starred/pocket-id-pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-09 14:52:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

chore: remove docs from repository

Browse Source
This commit is contained in:
Elias Schneider
2025-02-06 17:22:43 +01:00
parent 7c04bda5b7
commit 0751540d7d
51 changed files with 0 additions and 20002 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
.github/workflows/deploy-docs.yml vendored
View File

@@ -1,51 +0,0 @@
name: Deploy Docs
on:
push:
branches:
- main
paths:
- "docs/**"
jobs:
build:
name: Build Docusaurus
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
cache: "npm"
cache-dependency-path: docs/package-lock.json
- name: Install dependencies
run: npm install
working-directory: ./docs
- name: Build website
run: npm run build
working-directory: ./docs
- name: Upload Build Artifact
uses: actions/upload-pages-artifact@v3
with:
path: docs/build
deploy:
name: Deploy to GitHub Pages
needs: build
permissions:
pages: write
id-token: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4

5
.gitignore vendored
View File

@@ -38,11 +38,6 @@ data
pocket-id-backend
/backend/GeoLite2-City.mmdb
# Generated files
docs/build
docs/.docusaurus
docs/.cache-loader
# Misc
.DS_Store
.env.local

26
docs/docs/client-examples/cloudflare-zero-trust.md
View File

@@ -1,26 +0,0 @@
---
id: cloudflare-zero-trust
---
# Cloudflare Zero Trust
**Note: Cloudflare will need to be able to reach your Pocket ID instance and vice versa for this to work correctly**
## Pocket ID Setup
1. In Pocket-ID create a new OIDC Client, name it i.e. `Cloudflare Zero Trust`.
2. Set a logo for this OIDC Client if you would like too.
3. Set the callback URL to: `https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback`.
4. Copy the Client ID, Client Secret, Authorization URL, Token URL, and Certificate URL for the next steps.
## Cloudflare Zero Trust Setup
1. Login to Cloudflare Zero Trust [Dashboard](https://one.dash.cloudflare.com/).
2. Navigate to Settings > Authentication > Login Methods.
3. Click `Add New` under login methods.
4. Create a name for the new login method.
5. Paste in the `Client ID` from Pocket ID into the `App ID` field.
6. Paste the `Client Secret` from Pocket ID into the `Client Secret` field.
7. Paste the `Authorization URL` from Pocket ID into the `Auth URL` field.
8. Paste the `Token URL` from Pocket ID into the `Token URL` field.
9. Paste the `Certificate URL` from Pocket ID into the `Certificate URL` field.
10. Save the new login method and test to make sure it works with cloudflare.

63
docs/docs/client-examples/freshrss.md
View File

@@ -1,63 +0,0 @@
---
id: freshrss
---
# FreshRSS
The following example variables are used, and should be replaced with your actual URLs.
- `freshrss.example.com` (The URL of your Proxmox instance.)
- `id.example.com` (The URL of your Pocket ID instance.)
## Pocket ID Setup
1. In Pocket ID create a new OIDC Client, name it, for example, `FreshRSS`.
2. Set a logo for this OIDC Client if you would like to.
3. Set the callback URL to: `https://freshrss.example.com/i/oidc/`.
4. Copy the `Client ID`, `Client Secret`, and `OIDC Discovery URL` for use in the next steps.
## FreshRSS Setup
See [FreshRSS OpenID Connect documentation](16_OpenID-Connect.md) for general OIDC settings.
This is an example docker-compose file for FreshRSS with OIDC enabled.
```yaml
services:
freshrss:
image: freshrss/freshrss:1.25.0
container_name: freshrss
ports:
- 8080:80
volumes:
- /freshrss_data:/var/www/FreshRSS/data
- /freshrss_extensions:/var/www/FreshRSS/extensions
environment:
CRON_MIN: 1,31
TZ: Etc/UTC
OIDC_ENABLED: 1
OIDC_CLIENT_ID: <POCKET_ID_CLIENT_ID>
OIDC_CLIENT_SECRET: <POCKET_ID_SECRET>
OIDC_PROVIDER_METADATA_URL: https://id.example.com/.well-known/openid-configuration
OIDC_SCOPES: openid email profile
OIDC_X_FORWARDED_HEADERS: X-Forwarded-Proto X-Forwarded-Host
OIDC_REMOTE_USER_CLAIM: preferred_username
restart: unless-stopped
networks:
- freshrss
networks:
freshrss:
name: freshrss
```
:::important
The Username used in Pocket ID must match the Username used in FreshRSS **exactly**. This also applies to case sensitivity. As of version `0.24` of Pocket ID all Usernames are required to be entirely lowercase. FreshRSS allows for uppercase. If a Pocket ID Username is `amanda` and your FreshRSS Username is `Amanda`, you will get a 403 error in FreshRSS and be unable to login. As of version `1.25` of FreshRSS, you are unable to change your username in the GUI. To change your FreshRSS username to lowercase or to match your Pocket ID username, you must nagivate to your FreshRSS volume location. Go to `data/users/` and change the folder for your user to the matching username in Pocket ID, then restart the FreshRSS container to apply the changes.
:::
## Complete OIDC Setup
If you are setting up a new instance of FreshRSS, simply start the container with the OIDC variables and navigate to your FreshRSS URL.
If you are adding OIDC to an existing FreshRSS instance, recreate the container with the docker-compose file with the OIDC variables in it and navigate to your FreshRSS URL. Go to `Settings > Authentication` and change the Authentication method to **HTTP** and hit Submit. Logout to test your OIDC connection.
If you have an error with Pocket ID or are unable to login to your FreshRSS account, you can revert to password login by editing your `config.php` file for FreshRSS. Find the value for `auth_type` and change from `http_auth` to `form`. Restart the FreshRSS container to revert to password login.

30
docs/docs/client-examples/gitea.md
View File

@@ -1,30 +0,0 @@
---
id: gitea
---
# Gitea
## Pocket ID Setup
1. In Pocket ID, create a new OIDC client named `Gitea` (or any name you prefer).
2. (Optional) Set a logo for the OIDC client.
3. Set the callback URL to: `https://<Gitea Host>/user/oauth2/PocketID/callback`
4. Copy the `Client ID`, `Client Secret`, and `OIDC Discovery URL` for the next steps.
## Gitea Setup
1. Log in to Gitea as an admin.
2. Go to **Site Administration → Identity & Access → Authentication Sources**.
3. Click **Add Authentication Source**.
4. Set **Authentication Type** to `OAuth2`.
5. Set **Authentication Name** to `PocketID`.
:::important
If you change this name, update the callback URL in Pocket ID to match.
:::
6. Set **OAuth2 Provider** to `OpenID Connect`.
7. Enter the `Client ID` into the **Client ID (Key)** field.
8. Enter the `Client Secret` into the **Client Secret** field.
9. Enter the `OIDC Discovery URL` into the **OpenID Connect Auto Discovery URL** field.
10. Enable **Skip local 2FA**.
11. Set **Additional Scopes** to `openid email profile`.
12. Save the settings and test the OAuth login.

22
docs/docs/client-examples/grist.md
View File

@@ -1,22 +0,0 @@
---
id: grist
---
# Grist
## Pocket ID Setup
1. In Pocket-ID create a new OIDC Client, name it i.e. `Grist`
2. Set the callback url to: `https://<Grist Host>/oauth2/callback`
3. In Grist (Docker/Docker Compose/etc), set these environment variables:
```ini
GRIST_OIDC_IDP_ISSUER="https://<Pocket ID Host>/.well-known/openid-configuration"
GRIST_OIDC_IDP_CLIENT_ID="<Client ID from the OIDC Client created in Pocket ID>"
GRIST_OIDC_IDP_CLIENT_SECRET="<Client Secret from the OIDC Client created in Pocket ID>"
GRIST_OIDC_SP_HOST="https://<Grist Host>"
GRIST_OIDC_IDP_SCOPES="openid email profile" # Default
GRIST_OIDC_IDP_SKIP_END_SESSION_ENDPOINT=true # Default=false, needs to be true for Pocket Id b/c end_session_endpoint is not implemented
GRIST_OIDC_IDP_END_SESSION_ENDPOINT="https://<Pocket ID Host>/api/webauthn/logout" # Only set this if GRIST_OIDC_IDP_SKIP_END_SESSION_ENDPOINT=false and you need to define a custom endpoint
```
4. Also ensure that the `GRIST_DEFAULT_EMAIL` env variable is set to the same email address as your user profile within Pocket ID
5. Start/Restart Grist

34
docs/docs/client-examples/headscale.md
View File

@@ -1,34 +0,0 @@
---
id: headscale
---
# Headscale
## Create OIDC Client in Pocket ID
1. Create a new OIDC Client in Pocket ID (e.g., `Headscale`).
2. Set the callback URL: `https://<HEADSCALE-DOMAIN>/oidc/callback`
3. Enable `PKCE`.
4. Copy the **Client ID** and **Client Secret**.
## Configure Headscale
> Refer to the example [`config.yaml`](https://github.com/juanfont/headscale/blob/main/config-example.yaml) for full OIDC configuration options.
Add the following to `config.yaml`:
```yaml
oidc:
issuer: "https://<POCKET-ID-DOMAIN>"
client_id: "<CLIENT-ID>"
client_secret: "<CLIENT-SECRET>"
pkce:
enabled: true
method: S256
```
### (Optional) Restrict Access to Certain Groups
To allow only specific groups, add:
```yaml
scope: ["openid", "profile", "email", "groups"]
allowed_groups:
- <POCKET-ID-GROUP-NAME> #example: headscale
```

25
docs/docs/client-examples/hoarder.md
View File

@@ -1,25 +0,0 @@
---
id: hoarder
---
# Hoarder
1. In Pocket-ID create a new OIDC Client, name it i.e. `Hoarder`
2. Set the callback url to: `https://<your-hoarder-subdomain>.<your-domain>/api/auth/callback/custom`
3. Open your `.env` file from your Hoarder compose and add these lines:
```ini
OAUTH_WELLKNOWN_URL = https://<your-pocket-id-subdomain>.<your-domain>/.well-known/openid-configuration
OAUTH_CLIENT_SECRET = <client secret from the created OIDC client>
OAUTH_CLIENT_ID = <client id from the created OIDC client>
OAUTH_PROVIDER_NAME = Pocket-Id
NEXTAUTH_URL = https:///<your-hoarder-subdomain>.<your-domain>
```
4. Optional: If you like to disable password authentication and link your existing hoarder account with your pocket-id identity
```ini
DISABLE_PASSWORD_AUTH = true
OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = true
```

BIN
docs/docs/client-examples/imgs/jellyfin_img.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 73 KiB

BIN
docs/docs/client-examples/imgs/jellyfin_img2.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 81 KiB

BIN
docs/docs/client-examples/imgs/jellyfin_img3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 47 KiB

26
docs/docs/client-examples/immich.md
View File

@@ -1,26 +0,0 @@
---
id: immich
---
# Immich
## Create OIDC Client in Pocket ID
1. Create a new OIDC Client in Pocket ID (e.g., `immich`).
2. Set the callback URLs:
```
https://<IMMICH-DOMAIN>/auth/login
https://<IMMICH-DOMAIN>/user-settings
app.immich:///oauth-callback
```
4. Copy the **Client ID**, **Client Secret**, and **OIDC Discovery URL**.
## Configure Immich
1. Open Immich and navigate to:
**`Administration > Settings > Authentication Settings > OAuth`**
2. Enable **Login with OAuth**.
3. Fill in the required fields:
- **Issuer URL**: Paste the `Authorization URL` from Pocket ID.
- **Client ID**: Paste the `Client ID` from Pocket ID.
- **Client Secret**: Paste the `Client Secret` from Pocket ID.
4. *(Optional)* Change `Button Text` to `Login with Pocket ID`.
5. Save the settings.
6. Test the OAuth login to ensure it works.

63
docs/docs/client-examples/jellyfin.md
View File

@@ -1,63 +0,0 @@
---
id: jellyfin
---
# Jellyfin
> Due to the current limitations of the Jellyfin SSO plugin, this integration will only work in a browser. When tested, the Jellyfin app did not work and displayed an error, even when custom menu buttons were created.
> To view the original references and a full list of capabilities, please visit the [Jellyfin SSO OpenID Section](https://github.com/9p4/jellyfin-plugin-sso?tab=readme-ov-file#openid).
## Requirements
- [Jellyfin Server](https://jellyfin.org/downloads/server)
- [Jellyfin SSO Plugin](https://github.com/9p4/jellyfin-plugin-sso)
- HTTPS connection to your Jellyfin server
## OIDC - Pocket ID Setup
To start, we need to create a new SSO resource in our Jellyfin application.
> Replace the `JELLYFINDOMAIN` and `PROVIDER` elements in the URL.
1. Log into the admin panel, and go to OIDC Clients -> Add OIDC Client.
2. **Name**: Jellyfin (or any name you prefer)
3. **Callback URL**: `https://JELLYFINDOMAIN.com/sso/OID/redirect/PROVIDER`
4. For this example, well be using the provider named "test_resource."
5. Click **Save**. Keep the page open, as we will need the OID client ID and OID secret.
## OIDC Client - Jellyfin SSO Resource
1. Visit the plugin page (<i>Administration Dashboard -> My Plugins -> SSO-Auth</i>).
2. Enter the <i>OID Provider Name (we used "test_resource" as our name in the callback URL), Open ID, OID Secret, and mark it as enabled.</i>
3. The following steps are optional based on your needs. In this guide, well be managing only regular users, not admins.
![img.png](imgs/jellyfin_img.png)
> To manage user access through groups, follow steps **4, 5, and 6**. Otherwise, leave it blank and skip to step 7.
![img2.png](imgs/jellyfin_img2.png)
4. Under <i>Roles</i>, type the name of the group you want to use. **Note:** This must be the group name, not the label. Double-check in Pocket ID, as an incorrect name will lock users out.
5. Skip every field until you reach the **Role Claim** field, and type `groups`.
> This step is crucial if you want to manage users through groups.
6. Repeat the above step under **Request Additional Scopes**. This will pull the group scope during the sign-in process; otherwise, the previous steps wont work.
![img3.png](imgs/jellyfin_img3.png)
7. Skip the remaining fields until you reach **Scheme Override**. Enter `https` here. If omitted, it will attempt to use HTTP first, which will break as WebAuthn requires an HTTPS connection.
8. Click **Save** and restart Jellyfin.
## Optional Step - Custom Home Button
Follow the [guide to create a login button on the login page](https://github.com/9p4/jellyfin-plugin-sso?tab=readme-ov-file#creating-a-login-button-on-the-main-page) to add a custom button on your sign-in page. This step is optional, as you could also provide the sign-in URL via a bookmark or other means.
## Signing into Your Jellyfin Instance
Done! You have successfully set up SSO for your Jellyfin instance using Pocket ID.
> **Note:** Sometimes there may be a brief delay when using the custom menu option. This is related to the Jellyfin plugin and not Pocket ID.
If your users already have accounts, as long as their Pocket ID username matches their Jellyfin ID, they will be logged in automatically. Otherwise, a new user will be created with access to all of your folders. Of course, you can modify this in your configuration as desired.
This setup will only work if sign-in is performed using the `https://jellyfin.example.com/sso/OID/start/PROVIDER` URL. This URL initiates the SSO plugin and applies all the configurations we completed above.

28
docs/docs/client-examples/memos.md
View File

@@ -1,28 +0,0 @@
---
id: memos
---
# Memos
## Pocket ID Setup
1. In Pocket ID, create a new OIDC client named `Memos` (or any name you prefer).
2. (Optional) Set a logo for the OIDC client.
3. Set the callback URL to: `https://< Memos Host >/auth/callback`
4. Copy the `Client ID`, `Client Secret`, `Authorization endpoint`, `Token endpoint`, and `User endpoint` for the next steps.
## Gitea Setup
1. Log in to Memos as an admin.
2. Go to **Settings → SSO → Create**.
3. Set **Template** to `Custom`.
4. Enter the `Client ID` into the **Client ID** field.
5. Enter the `Client Secret` into the **Client secret** field.
6. Enter the `Authorization URL` into the **Authorization endpoint** field.
7. Enter the `Token URL` into the **Token endpoint** field.
8. Enter the `Userinfo URL` into the **User endpoint** field.
11. Set **Scopes** to `openid email profile`.
12. Set **Identifier** to `preferred_username`
13. Set **Display Name** to `profile`.
14. Set **Email** to `email`.
15. Save the settings and test the OAuth login.

46
docs/docs/client-examples/netbox.md
View File

@@ -1,46 +0,0 @@
---
id: netbox
---
# Netbox
**This guide does not currently show how to map groups in netbox from OIDC claims**
The following example variables are used, and should be replaced with your actual URLS.
- netbox.example.com (The url of your netbox instance.)
- id.example.com (The url of your Pocket ID instance.)
## Pocket ID Setup
1. In Pocket-ID create a new OIDC Client, name it i.e. `Netbox`.
2. Set a logo for this OIDC Client if you would like too.
3. Set the callback URL to: `https://netbox.example.com/oauth/complete/oidc/`.
4. Copy the `Client ID`, and the `Client Secret` for use in the next steps.
## Netbox Setup
This guide assumes you are using the git based install of netbox.
1. On your netbox server navigate to `/opt/netbox/netbox/netbox`
2. Add the following to your `configuration.py` file:
```python
# Remote authentication support
REMOTE_AUTH_ENABLED = True
REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'
REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
REMOTE_AUTH_USER_FIRST_NAME = 'HTTP_REMOTE_USER_FIRST_NAME'
REMOTE_AUTH_USER_LAST_NAME = 'HTTP_REMOTE_USER_LAST_NAME'
REMOTE_AUTH_USER_EMAIL = 'HTTP_REMOTE_USER_EMAIL'
REMOTE_AUTH_AUTO_CREATE_USER = True
REMOTE_AUTH_DEFAULT_GROUPS = []
REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
SOCIAL_AUTH_OIDC_ENDPOINT = 'https://id.example.com'
SOCIAL_AUTH_OIDC_KEY = '<client id from the first part of this guide>'
SOCIAL_AUTH_OIDC_SECRET = '<client id from the first part of this guide>'
LOGOUT_REDIRECT_URL = 'https://netbox.example.com'
```
3. Save the file and restart netbox: `sudo systemctl start netbox netbox-rq`

17
docs/docs/client-examples/open-webui.md
View File

@@ -1,17 +0,0 @@
---
id: open-webui
---
# Open WebUI
1. In Pocket-ID, create a new OIDC Client, name it i.e. `Open WebUI`.
2. Set the callback URL to: `https://openwebui.domain/oauth/oidc/callback`
3. Add the following to your docker `.env` file for Open WebUI:
```ini
ENABLE_OAUTH_SIGNUP=true
OAUTH_CLIENT_ID=<client id from pocket ID>
OAUTH_CLIENT_SECRET=<client secret from pocket ID>
OAUTH_PROVIDER_NAME=Pocket ID
OPENID_PROVIDER_URL=https://<your pocket id url>/.well-known/openid-configuration
```

42
docs/docs/client-examples/pgadmin.md
View File

@@ -1,42 +0,0 @@
---
id: pgadmin
---
# pgAdmin
The following example variables are used, and should be replaced with your actual URLS.
- pgadmin.example.com (The url of your pgAdmin instance.)
- id.example.com (The url of your Pocket ID instance.)
## Pocket ID Setup
1. In Pocket-ID create a new OIDC Client, name it i.e. `pgAdmin`.
2. Set a logo for this OIDC Client if you would like too.
3. Set the callback URL to: `https://pgadmin.example.com/oauth2/authorize`.
4. Copy the `Client ID`, `Client Secret`, `Authorization URL`, `Userinfo URL`, `Token URL`, and `OIDC Discovery URL` for use in the next steps.
# pgAdmin Setup
1. Add the following to the `config_local.py` file for pgAdmin:
**Make sure to replace https://id.example.com with your actual Pocket ID URL**
```python
AUTHENTICATION_SOURCES = ['oauth2', 'internal'] # This keeps internal authentication enabled as well as oauth2
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [{
'OAUTH2_NAME' : 'pocketid',
'OAUTH2_DISPLAY_NAME' : 'Pocket ID',
'OAUTH2_CLIENT_ID' : '<client id from the earlier step>',
'OAUTH2_CLIENT_SECRET' : '<client secret from the earlier step>',
'OAUTH2_TOKEN_URL' : 'https://id.example.com/api/oidc/token',
'OAUTH2_AUTHORIZATION_URL' : 'https://id.example/authorize',
'OAUTH2_API_BASE_URL' : 'https://id.example.com',
'OAUTH2_USERINFO_ENDPOINT' : 'https://id.example.com/api/oidc/userinfo',
'OAUTH2_SERVER_METADATA_URL' : 'https://id.example.com/.well-known/openid-configuration',
'OAUTH2_SCOPE' : 'openid email profile',
'OAUTH2_ICON' : 'fa-openid',
'OAUTH2_BUTTON_COLOR' : '#fd4b2d' # Can select any color you would like here.
}]
```

38
docs/docs/client-examples/portainer.md
View File

@@ -1,38 +0,0 @@
---
id: portainer
---
# Portainer
**This requires Portainers Business Edition**
The following example variables are used, and should be replaced with your actual URLS.
- portainer.example.com (The url of your Portainer instance.)
- id.example.com (The url of your Pocket ID instance.)
## Pocket ID Setup
1. In Pocket-ID create a new OIDC Client, name it i.e. `Portainer`.
2. Set a logo for this OIDC Client if you would like too.
3. Set the callback URL to: `https://portainer.example.com/`.
4. Copy the `Client ID`, `Client Secret`, `Authorization URL`, `Userinfo URL`, and `Token URL` for use in the next steps.
# Portainer Setup
- While initally setting up OAuth in Portainer, its recommended to keep the `Hide internal authentication prompt` set to `Off` incase you need a fallback login
- This guide does **NOT** cover how to setup group claims in Portainer.
1. Open the Portainer web interface and navigate to: `Settings > Authentication`
2. Select `Custom OAuth Provider`
3. Paste the `Client ID` from Pocket ID into the `Client ID` field in Portainer.
4. Paste the `Client Secret` from Pocket ID into the `Client Secret` field in Portainer.
5. Paste the `Authorization URL` from Pocket ID into the `Authorization URL` field in Portainer.
6. Paste the `Token URL` from Pocket ID into the `Access token URL` field in Portainer.
7. Paste the `Userinfo URL` from Pocket ID into the `Resource URL` field in Portainer.
8. Set the `Redirect URL` to `https://portainer.example.com`
9. Set the `Logout URL` to `https://portainer.example.com`
10. Set the `User identifier` field to `preferred_username`. (This will use the users username vs the email)
11. Set the `Scopes` field to: `email openid profile`
12. Set `Auth Style` to `Auto detect`
13. Save the settings and test the new OAuth Login.

30
docs/docs/client-examples/proxmox.md
View File

@@ -1,30 +0,0 @@
---
id: proxmox
---
# Proxmox
The following example variables are used, and should be replaced with your actual URLs.
- `proxmox.example.com` (The URL of your Proxmox instance.)
- `id.example.com` (The URL of your Pocket ID instance.)
## Pocket ID Setup
1. In Pocket ID create a new OIDC Client, name it, for example, `Proxmox`.
2. Set a logo for this OIDC Client if you would like to.
3. Set the callback URL to: `https://proxmox.example.com`.
4. Copy the `Client ID`, and the `Client Secret` for use in the next steps.
## Proxmox Setup
1. Open the Proxmox console and navigate to: `Datacenter` -> `Permissions` -> `Realms`.
2. Add a new `OpenID Connect Server` Realm.
3. Enter `https://id.example.com` for the `Issuer URL`.
4. Enter a name for the realm of your choice, for example, `PocketID`.
5. Paste the `Client ID` from Pocket ID into the `Client ID` field in Proxmox.
6. Paste the `Client Secret` from Pocket ID into the `Client Key` field in Proxmox.
7. You can check the `Default` box if you want this to be the default realm Proxmox uses when signing in.
8. Check the `Autocreate Users` checkbox. (This will automatically create users in Proxmox if they don't exist).
9. Select `username` for the `Username Claim` dropdown. (This is a personal preference and controls how the username is shown, for example: `username = username@PocketID` or `email = username@example@PocketID`).
10. Leave the rest as defaults and click `OK` to save the new realm.

28
docs/docs/client-examples/semaphore-ui.md
View File

@@ -1,28 +0,0 @@
---
id: semaphore-ui
---
# Semaphore UI
1. In Pocket-ID create a new OIDC Client, name it i.e. `Semaphore UI`.
2. Set the callback URL to: `https://<your-semaphore-ui-url>/api/auth/oidc/pocketid/redirect/`.
3. Add the following to your `config.json` file for Semaphore UI:
```json
"oidc_providers": {
"pocketid": {
"display_name": "Sign in with PocketID",
"provider_url": "https://<your-pocket-id-url>",
"client_id": "<client-id-from-pocket-id>",
"client_secret": "<client-secret-from-pocket-id>",
"redirect_url": "https://<your-semaphore-ui-url>/api/auth/oidc/pocketid/redirect/",
"scopes": [
"openid",
"profile",
"email"
],
"username_claim": "email",
"name_claim": "given_name"
}
}
```

22
docs/docs/client-examples/vikunja.md
View File

@@ -1,22 +0,0 @@
---
id: vikunja
---
# Vikunja
1. In Pocket-ID create a new OIDC Client, name it i.e. `Vikunja`
2. Set the callback url to: `https://<your-vikunja-subdomain>.<your-domain>/auth/openid/pocketid`
3. In `Vikunja` ensure to map a config file to your container, see [here](https://vikunja.io/docs/config-options/#using-a-config-file-with-docker-compose)
4. Add or set the following content to the `config.yml` file:
```yml
auth:
openid:
enabled: true
redirecturl: https://<your-vikunja-subdomain>.<your-domain>/auth/openid/pocketid
providers:
- name: Pocket-Id
authurl: https://<your-pocket-id-subdomain>.<your-domain>
clientid: <client id from the created OIDC client>
clientsecret: <client secret from the created OIDC client>
```

15
docs/docs/configuration/allowed-groups.md
View File

@@ -1,15 +0,0 @@
---
id: allowed-groups
---
# OIDC Client Allowed Groups
Pocket ID allows you to restrict access to OIDC Clients to specific user groups. This can be useful when you want to restrict access to certain applications to specific users.
By default, all users are allowed to access all OIDC Clients. To restrict access to specific user groups, follow the steps below:
1. Navigate to the `OIDC Clients` section in the Pocket ID admin dashboard.
2. Click the edit (pencil) icon on the OIDC client you wish to restrict.
3. Expand the `Allowed User Groups` section.
4. Select the Group(s) you want to allow access to this OIDC Client and save your changes.
5. Now only users in the selected group(s) will be allowed to access that specific client.

26
docs/docs/configuration/environment-variables.md
View File

@@ -1,26 +0,0 @@
---
id: environment-variables
---
# Environment Variables
Below are all the environment variables supported by Pocket ID. These should be configured in your `.env ` file.
Be cautious when modifying environment variables that are not recommended to change.
| Variable | Default Value | Recommended to change | Description |
| ---------------------------- | ------------------------- | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `PUBLIC_APP_URL` | `http://localhost` | yes | The URL where you will access the app. |
| `TRUST_PROXY` | `false` | yes | Whether the app is behind a reverse proxy. |
| `MAXMIND_LICENSE_KEY` | `-` | yes | License Key for the GeoLite2 Database. The license key is required to retrieve the geographical location of IP addresses in the audit log. If the key is not provided, IP locations will be marked as "unknown." You can obtain a license key for free [here](https://www.maxmind.com/en/geolite2/signup). |
| `PUID` and `PGID` | `1000` | yes | The user and group ID of the user who should run Pocket ID inside the Docker container and owns the files that are mounted with the volume. You can get the `PUID` and `GUID` of your user on your host machine by using the command `id`. For more information see [this article](https://docs.linuxserver.io/general/understanding-puid-and-pgid/#using-the-variables). |
| `DB_PROVIDER` | `sqlite` | no | The database provider you want to use. Currently `sqlite` and `postgres` are supported. |
| `SQLITE_DB_PATH` | `data/pocket-id.db` | no | The path to the SQLite database. This gets ignored if you didn't set `DB_PROVIDER` to `sqlite`. |
| `POSTGRES_CONNECTION_STRING` | `-` | no | The connection string to your Postgres database. This gets ignored if you didn't set `DB_PROVIDER` to `postgres`. A connection string can look like this: `postgresql://user:password@host:5432/pocket-id`. |
| `UPLOAD_PATH` | `data/uploads` | no | The path where the uploaded files are stored. |
| `INTERNAL_BACKEND_URL` | `http://localhost:8080` | no | The URL where the backend is accessible. |
| `GEOLITE_DB_PATH` | `data/GeoLite2-City.mmdb` | no | The path where the GeoLite2 database should be stored. |
| `CADDY_PORT` | `80` | no | The port on which Caddy should listen. Caddy is only active inside the Docker container. If you want to change the exposed port of the container then you sould change this variable. |
| `CADDY_DISABLED` | `false` | no | Whether Caddy should be disabled inside the Docker container. If disabled, you must configure your reverse proxy to correctly map all paths. Refer to the [official Caddyfile](https://github.com/pocket-id/pocket-id/blob/main/reverse-proxy/Caddyfile) for guidance. |
| `PORT` | `3000` | no | The port on which the frontend should listen. |
| `BACKEND_PORT` | `8080` | no | The port on which the backend should listen |

40
docs/docs/configuration/ldap.md
View File

@@ -1,40 +0,0 @@
---
id: ldap
---
# LDAP Synchronization
Pocket ID can sync users and groups from an LDAP Source (lldap, OpenLDAP, Active Directory, etc.).
### LDAP Sync
- The LDAP Service will sync on Pocket ID startup and every hour once enabled from the Web UI.
- Users or groups synced from LDAP can **NOT** be edited from the Pocket ID Web UI.
### Generic LDAP Setup
1. Follow the installation guide [here](/setup/installation).
2. Once you have signed in with the initial admin account, navigate to the Application Configuration section at `https://pocket.id/settings/admin/application-configuration`.
3. Client Configuration Setup
| LDAP Variable | Example Value | Description |
| ------------------ | ---------------------------------- | ------------------------------------------------------------- |
| LDAP URL | ldaps://ldap.mydomain.com:636 | The URL with port to connect to LDAP |
| LDAP Bind DN | cn=admin,ou=users,dc=domain,dc=com | The full DN value for the user with search privileges in LDAP |
| LDAP Bind Password | securepassword | The password for the Bind DN account |
| LDAP Search Base | dc=domain,dc=com | The top-level path to search for users and groups |
<br />
4. LDAP Attribute Configuration Setup
| LDAP Variable | Example Value | Description |
| --------------------------------- | ------------------ | -------------------------------------------------------------------------------- |
| User Unique Identifier Attribute | uuid | The LDAP attribute to uniquely identify the user, **this should never change** |
| Username Attribute | uid | The LDAP attribute to use as the username of users |
| User Mail Attribute | mail | The LDAP attribute to use for the email of users |
| User First Name Attribute | givenName | The LDAP attribute to use for the first name of users |
| User Last Name Attribute | sn | The LDAP attribute to use for the last name of users |
| Group Unique Identifier Attribute | uuid | The LDAP attribute to uniquely identify the groups, **this should never change** |
| Group Name Attribute | uid | The LDAP attribute to use as the name of synced groups |
| Admin Group Name | \_pocket_id_admins | The group name to use for admin permissions for LDAP users |

182
docs/docs/guides/proxy-services.md
View File

@@ -1,182 +0,0 @@
---
id: proxy-services
---
# Proxy Services
The goal of Pocket ID is to function exclusively as an OIDC provider. As such, we don't have a built-in proxy provider. However, you can use other tools that act as a middleware to protect your services and support OIDC as an authentication provider.
There are two ways to do this:
- Implement OIDC into your reverse proxy
- Use [OAuth2 Proxy](https://oauth2-proxy.github.io/oauth2-proxy/)
## Reverse Proxy
Almost every reverse proxy somehow supports protecting your services with OIDC. Currently only Caddy is documented but you can search on Google for your reverse proxy and OIDC.
We would really appreciate if you contribute to this documentation by adding your reverse proxy and how to configure it with Pocket ID.
### Caddy
With [caddy-security](https://github.com/greenpau/caddy-security) you can easily protect your services with Pocket ID.
#### 1. Create a new OIDC client in Pocket ID.
Create a new OIDC client in Pocket ID by navigating to `https://<your-domain>/settings/admin/oidc-clients`. Now enter `https://<domain-of-proxied-service>/caddy-security/oauth2/generic/authorization-code-callback` as the callback URL. After adding the client, you will obtain the client ID and client secret, which you will need in the next step.
#### 2. Install caddy-security
Run the following command to install caddy-security:
```bash
caddy add-package github.com/greenpau/caddy-security
```
#### 3. Create your Caddyfile
```bash
{
# Port to listen on
http_port 443
# Configure caddy-security.
order authenticate before respond
security {
oauth identity provider generic {
delay_start 3
realm generic
driver generic
client_id client-id-from-pocket-id # Replace with your own client ID
client_secret client-secret-from-pocket-id # Replace with your own client secret
scopes openid email profile
base_auth_url http://localhost
metadata_url http://localhost/.well-known/openid-configuration
}
authentication portal myportal {
crypto default token lifetime 3600 # Seconds until you have to re-authenticate
enable identity provider generic
cookie insecure off # Set to "on" if you're not using HTTPS
transform user {
match realm generic
action add role user
}
}
authorization policy mypolicy {
set auth url /caddy-security/oauth2/generic
allow roles user
inject headers with claims
}
}
}
https://<domain-of-your-service> {
@auth {
path /caddy-security/*
}
route @auth {
authenticate with myportal
}
route /* {
authorize with mypolicy
reverse_proxy http://<service-to-be-proxied>:<port> # Replace with your own service
}
}
```
For additional configuration options, refer to the official [caddy-security documentation](https://docs.authcrunch.com/docs/intro).
#### 4. Start Caddy
```bash
caddy run --config Caddyfile
```
#### 5. Access the service
Your service should now be protected by Pocket ID.
## OAuth2 Proxy
### Docker Installation
#### 1. Add OAuth2 proxy to the service that should be proxied.
To configure OAuth2 Proxy with Pocket ID, you have to add the following service to the service that should be proxied. E.g., if [Uptime Kuma](https://github.com/louislam/uptime-kuma) should be proxied, you can add the following service to the `docker-compose.yml` of Uptime Kuma:
```yaml
# Example with Uptime Kuma
# uptime-kuma:
# image: louislam/uptime-kuma
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
command: --config /oauth2-proxy.cfg
volumes:
- "./oauth2-proxy.cfg:/oauth2-proxy.cfg"
ports:
- 4180:4180
```
#### 2. Create a new OIDC client in Pocket ID.
Create a new OIDC client in Pocket ID by navigating to `https://<your-domain>/settings/admin/oidc-clients`. Now enter `https://<domain-of-proxied-service>/oauth2/callback` as the callback URL. After adding the client, you will obtain the client ID and client secret, which you will need in the next step.
#### 3. Create a configuration file for OAuth2 Proxy.
Create a configuration file named `oauth2-proxy.cfg` in the same directory as your `docker-compose.yml` file of the service that should be proxied (e.g. Uptime Kuma). This file will contain the necessary configurations for OAuth2 Proxy to work with Pocket ID.
Here is the recommend `oauth2-proxy.cfg` configuration:
```cfg
# Replace with your own credentials
client_id="client-id-from-pocket-id"
client_secret="client-secret-from-pocket-id"
oidc_issuer_url="https://<your-pocket-id-domain>"
# Replace with a secure random string
cookie_secret="random-string"
# Upstream servers (e.g http://uptime-kuma:3001)
upstreams="http://<service-to-be-proxied>:<port>"
# Additional Configuration
provider="oidc"
scope = "openid email profile groups"
# If you are using a reverse proxy in front of OAuth2 Proxy
reverse_proxy = true
# Email domains allowed for authentication
email_domains = ["*"]
# If you are using HTTPS
cookie_secure="true"
# Listen on all interfaces
http_address="0.0.0.0:4180"
```
For additional configuration options, refer to the official [OAuth2 Proxy documentation](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview).
#### 4. Start the services.
After creating the configuration file, you can start the services using Docker Compose:
```bash
docker compose up -d
```
#### 5. Access the service.
You can now access the service through OAuth2 Proxy by visiting `http://localhost:4180`.
### Standalone Installation
Setting up OAuth2 Proxy with Pocket ID without Docker is similar to the Docker setup. As the setup depends on your environment, you have to adjust the steps accordingly but is should be similar to the Docker setup.
You can visit the official [OAuth2 Proxy documentation](https://oauth2-proxy.github.io/oauth2-proxy/installation) for more information.

24
docs/docs/introduction.md
View File

@@ -1,24 +0,0 @@
---
id: introduction
---
# Introduction
Pocket ID is a simple OIDC provider that allows users to authenticate with their passkeys to your services.
The goal of Pocket ID is to be a simple and easy-to-use. There are other self-hosted OIDC providers like [Keycloak](https://www.keycloak.org/) or [ORY Hydra](https://www.ory.sh/hydra/) but they are often too complex for simple use cases.
Additionally, what makes Pocket ID special is that it only supports [passkey](https://www.passkeys.io/) authentication, which means you dont need a password. Some people might not like this idea at first, but I believe passkeys are the future, and once you try them, youll love them. For example, you can now use a physical Yubikey to sign in to all your self-hosted services easily and securely.
**_Pocket ID is in its early stages and may contain bugs. There might be OIDC features that are not yet implemented. If you encounter any issues, please open an issue_** [here](https://github.com/pocket-id/pocket-id/issues/new?template=bug.yml).
## Get to know Pocket ID
→ [Try the Demo of Pocket ID](https://demo.pocket-id.org)
<img src="https://github.com/user-attachments/assets/96ac549d-b897-404a-8811-f42b16ea58e2" width="700"/>
## Useful Links
- [Installation](/setup/installation)
- [Proxy Services](/guides/proxy-services)
- [Client Examples](/client-examples)

85
docs/docs/setup/installation.md
View File

@@ -1,85 +0,0 @@
---
id: installation
---
# Installation
# Before you start
Pocket ID requires a [secure context](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts), meaning it must be served over HTTPS. This is necessary because Pocket ID uses the [WebAuthn API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API).
### Installation with Docker (recommended)
1. Download the `docker-compose.yml` and `.env` file:
```bash
curl -O https://raw.githubusercontent.com/pocket-id/pocket-id/main/docker-compose.yml
curl -o .env https://raw.githubusercontent.com/pocket-id/pocket-id/main/.env.example
```
2. Edit the `.env` file so that it fits your needs. See the [environment variables](/configuration/environment-variables) section for more information.
3. Run `docker compose up -d`
You can now sign in with the admin account on `http://localhost/login/setup`.
### Proxmox
Run the [helper script](https://community-scripts.github.io/ProxmoxVE/scripts?id=pocketid) as root in your Proxmox shell.
**Configuration Paths**
- /opt/pocket-id/backend/.env
- /opt/pocket-id/frontend/.env
```bash
bash -c "$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/pocketid.sh)"
```
### Unraid
Pocket ID is available as a template on the Community Apps store.
### Stand-alone Installation (advanced)
Required tools:
- [Node.js](https://nodejs.org/en/download/) >= 22
- [Go](https://golang.org/doc/install) >= 1.23
- [Git](https://git-scm.com/downloads)
- [PM2](https://pm2.keymetrics.io/)
- [Caddy](https://caddyserver.com/docs/install) (optional)
1. Copy the `.env.example` file in the `frontend` and `backend` folder to `.env` and change it so that it fits your needs.
```bash
cp frontend/.env.example frontend/.env
cp backend/.env.example backend/.env
```
2. Run the following commands:
```bash
git clone https://github.com/pocket-id/pocket-id
cd pocket-id
# Checkout the latest version
git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
# Start the backend
cd backend/cmd
go build -o ../pocket-id-backend
cd ..
pm2 start pocket-id-backend --name pocket-id-backend
# Start the frontend
cd ../frontend
npm install
npm run build
pm2 start --name pocket-id-frontend --node-args="--env-file .env" build/index.js
# Optional: Start Caddy (You can use any other reverse proxy)
cd ..
pm2 start --name pocket-id-caddy caddy -- run --config reverse-proxy/Caddyfile
```
You can now sign in with the admin account on `http://localhost/login/setup`.

13
docs/docs/setup/nginx-reverse-proxy.md
View File

@@ -1,13 +0,0 @@
---
id: nginx-reverse-proxy
---
# Nginx Reverse Proxy
To use Nginx as a reverse proxy for Pocket ID, update the configuration to increase the header buffer size. This adjustment is necessary because SvelteKit generates larger headers, which may exceed the default buffer limits.
```nginx
proxy_busy_buffers_size 512k;
proxy_buffers 4 512k;
proxy_buffer_size 256k;
```

45
docs/docs/setup/upgrading.md
View File

@@ -1,45 +0,0 @@
---
id: upgrading
---
# Upgrading
Updating to a New Version
#### Docker
```bash
docker compose pull
docker compose up -d
```
#### Stand-alone
1. Stop the running services:
```bash
pm2 delete pocket-id-backend pocket-id-frontend pocket-id-caddy
```
2. Run the following commands:
```bash
cd pocket-id
# Checkout the latest version
git fetch --tags && git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
# Start the backend
cd backend/cmd
go build -o ../pocket-id-backend
cd ..
pm2 start pocket-id-backend --name pocket-id-backend
# Start the frontend
cd ../frontend
npm install
npm run build
pm2 start --name pocket-id-frontend --node-args="--env-file .env" build/index.js
# Optional: Start Caddy (You can use any other reverse proxy)
cd ..
pm2 start caddy --name pocket-id-caddy -- run --config reverse-proxy/Caddyfile
```

40
docs/docs/setup/user-management.md
View File

@@ -1,40 +0,0 @@
---
id: user-management
---
# User Management
Creating users in Pocket ID can be handled in two ways:
1. Manually create users via the admin interface.
2. Sync users from an [LDAP](/configuration/ldap) source.
Once users have been created using one of the methods above, follow the steps below to help configure passkeys for them.
## Setting Up User Passkeys
> As the admin, you cannot add passkeys for users; end users must configure them on their own.
> Passkeys can be stored in services like Bitwarden, LastPass, iCloud, or even locally on certain devices using platform authenticators.
### One-Time Link
1. Navigate to the **Users** page in the Pocket ID admin dashboard.
2. Locate the user you want to set up a passkey for.
3. Click the **three dots** on the right side of the user row.
4. Click **One-Time Link**.
5. Select an **Expiration Time** for the link.
6. Click **Generate Link** and send it to the user to allow them to set up their new passkey.
### One-Time Access Email
> **This method requires a valid SMTP server set up in Pocket ID.**
> **Allowing users to sign in with a link sent to their email significantly reduces security, as anyone with access to the user's email can gain entry.**
1. Navigate to the **Application Configuration** section in the Pocket ID admin dashboard.
2. Expand the **Email** section and enable the **Email One-Time Access** option.
3. Instruct the user to navigate to Pocket ID, e.g., `https://id.example.com`.
4. Have the user click on the **Don't have access to your passkey?** link at the bottom of the page.
5. Have the user enter their email associated with their Pocket ID account and click **Submit**.
6. The user will receive an email with a **One-Time Access** link to set up their passkey.

13
docs/docs/troubleshooting/account-recovery.md
View File

@@ -1,13 +0,0 @@
---
id: account-recovery
---
# Account recovery
There are two ways to create a one-time access link for a user:
1. **UI**: An admin can create a one-time access link for the user in the admin panel under the "Users" tab by clicking on the three dots next to the user's name and selecting "One-time link".
2. **Terminal**: You can create a one-time access link for a user by running the `scripts/create-one-time-access-token.sh` script. To execute this script with Docker you have to run the following command:
```bash
docker compose exec pocket-id sh "sh scripts/create-one-time-access-token.sh <username or email>"
```

29
docs/docs/troubleshooting/common-issues.md
View File

@@ -1,29 +0,0 @@
---
id: common-issues
---
# Common Issues
## Unable to Add a Passkey
Ensure that the `PUBLIC_APP_URL` is set correctly to the public URL of the Pocket ID instance.
Example:
```ini
PUBLIC_APP_URL=https://id.example.com
```
## Unable to Access the Admin UI After Setup
To set up the initial passkey for the admin user, navigate to:
```
https://id.example.com/login/setup
```
## Invalid Callback URL
One of the most common issues with OIDC clients is a misconfigured `Callback URL`.
If the `redirect_uri` URL parameter starts with `http` but `https` is expected, the client is the issue. If you cant resolve the issue on the client side, you can add a secondary callback URL using both `http` and `https` versions.

71
docs/docusaurus.config.ts
View File

@@ -1,71 +0,0 @@
import type * as Preset from "@docusaurus/preset-classic";
import type { Config } from "@docusaurus/types";
import { themes as prismThemes } from "prism-react-renderer";
const config: Config = {
title: "Pocket ID",
tagline:
"Pocket ID is a simple OIDC provider that allows users to authenticate with their passkeys to your services.",
favicon: "img/pocket-id.png",
url: "https://docs.pocket-id.org",
baseUrl: "/",
organizationName: "pocket-id",
projectName: "pocket-id",
onBrokenLinks: "warn",
onBrokenMarkdownLinks: "warn",
i18n: {
defaultLocale: "en",
locales: ["en"],
},
presets: [
[
"classic",
{
docs: {
routeBasePath: "/docs",
sidebarPath: "./sidebars.ts",
editUrl: "https://github.com/pocket-id/pocket-id/edit/main/docs",
},
blog: false,
} satisfies Preset.Options,
],
],
themeConfig: {
image: "img/pocket-id.png",
colorMode: {
respectPrefersColorScheme: true,
},
navbar: {
title: "Pocket ID",
logo: {
alt: "Pocket ID Share Logo",
src: "img/pocket-id.png",
},
items: [
// Version gets replaced by the version-label.ts script
{
to: "#version",
label: " ",
position: "right",
},
{
href: "https://github.com/pocket-id/pocket-id",
label: "GitHub",
position: "right",
},
],
},
prism: {
theme: prismThemes.github,
darkTheme: prismThemes.dracula,
},
} satisfies Preset.ThemeConfig,
clientModules: [require.resolve("./src/version-label.ts")],
};
export default config;

18472
docs/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

52
docs/package.json
View File

@@ -1,52 +0,0 @@
{
"name": "pocket-id-docs",
"version": "0.0.0",
"private": true,
"scripts": {
"docusaurus": "docusaurus",
"start": "docusaurus start",
"build": "docusaurus build",
"swizzle": "docusaurus swizzle",
"deploy": "GIT_USER=stonith404 docusaurus deploy",
"clear": "docusaurus clear",
"serve": "docusaurus serve",
"write-translations": "docusaurus write-translations",
"write-heading-ids": "docusaurus write-heading-ids",
"typecheck": "tsc"
},
"dependencies": {
"@docusaurus/core": "3.7.0",
"@docusaurus/preset-classic": "3.7.0",
"@fortawesome/fontawesome-free": "^6.7.2",
"@mdx-js/react": "^3.0.0",
"@tailwindcss/postcss": "^4.0.3",
"clsx": "^2.0.0",
"prism-react-renderer": "^2.3.0",
"react": "^19.0.0",
"react-dom": "^19.0.0"
},
"devDependencies": {
"@docusaurus/module-type-aliases": "3.7.0",
"@docusaurus/tsconfig": "3.7.0",
"@docusaurus/types": "3.7.0",
"autoprefixer": "^10.4.20",
"postcss": "^8.5.1",
"tailwindcss": "^4.0.3",
"typescript": "~5.6.2"
},
"browserslist": {
"production": [
">0.5%",
"not dead",
"not op_mini all"
],
"development": [
"last 3 chrome version",
"last 3 firefox version",
"last 5 safari version"
]
},
"engines": {
"node": ">=18.0"
}
}

6
docs/postcss.config.js
View File

@@ -1,6 +0,0 @@
module.exports = {
plugins: {
"@tailwindcss/postcss": {},
autoprefixer: {},
},
}

115
docs/sidebars.ts
View File

@@ -1,115 +0,0 @@
import type { SidebarsConfig } from "@docusaurus/plugin-content-docs";
const sidebars: SidebarsConfig = {
docsSidebar: [
{
type: "doc",
id: "introduction",
},
{
type: "category",
label: "Getting Started",
items: [
{
type: "doc",
id: "setup/installation",
},
{
type: "doc",
id: "setup/user-management",
},
{
type: "doc",
id: "setup/nginx-reverse-proxy",
},
{
type: "doc",
id: "setup/upgrading",
},
],
},
{
type: "category",
label: "Configuration",
items: [
{
type: "doc",
id: "configuration/allowed-groups",
},
{
type: "doc",
id: "configuration/environment-variables",
},
{
type: "doc",
id: "configuration/ldap",
},
],
},
{
type: "category",
label: "Guides",
items: [
{
type: "doc",
id: "guides/proxy-services",
},
],
},
{
type: "category",
label: "Troubleshooting",
items: [
{
type: "doc",
id: "troubleshooting/account-recovery",
},
{
type: "doc",
id: "troubleshooting/common-issues",
},
],
},
{
type: "category",
label: "Client Examples",
link: {
type: "generated-index",
title: "Client Examples",
description:
"Examples of how to setup Pocket ID with different clients",
slug: "client-examples",
},
items: [
"client-examples/cloudflare-zero-trust",
"client-examples/freshrss",
"client-examples/gitea",
"client-examples/grist",
"client-examples/headscale",
"client-examples/hoarder",
"client-examples/immich",
"client-examples/jellyfin",
"client-examples/memos",
"client-examples/netbox",
"client-examples/open-webui",
"client-examples/pgadmin",
"client-examples/portainer",
"client-examples/proxmox",
"client-examples/semaphore-ui",
"client-examples/vikunja",
],
},
{
type: "link",
label: "Contributing",
href: "https://github.com/pocket-id/pocket-id/blob/main/CONTRIBUTING.md",
},
{
type: "link",
label: "Demo",
href: "https://demo.pocket-id.org",
},
],
};
export default sidebars;

27
docs/src/components/feature-box.tsx
View File

@@ -1,27 +0,0 @@
export default function FeatureBox({
title,
description,
imgSrc,
imgLeft = true,
}: {
title: string;
description: string;
imgSrc: string;
imgLeft?: boolean;
}) {
return (
<div className="p-6 glass grid grid-cols-1 md:grid-cols-12 gap-10 items-center">
<div className="col-span-5">
<p className="text-3xl font-semibold !mb-3">{title}</p>
<p className="text-gray-300">{description}</p>
</div>
<img
src={imgSrc}
alt="Feature Image"
className={`rounded-lg col-span-7 border border-neutral-800 ${
imgLeft ? "order-first" : "order-last"
}`}
/>
</div>
);
}

5
docs/src/pages/docs/index.tsx
View File

@@ -1,5 +0,0 @@
import { Redirect } from "@docusaurus/router";
export default function DocsRedirect() {
return <Redirect to="/docs/introduction" />;
}

103
docs/src/pages/index.tsx
View File

@@ -1,103 +0,0 @@
import "@fortawesome/fontawesome-free/css/all.min.css";
import React from "react";
import FeatureBox from "../components/feature-box";
import "/styles.css";
const Home: React.FC = () => {
return (
<div className="text-white h-screen flex flex-col bg-muted/40">
<header style={{ backgroundColor: "hsl(240, 10%, 3.9%)" }}>
<div className="w-full border-b border-black">
<div className="container flex w-full items-center justify-between px-4 md:px-10">
<div className="flex h-16 items-center">
<img
src="https://docs.pocket-id.org/img/pocket-id.png"
alt="Pocket ID Logo"
className="mr-3 h-8 w-8"
/>
<h2 className="text-sm font-medium" style={{ margin: 0 }}>
Pocket ID
</h2>
</div>
<a
href="https://github.com/stonith404/pocket-id"
target="_blank"
rel="noopener noreferrer"
style={{ color: "hsl(0, 0%, 98%)" }}
className="text-white text-2xl"
>
<i className="fab fa-github" aria-hidden="true"></i>
</a>
</div>
</div>
</header>
<main className="flex-1 flex flex-col justify-center items-center px-4 sm:px-0 container">
<section className="flex items-center mt-10 flex-col-reverse lg:flex-row gap-5">
<div>
<h1 className="text-sm font-extrabold">
Secure Your Services with OIDC
</h1>
<p className="mt-4 text-lg">
Pocket ID is a simple and easy-to-use OIDC provider that allows
users to authenticate with their passkeys to your services.
</p>
<a
href="/docs/introduction"
className="mt-6 inline-block text-black px-6 py-3 rounded-lg font-semibold"
style={{
backgroundColor: "hsl(0, 0%, 98%)",
color: "hsl(240, 10%, 3.9%)",
}}
>
Get Started
</a>
</div>
<img
src="/img/landing/authorize-screenshot.png"
alt="Pocket ID Logo"
className="max-h-[350px] xl:max-h-[450px]"
/>
</section>
<section className="mt-15">
<h2 className="!text-3xl font-bold">Features</h2>
<div className="flex flex-col gap-5">
<FeatureBox
title="Passwordless Authentication"
description="Pocket ID only supports passkey authentication, which means you don't need a password."
imgSrc="/img/landing/passkey-auth-screenshot.png"
/>
<FeatureBox
title="Restrict User Groups"
description="You can select which user groups are allowed to authenticate with your services."
imgSrc="/img/landing/allowed-usergroups-screenshot.png"
imgLeft={false}
/>
<FeatureBox
title="Audit Logs"
description="Keep track of your account activities. If SMTP is configured, you can even receive sign-in notifications."
imgSrc="/img/landing/audit-log-screenshot.png"
/>
<FeatureBox
title="LDAP"
description="Sync your users and groups from your LDAP server to Pocket ID."
imgSrc="/img/landing/ldap-screenshot.png"
imgLeft={false}
/>
</div>
<p className="!mt-5 text-center">And much more...</p>
</section>
</main>
<div className="flex flex-col items-center mt-10">
<p className="py-3 text-xs text-muted-foreground">
&copy; 2025 Pocket ID
</p>
</div>
</div>
);
};
export default Home;

23
docs/src/version-label.ts
View File

@@ -1,23 +0,0 @@
import ExecutionEnvironment from "@docusaurus/ExecutionEnvironment";
if (ExecutionEnvironment.canUseDOM) {
function readVersionFile() {
return fetch(
"https://raw.githubusercontent.com/pocket-id/pocket-id/refs/heads/main/.version"
)
.then((response) => response.text())
.catch((error) => `Error reading version file: ${error}`);
}
function getVersion() {
readVersionFile()
.then((version) => {
const versionLabels = document.querySelectorAll('[href="#version"]');
versionLabels.forEach((label) => {
(label as HTMLElement).innerText = `v${version}`;
});
})
.catch((error) => console.error("Error fetching version:", error));
}
window.addEventListener("load", getVersion);
}

0
docs/static/.nojekyll vendored
View File

1
docs/static/CNAME vendored
View File

@@ -1 +0,0 @@
docs.pocket-id.org

BIN
docs/static/img/landing/allowed-usergroups-screenshot.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 224 KiB

BIN
docs/static/img/landing/audit-log-screenshot.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 368 KiB

BIN
docs/static/img/landing/authorize-screenshot.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.7 MiB

BIN
docs/static/img/landing/ldap-screenshot.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 290 KiB

BIN
docs/static/img/landing/passkey-auth-screenshot.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.9 MiB

BIN
docs/static/img/pocket-id.png vendored
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.4 KiB

11
docs/static/styles.css vendored
View File

@@ -1,11 +0,0 @@
@layer theme, base, components, utilities;
@import "tailwindcss/theme.css" layer(theme);
@import "tailwindcss/utilities.css" layer(utilities);
.glass {
background: #09090b;
backdrop-filter: blur(10px);
border-radius: 10px;
border: 1px solid rgba(255, 255, 255, 0.2);
}

8
docs/tsconfig.json
View File

@@ -1,8 +0,0 @@
{
// This file is not used in compilation. It is here just for a nice editor experience.
"extends": "@docusaurus/tsconfig",
"compilerOptions": {
"baseUrl": "."
},
"exclude": [".docusaurus", "build"]
}