
|
25
|
+
5. Configure redirect URIs:
|
|
26
|
+
|
|
27
|
+
<Callout type={'info'}>
|
|
28
|
+
**Callback URL Format**: `https://your-domain.com/api/auth/callback/logto`
|
|
29
|
+
</Callout>
|
|
30
|
+
|
|
31
|
+
6. After creation, note down the **App ID** and **App Secret**
|
|
32
|
+
|
|
33
|
+
### Get Issuer URL
|
|
34
|
+
|
|
35
|
+
The issuer URL is your Logto endpoint, typically:
|
|
36
|
+
|
|
37
|
+
- Cloud: `https://your-tenant.logto.app/oidc`
|
|
38
|
+
- Self-hosted: `https://your-logto-domain/oidc`
|
|
39
|
+
|
|
40
|
+
### Configure Environment Variables
|
|
41
|
+
|
|
42
|
+
When deploying LobeChat, you need to configure the following environment variables:
|
|
43
|
+
|
|
44
|
+
| Environment Variable | Type | Description |
|
|
45
|
+
| -------------------------------- | -------- | ----------------------------------------------------------------------------- |
|
|
46
|
+
| `AUTH_SECRET` | Required | Key used to encrypt session tokens. Generate using: `openssl rand -base64 32` |
|
|
47
|
+
| `AUTH_SSO_PROVIDERS` | Required | SSO provider for LobeChat. Use `logto` for Logto |
|
|
48
|
+
| `AUTH_LOGTO_ID` | Required | App ID from Logto application |
|
|
49
|
+
| `AUTH_LOGTO_SECRET` | Required | App Secret from Logto application |
|
|
50
|
+
| `AUTH_LOGTO_ISSUER` | Required | Logto issuer URL (e.g., `https://your-tenant.logto.app/oidc`) |
|
|
51
|
+
|
|
52
|
+
<Callout type={'tip'}>
|
|
53
|
+
Go to [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#logto) for detailed information on these variables.
|
|
54
|
+
</Callout>
|
|
55
|
+
</Steps>
|
|
56
|
+
|
|
57
|
+
<Callout type={'info'}>
|
|
58
|
+
After successful deployment, users will be able to authenticate with Logto and use LobeChat.
|
|
59
|
+
</Callout>
|
|
60
|
+
|
|
61
|
+
## Related Resources
|
|
62
|
+
|
|
63
|
+
- [Logto Documentation](https://docs.logto.io/)
|
|
64
|
+
- [Logto Application Setup](https://docs.logto.io/docs/recipes/integrate-logto/)
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: 在 LobeChat 中配置 Logto 身份验证
|
|
3
|
+
description: 学习如何在 LobeChat 中配置 Logto SSO,包括创建应用和设置环境变量。
|
|
4
|
+
tags:
|
|
5
|
+
- Logto
|
|
6
|
+
- 身份验证
|
|
7
|
+
- LobeChat
|
|
8
|
+
- 单点登录
|
|
9
|
+
- OIDC
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
# 配置 Logto 身份验证
|
|
13
|
+
|
|
14
|
+
[Logto](https://logto.io/) 是一个开源的 Auth0 替代方案,专为现代应用和 SaaS 产品设计。
|
|
15
|
+
|
|
16
|
+
<Steps>
|
|
17
|
+
### 在 Logto 中创建应用
|
|
18
|
+
|
|
19
|
+
1. 登录 Logto 控制台
|
|
20
|
+
2. 前往 **Applications**,点击 **Create application**
|
|
21
|
+
3. 选择 **Traditional web** 作为应用类型
|
|
22
|
+
4. 填写应用名称:`LobeChat`
|
|
23
|
+
5. 配置重定向 URI:
|
|
24
|
+
|
|
25
|
+
<Callout type={'info'}>
|
|
26
|
+
**回调 URL 格式**: `https://your-domain.com/api/auth/callback/logto`
|
|
27
|
+
</Callout>
|
|
28
|
+
|
|
29
|
+
6. 创建后,记下 **App ID** 和 **App Secret**
|
|
30
|
+
|
|
31
|
+
### 获取 Issuer URL
|
|
32
|
+
|
|
33
|
+
Issuer URL 是 Logto 端点,通常为:
|
|
34
|
+
|
|
35
|
+
- 云版:`https://your-tenant.logto.app/oidc`
|
|
36
|
+
- 自托管:`https://your-logto-domain/oidc`
|
|
37
|
+
|
|
38
|
+
### 配置环境变量
|
|
39
|
+
|
|
40
|
+
在部署 LobeChat 时,你需要配置以下环境变量:
|
|
41
|
+
|
|
42
|
+
| 环境变量 | 类型 | 描述 |
|
|
43
|
+
| -------------------------------- | -- | --------------------------------------------------------- |
|
|
44
|
+
| `AUTH_SECRET` | 必选 | 用于加密会话令牌的密钥。使用以下命令生成:`openssl rand -base64 32` |
|
|
45
|
+
| `AUTH_SSO_PROVIDERS` | 必选 | SSO 提供商。使用 Logto 请填写 `logto` |
|
|
46
|
+
| `AUTH_LOGTO_ID` | 必选 | Logto 应用的 App ID |
|
|
47
|
+
| `AUTH_LOGTO_SECRET` | 必选 | Logto 应用的 App Secret |
|
|
48
|
+
| `AUTH_LOGTO_ISSUER` | 必选 | Logto Issuer URL(例如 `https://your-tenant.logto.app/oidc`) |
|
|
49
|
+
|
|
50
|
+
<Callout type={'tip'}>
|
|
51
|
+
前往 [📘 环境变量](/zh/docs/self-hosting/environment-variables/auth#logto) 可查阅相关变量详情。
|
|
52
|
+
</Callout>
|
|
53
|
+
</Steps>
|
|
54
|
+
|
|
55
|
+
<Callout type={'info'}>部署成功后,用户将可以通过 Logto 身份认证并使用 LobeChat。</Callout>
|
|
56
|
+
|
|
57
|
+
## 相关资源
|
|
58
|
+
|
|
59
|
+
- [Logto 文档](https://docs.logto.io/)
|
|
60
|
+
- [Logto 应用设置](https://docs.logto.io/docs/recipes/integrate-logto/)
|