OAuth 2

Accounts in Shale are not owned by the instance, instead account management is deffered to an external identity provider using OAuth 2. OAuth 2.0 is the industry-standard protocol for authorization.

You can enable an OAuth 2 identity provider in Shale by setting the OAUTH2_CLIENT environment variable during installation.

The OAUTH2_CLIENT environment variable may take two forms depending on which kind of provider you choose to use.

The first is for hosted first-party providers.

OAUTH2_CLIENT: foo|client_id|client_secret

The second is providers that you may host on your own infrasturcture or are provided your own tenant of.

OAUTH2_CLIENT: foo,bar.my.server|client_id|client_secret

Creating Credentials

When creating a client with your Identity Provider of choice in order to obtain an ID and Secret, one of the pieces of information that it will ask for is a callback/redirect URL. For Shale this should look like http://localhost/-/callback but customized to use your own domain.

Providers

Below is the full list of identity providers you may use with Shale:

Provider	Short Code	Developer Portal
Amazon	amazon	https://developer.amazon.com/settings/console/securityprofile/overview.html
Battle.net	battle.net	https://develop.battle.net/access/clients
Discord	discord	https://discordapp.com/developers/applications/
Facebook	facebook	https://developers.facebook.com/apps/
GitHub	github	https://github.com/settings/developers
Google	google	https://console.developers.google.com
Microsoft	microsoft	https://apps.dev.microsoft.com/
Reddit	reddit	https://www.reddit.com/prefs/apps
Railway	railway	https://railway.com/workspace/developer

Provider	Short Code	Home
Gitea	gitea	https://gitea.io/en-us/
Forgejo	forgejo	https://forgejo.org/
Codeberg	forgejo,codeberg.org	https://codeberg.org/user/settings/applications
Gitlab	gitlab	https://about.gitlab.com/
GitLab	gitlab,gitlab.com	https://gitlab.com/profile/applications
mastodon	mastodon	https://joinmastodon.org/
pleroma	pleroma	https://pleroma.social/