github-starred/actual
2
0
Fork 0
mirror of https://github.com/actualbudget/actual.git synced 2026-03-11 20:44:32 -05:00
Code Issues 250 Packages Projects Releases 53 Wiki Activity

Added environment variables to OpenID page (#650)

Browse Source 
Added environment variables to OpenID page

---------

Co-authored-by: Ruben Olsen Lærk <ruben@lku.no>
Co-authored-by: Matt Fiddaman <github@m.fiddaman.uk>
This commit is contained in:
lelemm
2025-03-04 21:47:34 -03:00
committed by GitHub
parent 1bd2964e15
commit ad53fcb3c6
2 changed files with 51 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/actions/spelling/expect.txt vendored
View File

@@ -97,3 +97,4 @@ VUB
websecure
WOR
youngcw
OIDC

51
docs/experimental/oauth-auth.md
View File

@@ -115,6 +115,55 @@ When setup is done, you will be redirected to the _login_ page:
![](/static/img/oauth/first-login.png)
### Environment Variables
#### `ACTUAL_OPENID_DISCOVERY_URL`
- **Purpose:** If your OpenID provider supports discovery, this is the URL where discovery metadata can be found.
**Example Value:** `https://provider.tld/.well-known/openid-configuration`
#### `ACTUAL_OPENID_CLIENT_ID`
- **Purpose:** The client ID issued by your OpenID provider.
**Example Value:** `my-actual-app`
#### `ACTUAL_OPENID_CLIENT_SECRET`
- **Purpose:** The client secret issued by your OpenID provider.
**Example Value:** `super-secret-value`
#### `ACTUAL_OPENID_SERVER_HOSTNAME`
- **Purpose:** The public URL of your Actual Server, which the provider redirects to after authentication.
**Example Value:** `https://actual.myserver.com`
#### `ACTUAL_OPENID_AUTHORIZATION_ENDPOINT`
- **Purpose:** Providers authorization endpoint (for providers that dont support discovery).
**Example Value:** `https://provider.com/oauth2/authorize`
#### `ACTUAL_OPENID_TOKEN_ENDPOINT`
- **Purpose:** Providers token endpoint (for providers that dont support discovery).
**Example Value:** `https://provider.com/oauth2/token`
#### `ACTUAL_OPENID_USERINFO_ENDPOINT`
- **Purpose:** Providers user-info endpoint (for providers that dont support discovery).
**Example Value:** `https://provider.com/oauth2/userinfo`
#### `ACTUAL_OPENID_AUTH_METHOD`
- **Purpose:** Tells the server whether it should use the OpenID (OIDC) or a more general OAuth2 flow.
**Possible Values:**
- `openid` (default)
- `oauth2`
**Tip:** Use `oauth2` for providers like GitHub that dont fully support OpenID discovery.
#### `ACTUAL_OPENID_ENFORCE`
- **Purpose:** Forces OpenID/OAuth2 authentication as the only allowed login method when set to `true`.
**Example Value:** `true` or `false` (default is `false`)
#### `ACTUAL_TOKEN_EXPIRATION`
- **Purpose:** Controls how access tokens expire.
**Possible Values:**
- `"never"` (tokens never expire - **current default**)
- `"openid-provider"` (tokens follow the expiration time from the OpenID provider)
- A numeric value in seconds (e.g., `3600` for 1 hour)
:::tip
Configuring the OpenID provider from options supports discovery; otherwise, use [file configuration](oauth-auth#config-using-configuration-file)
:::