# Advanced Configuration

### OIDC / Oauth2

To enable OAuth2 login, you must create a client on the respective OAuth provider,
for example [Github](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app)
or [Google](https://developers.google.com/identity/protocols/oauth2).

Komodo also supports self hosted Oauth2 providers like [Authentik](https://docs.goauthentik.io/docs/providers/oauth2/) or [Gitea](https://docs.gitea.com/development/oauth2-provider).

- Komodo uses the `web application` login flow.
- The redirect uri is:
	- `<KOMODO_HOST>/auth/github/callback` for Github.
	- `<KOMODO_HOST>/auth/google/callback` for Google.
	- `<KOMODO_HOST>/auth/oidc/callback` for OIDC.

### Mount a config file

If you prefer to keep sensitive information out of environment variables, you can optionally
write a config file on your host, and mount it to `/config/config.toml` in the Komodo core container.

:::info
Configuration can still be passed in environment variables, and will take precedent over what is passed in the file.
:::

Quick download to `./komodo/core.config.toml`:
```bash
wget -P komodo https://raw.githubusercontent.com/moghtech/komodo/main/config/core.config.toml
```

```mdx-code-block
import RemoteCodeFile from "@site/src/components/RemoteCodeFile";

<RemoteCodeFile
	title="https://github.com/moghtech/komodo/blob/main/config/core.config.toml"
	url="https://raw.githubusercontent.com/moghtech/komodo/main/config/core.config.toml"
	language="toml"
/>
```