Launching the PlatformSelf-hosted: On-premPrerequisites

OAuth Provider

Setup and configure OAuth provider for your self-hosted platform

Overview

Purpose

  • User authentication
  • Access control
  • Single sign-on capabilities
  • Identity management

Key Features

  • OpenID Connect support
  • OAuth 2.0 compliance
  • User profile information
  • Email verification

Provider options

Google OAuth Setup

Access Google Cloud Console

Create OAuth Client

  • Click + CREATE CREDENTIALS
  • Select OAuth client ID
  • Choose Web application type

Configure OAuth Client

  • Add Authorized JavaScript origins: 
    https://your-domain.com
  • Add Authorized redirect URIs: 
    https://your-domain.com/api/auth/callback/google

Make sure to replace your-domain.com with your actual platform domain.

Azure Active Directory Setup

Access Azure Portal

  • Go to Azure Active Directory
  • Register a new application

Configure Application

  • Add redirect URIs
  • Set up platform configurations
  • Configure authentication settings

Set Required Permissions

  • OpenID Connect permissions
  • User.Read permissions
  • Additional scopes as needed

Custom OIDC Provider

For enterprise setups, you can use any OpenID Connect compliant provider:

  • Okta
  • Auth0
  • Keycloak
  • Other OIDC-compliant providers

Required provider capabilities:

  • OpenID Connect support
  • OAuth 2.0 compliance
  • User profile information
  • Email verification

Jwt configuration

Generate a secure signing key bash openssl rand -base64 32

Store this key securely - it's used to sign user sessions.

Information collection

Required values for platform installation

  • OAuth Client ID
  • OAuth Client Secret
  • JWT signing key
  • Configured redirect URI
auth:
  jwtSigningKey: "your-generated-key" # From openssl command
  providers:
    google:
      enabled: true
      clientID: "your-client-id" # From OAuth provider
      clientSecret: "your-secret" # From OAuth provider

Validation

Verify OAuth client configuration

Ensure the client ID and secret are active and linked to the correct project or tenant.

Confirm redirect URIs match your domain

Compare the redirect URIs configured in the provider with the platform callback URLs to avoid mismatches.

Check JWT signing key storage

Verify that the generated signing key is stored securely and available to the platform services.

Validate required scopes are enabled

Confirm the provider grants the scopes (for example, openid, profile, email) expected by the platform.

Troubleshooting

Invalid Redirect URI

  • Verify exact URI match
  • Check for protocol (https) mismatch
  • Confirm domain spelling

Authentication Failures

  • Verify client credentials
  • Check scope configurations
  • Validate JWT signing key

Need help? Contact [email protected] if you encounter any issues.

Domain & TLS

Configure domain names and TLS certificates for your self-hosted platform

PostgreSQL

Setup and configure PostgreSQL database for your self-hosted platform

On this page

OverviewPurposeKey FeaturesProvider optionsGoogle OAuth SetupAccess Google Cloud ConsoleCreate OAuth ClientConfigure OAuth ClientAzure Active Directory SetupAccess Azure PortalConfigure ApplicationSet Required PermissionsCustom OIDC ProviderJwt configurationGenerate a secure signing key bash openssl rand -base64 32 Information collectionRequired values for platform installationValidationVerify OAuth client configurationConfirm redirect URIs match your domainCheck JWT signing key storageValidate required scopes are enabledTroubleshootingInvalid Redirect URIAuthentication Failures