Skip to main content
Version: Next 🚧

Third-party Authentication

Zealot supports authorized logins using supported third-party services, which can be currently configured via the following environment variables or in the settings page of the admin panel.

Serviceprovider
Feishufeishu
Gitlabgitlab
Googlegoogle_oauth2
LDAPldap
OpenID Connectopenid_connect

If the above services need to set the callback address please set it uniformly as follows

https://zealot.example.com/users/auth/:provider/callback

where :provider is the identifier of the above supported third-party service, for example:

# if Google is enabled, then replace `:provider` with `google_oauth2`.
https://zealot.example.com/users/auth/google_oauth2/callback

Gitlab​

  1. Register a Gitlab On line account or use self-host service
  2. Create an application in Preferences -> Applications page.
  3. Configure Redirect URI such like https://zealot.example.com/users/auth/gitlab/callback (replace the domain in your case)
  4. Check scope: read_user,By default zealot only uses this license, if your enable scope is api that's fine too
GITLAB_ENABLED=true
GITLAB_SITE=https://gitlab.com/api/v4
GITLAB_SCOPE=read_user
GITLAB_APP_ID=
GITLAB_SECRET=

Google​

  1. Register a Google account
  2. Enable Google Cloud Platform service
  3. Choose or create a Project then go to Credentials page
  4. Create OAuth Client ID with Web Application, and configure Authorized redirect URI such like https://zealot.example.com/users/auth/google_oauth2/callback (replace the domain in your case)
GOOGLE_OAUTH_ENABLED=true
GOOGLE_CLIENT_ID=
GOOGLE_SECRET=

Feishu (Lark)​

  1. Register a feishu (lark) account and download the Phone app.
  2. Enable Open platform and create application to get app_id, app_secret
  3. Configure callback url such like https://zealot.example.com/users/auth/feishu/callback (replace the domain in your case)
  4. Check user filed information scope: email address (Optional)
  5. Create a version and publish
FEISHU_ENABLED=true
FEISHU_APP_ID=
FEISHU_APP_SECRET=

LDAP​

LDAP_ENABLED=true
LDAP_HOST=10.0.0.1
LDAP_PORT=389
LDAP_METHOD=plain
LDAP_BIND_DN="cn=Manager,dc=example,dc=com"
LDAP_PASSWORD=password
LDAP_BASE="ou=People,dc=example,dc=com"
LDAP_UID=uid

OpenID Connect​

Supports both auto-discovery mode and manual settings.

Auto-discovery​

Turning on auto-discovery mode will automatically fetch the [OIDC_ISSUER_URL]/.well-known/openid-configuration configuration.

OIDC_ENABLED=true
OIDC_NAME=OIDC Provider
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_SCOPE=openid,email,profile
OIDC_RESPONSE_TYPE=code
OIDC_UID_FIELD=preferred_username
OIDC_ISSUER_URL=https://oidc.example.com
OIDC_DISCOVERY=true

Manual​

OIDC_ENABLED=true
OIDC_NAME=OIDC Provider
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_SCOPE=openid,email,profile
OIDC_RESPONSE_TYPE=code
OIDC_UID_FIELD=preferred_username
OIDC_ISSUER_URL=https://oidc.example.com
OIDC_AUTH_URI=/authorize
OIDC_TOKEN_URI=/token
OIDC_USERINFO_URI=/userinfo

Above OIDC_AUTH_URI, OIDC_TOKEN_URI, OIDC_USERINFO_URI will use the default path as above if not set.