Authentication
Providers
Sourcebot supports a wide range of different authentication providers through it’s integration with Auth.js. This page
highlights how to configure the various supported providers.
If theres an authentication provider you’d like us to support, please reach out.
Email / password authentication is enabled by default. It can be disabled by setting
Email codes are 6 digit codes sent to a provided email. Email codes are enabled when transactional emails are configured using the following environment variables:
Auth.js GitHub Provider Docs Required environment variables:
Auth.js GitLab Provider Docs Required environment variables:Google
Auth.js Google Provider Docs Required environment variables:
Custom provider built to enable automatic Sourcebot account registration/login when using GCP IAP.
Required environment variables
Auth.js Okta Provider Docs Required environment variables:
Auth.js Keycloak Provider Docs Required environment variables:
Core Authentication Providers
Email / Password
Email / password authentication is enabled by default. It can be disabled by setting
AUTH_CREDENTIALS_LOGIN_ENABLED to false.
Email codes
Email codes are 6 digit codes sent to a provided email. Email codes are enabled when transactional emails are configured using the following environment variables:
AUTH_EMAIL_CODE_LOGIN_ENABLEDSMTP_CONNECTION_URLEMAIL_FROM_ADDRESS
Enterprise Authentication Providers
The following authentication providers require an enterprise license to be enabled.GitHub
Auth.js GitHub Provider Docs Required environment variables:
AUTH_EE_GITHUB_CLIENT_IDAUTH_EE_GITHUB_CLIENT_SECRET
AUTH_EE_GITHUB_BASE_URL- Base URL for GitHub Enterprise (defaults to https://github.com)
GitLab
Auth.js GitLab Provider Docs Required environment variables:
AUTH_EE_GITLAB_CLIENT_IDAUTH_EE_GITLAB_CLIENT_SECRET
AUTH_EE_GITLAB_BASE_URL- Base URL for GitLab instance (defaults to https://gitlab.com)
Auth.js Google Provider Docs Required environment variables:
AUTH_EE_GOOGLE_CLIENT_IDAUTH_EE_GOOGLE_CLIENT_SECRET
GCP IAP
If you’re running Sourcebot in an environment that blocks egress, make sure you allow the IAP IP ranges
AUTH_EE_GCP_IAP_ENABLEDAUTH_EE_GCP_IAP_AUDIENCE- This can be found by selecting the ⋮ icon next to the IAP-enabled backend service and pressing
Get JWT audience code
- This can be found by selecting the ⋮ icon next to the IAP-enabled backend service and pressing
Okta
Auth.js Okta Provider Docs Required environment variables:
AUTH_EE_OKTA_CLIENT_IDAUTH_EE_OKTA_CLIENT_SECRETAUTH_EE_OKTA_ISSUER
Keycloak
Auth.js Keycloak Provider Docs Required environment variables:
AUTH_EE_KEYCLOAK_CLIENT_IDAUTH_EE_KEYCLOAK_CLIENT_SECRETAUTH_EE_KEYCLOAK_ISSUER
Microsoft Entra ID
Auth.js Microsoft Entra ID Provider Docs Required environment variables:AUTH_EE_MICROSOFT_ENTRA_ID_CLIENT_IDAUTH_EE_MICROSOFT_ENTRA_ID_CLIENT_SECRETAUTH_EE_MICROSOFT_ENTRA_ID_ISSUER