Integrate with OpenID Connect providers for single sign-on.

Basic Setup

YAML 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10

auth:
  methods:
    oidc:
      enabled: true
      clientId: "filebrowser-client"
      clientSecret: "xxx"  # Use environment variable
      issuerUrl: "https://sso.example.com/application/o/filebrowser/"
      scopes: "email openid profile groups"
      userIdentifier: "preferred_username"
      createUser: true

Configuration Options

OptionDescription
enabledEnable OIDC authentication
clientIdOIDC client ID
clientSecretOIDC client secret (use env var)
issuerUrlOIDC provider URL
scopesRequested scopes
userIdentifierUser field (preferred_username, email, username, phone)
createUserAuto-create users on first login
adminGroupOIDC group name for admin rights
groupsClaimJSON field for groups (default: groups)
disableVerifyTLSDisable TLS verification (testing only!)
logoutRedirectUrlProvider logout URL

Issuer URL Examples

Authentik/Authelia:

TEXT 
1

https://domain.com/application/o/filebrowser/

Pocket ID:

TEXT 
1

https://domain.com/

Callback URL

Configure in your OIDC provider:

TEXT 
1

https://your-domain.com/api/auth/oidc/callback

With custom baseURL:

TEXT 
1

https://your-domain.com/custom-base/api/auth/oidc/callback

Auto-Redirect

When OIDC is the only auth method, users are automatically redirected to the OIDC provider.

YAML 
1
2
3
4
5
6

auth:
  methods:
    password:
      enabled: false
    oidc:
      enabled: true

Provider Examples

Authentik

YAML 
1
2
3
4
5
6
7
8

auth:
  methods:
    oidc:
      enabled: true
      clientId: "xxx"
      clientSecret: "xxx"
      issuerUrl: "https://auth.example.com/application/o/filebrowser/"
      adminGroup: "authentik Admins"

Authelia

YAML 
1
2
3
4
5
6
7

auth:
  methods:
    oidc:
      enabled: true
      clientId: "xxx"
      clientSecret: "xxx"
      issuerUrl: "https://auth.example.com"

Next Steps