Self-hosting Apidog
  1. Authentication Providers
Self-hosting Apidog
  • Introduction
    • Installation Overview
    • System Requirements
  • Licensing
    • Obtaining Apidog On-premises License
  • Deployment
    • Running Apidog on Docker
    • Running Apidog on Kubernetes
    • Running Apidog Multi-Container Deployment without Kubernetes
    • Privacy
  • Initial Setup
    • Admin Panel
    • Installing Apidog Client
    • Access Apidog Web
  • Configuration
    • Environment Variables
    • Configuring the application database
    • Configuring the application storage service
    • Authentication Providers
      • Using LDAP for authentication
      • Using OKTA for authentication
      • Using OAuth2.0 for authentication
  • Maintenance & Upgrades
    • Backing up Apidog
    • License Renewal
    • Updating Apidog
  • Troubleshooting
    • Troubleshooting
    • FAQ
  • Apidog API (coming soon)
  1. Authentication Providers

Using OAuth2.0 for authentication

Apidog supports OAuth2.0 (compatible with OIDC) integration and can be configured through Docker environment variables as follows:
Please be aware that environment variable values are case-sensitive. The required Redirect URI for your OAuth2 provider configuration is {BASE_URL}/passport/oauth2/callback. Please replace the {BASE_URL} placeholder with the value defined in your container's environment variable.
Environment Variable NameMeaningDefault ValueOthers
OAUTH2_ENABLEWhether to enable OAuth2.0 login serviceSet to true to enable, or leave blank or unset to disable
OAUTH2_AUTH_URLOAuth2.0 application login authorization linkRequired when enabling OAuth2.0 service
OAUTH2_ACCESS_TOKEN_URLOAuth2.0 application link to exchange AccessTokenRequired when enabling OAuth2.0 service
OAUTH2_USER_INFO_URLURL to exchange personal information based on access tokenRequired when enabling OAuth2.0 service
OAUTH2_CLIENT_IDOAuth2.0 application IDRequired when enabling OAuth2.0 service
OAUTH2_CLIENT_SECRETOAuth2.0 application access SecretRequired when enabling OAuth2.0 service
OAUTH2_SCOPEScopeemail,profile,openidConfiguration is typically required as described in the provider's documentation. The default value is compatible with Azure AD and Okta.
OAUTH2_USER_ID_ATTRDefault is 'id', used as the unique id for OAuth2.0 user attributesidOptional
OAUTH2_USER_EMAIL_ATTREmail fieldemailOptional
OAUTH2_USER_NAME_ATTRName fieldnameOptional
OAUTH2_USER_AVATAR_ATTRAvatar fieldavatarOptional
OAUTH2_LOGIN_TITLEControl the button text which was showed on client Login pageContinue with OAuth 2.0Optional

Configuration Example#

For Microsoft Entra ID (formerly Azure Active Directory) OIDC#

- name: OAUTH2_ENABLE
  value: 'true'
- name: OAUTH2_AUTH_URL
  value: >-
    https://login.microsoftonline.com/example-....-example/oauth2/v2.0/authorize
- name: OAUTH2_ACCESS_TOKEN_URL
  value: >-
    https://login.microsoftonline.com/example-....-example/oauth2/v2.0/token
- name: OAUTH2_CLIENT_ID
  value: <client-id>
- name: OAUTH2_CLIENT_SECRET
  value: <client-secret>
- name: OAUTH2_LOGIN_TITLE
  value: Continue with Azure AD
- name: OAUTH2_USER_INFO_URL
  value: https://graph.microsoft.com/oidc/userinfo
- name: OAUTH2_SCOPE
  value: 'sub,email,profile,openid'
- name: OAUTH2_USER_ID_ATTR
  value: sub

Different version of OIDC may require a different scope, for example:#

- name: OAUTH2_ENABLE
  value: 'true'
- name: OAUTH2_AUTH_URL
  value: >-
    https://login.microsoftonline.com/example-....-example/oauth2/v2.0/authorize
- name: OAUTH2_ACCESS_TOKEN_URL
  value: >-
    https://login.microsoftonline.com/example-....-example/oauth2/v2.0/token
- name: OAUTH2_CLIENT_ID
  value: <client-id>
- name: OAUTH2_CLIENT_SECRET
  value: <client-secret>
- name: OAUTH2_LOGIN_TITLE
  value: Continue with Azure AD
- name: OAUTH2_USER_INFO_URL
  value: https://graph.microsoft.com/v1.0/me
- name: OAUTH2_SCOPE
  value: 'email,profile,openid,user.read'
- name: OAUTH2_USER_ID_ATTR
  value: id

For other#

- name: OAUTH2_ENABLE
  value: 'true'
- name: OAUTH2_AUTH_URL
  value: https://example.com/oauth/auth
- name: OAUTH2_ACCESS_TOKEN_URL
  value: https://example.com/oauth/token
- name: OAUTH2_CLIENT_ID
  value: <client-id>
- name: OAUTH2_CLIENT_SECRET
  value: <client-secret>
- name: OAUTH2_LOGIN_TITLE
  value: Continue with Azure AD
- name: OAUTH2_USER_INFO_URL
  value: https://example.com/oauth/me
- name: OAUTH2_SCOPE
  value: 'email,profile,openid'
- name: OAUTH2_USER_ID_ATTR
  value: id
OAuth 2.0 flow chart:
OAuth-2
Modified at 2025-06-25 06:18:23
Previous
Using OKTA for authentication
Next
Backing up Apidog
Built with