zhouhongbo
/
JZ_QGNB
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '74bce9432d'
${ noResults }
JZ_QGNB/DigitalHumanWeb/docs/self-hosting/advanced/auth/next-auth/logto.mdx

75 lines
4.4 KiB
Markdown
Raw Blame History

---
title: Configuring Logto Authentication Service in LobeChat
description: >-
Learn how to configure Logto authentication service in LobeChat, including
deployment, creation, setting permissions, and environment variables.
tags:
- Logto Authentication
- Environment Variable Configuration
- Single Sign-On
- LobeChat
---
# Configuring Logto Authentication Service
[Logto](https://github.com/logto-io/logto) is an open-source authentication service with a simple and beautiful interface, rich in features and easy to use. You can choose to use the official Logto Cloud or opt for a private deployment of Logto.
<Callout type={'tip'}>
If you want to deploy Logto privately, we recommend using Docker Compose to deploy it together with the LobeChat database version. In this case, LobeChat can share the same Postgres instance with it.
</Callout>
## Logto Configuration Process
The following assumes your LobeChat database version domain is `https://lobe.example.com`.
If you are using a privately deployed Logto, assume its endpoint domain is `https://lobe-auth-api.example.com`.
If you are using Logto Cloud, assume its endpoint domain is `https://example.logto.app`.
<Steps>
### Create Logto Application
Access your privately deployed Logto WebUI or [Logto Cloud](http://cloud.logto.io/) to enter the console, and create a `Next.js (App Router)` application under `Applications` with any name.
### Configure Logto
Set the `Redirect URI` to `https://lobe.example.com/api/auth/callback/logto` and the `Post sign-out redirect URI` to `https://lobe.example.com/`.
Set `CORS allowed origins` to `https://lobe.example.com`.
<Image alt="Configure Logto" inStep src="https://github.com/user-attachments/assets/5b816379-c07b-40ea-bde4-df16e2e4e523" />
After successful creation, save the `Client ID` and `Client Secret`.
### Configure Environment Variables
<Image alt="Configure Environment Variables" inStep src="https://github.com/user-attachments/assets/15af6d94-af4f-4aa9-bbab-7a46e9f9e837" />
Set the obtained `Client ID` and `Client Secret` as `LOGTO_CLIENT_ID` and `LOGTO_CLIENT_SECRET` in the LobeChat environment variables.
Configure `LOGTO_ISSUER` in the LobeChat environment variables as follows:
- `https://lobe-auth-api.example.com/oidc` if you are using a privately deployed Logto
- `https://example.logto.app/oidc` if you are using Logto Cloud
When deploying LobeChat, you need to configure the following environment variables:
| Environment Variable | Type | Description |
| ------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `NEXT_AUTH_SECRET` | Required | The key used to encrypt Auth.js session tokens. You can generate a key using the command: `openssl rand -base64 32` |
| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LobeChat. For Logto, enter `logto`. |
| `AUTH_LOGTO_ID` | Required | The Client ID from the Logto App details page |
| `AUTH_LOGTO_SECRET` | Required | The Client Secret from the Logto App details page |
| `AUTH_LOGTO_ISSUER` | Required | OpenID Connect issuer of the Logto provider |
| `NEXTAUTH_URL` | Required | This URL specifies the callback address for Auth.js during OAuth verification, needed only if the default generated redirect address is incorrect. `https://lobe.example.com/api/auth` |
<Callout type={'tip'}>
Visit [📘 Environment Variables](/docs/self-hosting/environment-variables/auth#logto) for details on related variables.
</Callout>
</Steps>
<Callout type={'info'}>After successful deployment, users will be able to authenticate via Logto and use LobeChat.</Callout>
Reference in New Issue View Git Blame Copy Permalink