Using Loft as OIDC Provider

Loft can act as an OpenID Connect provider for other services, e.g. a self-hosted container registry using Harbor.

To tell Loft to act as OIDC provider, navigate to Admin > Config and add the oidc section to your config:

auth: ...
oidc:
enabled: true
clients:
- name: "Example Client"
clientId: "loft"
clientSecret: "MYCLIENTSECRET"
redirectURIs:
- http://my-allowed-redirect-uri
# - ADD A 2nd OIDC CLIENT HERE
# - ADD A 3rd OIDC CLIENT HERE

To configure Loft as an OIDC provider somewhere else, you can fill out the following fields with:

  • OIDC Provider Endpoint / Issuer: https://loft.mycompany.tld/oidc
  • OIDC Client ID: loft
  • OIDC Client Secret: MYCLIENTSECRET
  • Group Claim Name: groups
  • Available OIDC Scopes: offline_access,openid,groups,email,profile

With this configuration, your Loft users will be able to authenticate in another application using their Loft account (which may itself be based on another SSO provider).