Skip to main content

Generic OAuth Authentication

Velero UI supports authentication via a custom OAuth provider. This section explains how to configure and enable OAuth authentication using environment variables.

Environment Variables​

VariableDescription
OAUTH_AUTH_ENABLEDSet to true to enable OAuth authentication. Default is false.
OAUTH_NAMEThe display name of the OAuth provider.
OAUTH_AUTHORIZATION_URLThe authorization endpoint URL for OAuth authentication.
OAUTH_USER_INFO_URLThe user information endpoint to fetch authenticated user details.
OAUTH_TOKEN_URLThe token endpoint URL to exchange authorization codes for access tokens.
OAUTH_CLIENT_IDThe client ID provided by your OAuth provider.
OAUTH_CLIENT_SECRETThe client secret provided by your OAuth provider.
OAUTH_OAUTH_SCOPEThe scope of OAuth access. Default: openid profile email.
OAUTH_REDIRECT_URIThe redirect URI after authentication. Default: http://localhost:4200/login.

Steps to Configure Generic OAuth Authentication​

  1. Register an Application with Your OAuth Provider

    • Navigate to your OAuth provider’s developer portal.
    • Register a new application.
    • Set the Redirect URI to http://localhost:4200/login (or your production URL).
    • Copy the Client ID and Client Secret.

  2. Obtain OAuth Endpoints

    • Locate the authorization, token, and user info URLs from your OAuth provider’s documentation.

  3. Set Environment Variables

    • Update your environment variables with the values from your OAuth provider.
    • Example: 
      OAUTH_AUTH_ENABLED=true
      OAUTH_NAME="Your OAuth Provider"
      OAUTH_AUTHORIZATION_URL="https://your-provider.com/oauth/authorize"
      OAUTH_USER_INFO_URL="https://your-provider.com/oauth/userinfo"
      OAUTH_TOKEN_URL="https://your-provider.com/oauth/token"
      OAUTH_CLIENT_ID=your-client-id
      OAUTH_CLIENT_SECRET=your-client-secret
      OAUTH_OAUTH_SCOPE="openid profile email"
      OAUTH_REDIRECT_URI=http://localhost:4200/login

  4. Restart Your Application

    • Restart the Velero UI to apply the changes.

Troubleshooting​

  • Ensure that the redirect URI set in the OAuth provider matches OAUTH_REDIRECT_URI.
  • Check if OAUTH_AUTH_ENABLED is set to true.
  • Inspect logs for authentication errors.
  • Verify that your OAuth credentials and URLs are correct.

Conclusion​

Once configured, users will be able to sign in to Velero UI using the specified OAuth provider for authentication.