Reno Blog

工作流程

用户在您的应用点击登录 -> 您的应用将用户重定向到 Logto -> Logto 显示登录页面（包含“使用 GitHub 登录”按钮） -> 用户点击该按钮 -> Logto 将用户重定向到 GitHub -> 用户在 GitHub 授权 -> GitHub 将用户重定向回 Logto -> Logto 验证成功，生成自己的 id_token 和 access_token -> Logto 将用户（连同 token）重定向回您的应用 -> 您的应用验证 Logto 的 token，完成登录。

安装

• docker-compose.yaml

  services:
    postgres:
      image: postgres:16-alpine
      container_name: logto-postgres
      restart: always
      environment:
        - POSTGRES_USER=postgres
        - POSTGRES_PASSWORD=postgres
        - POSTGRES_DB=logto
      healthcheck:
        test: ["CMD", "pg_isready", "-d", "logto", "-U", "postgres"]
        interval: 30s
        timeout: 20s
        retries: 3
      networks:
        - logto
      volumes:
        - pgdata:/var/lib/postgresql/data
    
    logto:
      image: svhd/logto:latest
      container_name: logto
      restart: always
      ports:
        - "3001:3001"
        - "3002:3002"
      entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"]
      environment:
        - DB_URL=postgres://postgres:postgres@postgres:5432/logto
        - ENDPOINT=https://auth.xxxx.xx
        - ADMIN_ENDPOINT=https://admin.xxxx.xx
        - TRUST_PROXY_HEADER=True
      depends_on:
        postgres:
          condition: service_healthy
      networks:
        - logto
    
  networks:
    logto:
      name: logto
    
  volumes:
    pgdata:
      name: logto
  

• Caddyfile

  auth.xxxx.xx {
          reverse_proxy http://localhost:3001
  }
    
  admin.xxxx.xx {
          reverse_proxy http://localhost:3002
  }
  

配置

访问 https://admin.xxxx.xx 按照提示创建管理员账户

点击 Applications → Third-party apps → + Create application 选择 OIDC 点击 start building 创建

点击 Connector → Social connectors → + Add Social Connector 选择 OAuth 2.0 点击 Next 创建

点击 Sign-in experience → Sign-up and sign-in 取消 SIGN UP 和 SIGN IN 的 所有 method，在 SOCIAL SIGN-IN 选择上一步创建的 Connector，切换到 Branding 标签设置图标和按钮颜色，也可自定义css

应用

相关环境变量取值与 Application 一致

LibreChat

添加以下环境变量

ALLOW_SOCIAL_LOGIN=true
OPENID_CLIENT_ID="xxxxxxxxxxxxxxxxx"
OPENID_CLIENT_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
OPENID_SESSION_SECRET="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
OPENID_SCOPE="openid profile email"
OPENID_ISSUER="https://auth.xxxx.xx/oidc"
OPENID_CALLBACK_URL="/oauth/openid/callback"
OPENID_BUTTON_LABEL="使用 LINUX DO 登录"
OPENID_IMAGE_URL="https://linux.do/uploads/default/optimized/3X/7/d/7de31932a4fd533496cfe35979a4d9d995bb5c63_2_180x180.png"

Open-WebUI

添加以下环境变量

ENABLE_OAUTH_SIGNUP=true
OAUTH_PROVIDER_NAME=LINUX DO
OPENID_PROVIDER_URL=https://auth.xxxx.xx/oidc/.well-known/openid-configuration
OAUTH_CLIENT_ID=xxxxxxxxxx
OAUTH_CLIENT_SECRET=xxxxxxxxxx
OAUTH_SCOPES=openid email profile
OPENID_REDIRECT_URI=https://chat.xxxx.xx/oauth/oidc/callback

This site is open source. Improve this page.