Add 3rd Party Authentication (Google, Twitch etc.)

BookStack supports third-party authentication, allowing users to log in with services like Google, GitHub, Twitter, and others. By default, these services are disabled, but you can enable them by configuring the necessary credentials from each external service.

This guide will walk you through setting up third-party authentication, focusing on the most popular services: Google, GitHub, Twitter, Facebook, Slack, AzureAD, Okta, GitLab, Twitch, and Discord.

Step 1: Enable Automatic Registration (Optional)

If you want to auto-register users when they log in via a third-party service, add the following option to your .env file or to your docker-compose.yaml:

{SERVICE}_AUTO_REGISTER=true

For example, if you're setting up Google authentication:

GOOGLE_AUTO_REGISTER=true

This will allow users to register through third-party login services even if general registration is disabled.

Step 2: Enable Automatic Email Confirmation (Optional)

You can also enable automatic email confirmation, skipping the confirmation step for trusted third-party login services:

{SERVICE}_AUTO_CONFIRM_EMAIL=true

For example, for Google:

GOOGLE_AUTO_CONFIRM_EMAIL=true

Step 3: Configure Individual Third-Party Services

Google Authentication

1. Open the Google Developers Console.
2. Create a new project (May have to wait a short while for it to be created).
3. In ‘API and Services’ go to the ‘OAuth consent ~~screen~~screen’ tosection ~~configure~~and enter a product name (‘BookStack’ or your custom set name) along with any other required details until you can save your consent screen.
4. Now in the ~~app.~~
5. In ‘API and ~~Services~~Services’ > ~~Credentials~~,‘Credentials’ section click ‘Create ~~Credentials~~Credentials’ > ‘OAuth client IDID’.
6. Choose
  ~~Set the~~an application type toof ‘Web ~~application~~application’ and enter the following urls under ‘Authorized redirect ~~URIs~~URIs’, ~~(replace~~changing https://example.com ~~with~~to your own domain where BookStack ~~domain):~~
  is
```
hosted:

https://example.com/login/service/google/callback
https://example.com/register/service/google/callback
```
7. Hit
  ~~After~~‘Create’ ~~creating~~then take note of the ~~app,~~‘Client ~~note~~ID’ and ‘Client secret’ which you’ll use in the ~~Client~~next ID ~~and~~ ~~Client Secret~~.
  step.
8. Add
  ~~Add~~or set the following toitems in your .env file orlike docker-compose.yaml:so:
```
# Replace the '{client_id}' and '{client_secret}' below with your Google Client ID and Client secret
GOOGLE_APP_ID={client_id}
GOOGLE_APP_SECRET={client_secret}
```
  All done! Users should now be able to link their social accounts in their account profile pages and also register/login using their Google accounts.

Users can now register and log in using their Google accounts.

GitHub Authentication

Go to your GitHub Developer Applications and click Register new application.
Enter an application name and add your BookStack instance URL under Homepage URL and Authorization callback URL.
Save the Client ID and Client Secret.

Add the following to your .env file or docker-compose.yaml:

GITHUB_APP_ID={client_id}
GITHUB_APP_SECRET={client_secret}

Users can now log in with their GitHub accounts.

Twitter Authentication

Create a new app, then add the following callback URLs (replace https://example.com with your domain):

https://example.com/login/service/twitter/callback
https://example.com/register/service/twitter/callback

Add the API key and API secret key to your .env file or docker-compose.yaml:
```
TWITTER_APP_ID={api_key}
TWITTER_APP_SECRET={api_secret}
```

Users can now log in with their Twitter accounts.

Facebook Authentication

Go to the Facebook Developers Portal and create a new app.

In the Facebook login settings, add the following redirect URIs:

https://example.com/login/service/facebook/callback
https://example.com/register/service/facebook/callback

Add the App ID and App Secret to your .env file or docker-compose.yaml:
```
FACEBOOK_APP_ID={app_id}
FACEBOOK_APP_SECRET={app_secret}
```

Users can now log in with their Facebook accounts.

Slack Authentication

Go to the Slack Apps page and create a new app.
In OAuth & Permissions, add your BookStack URL to the Redirect URLs.
Add the Client ID and Client Secret to your .env file or docker-compose.yaml:
```
SLACK_APP_ID={client_id}
SLACK_APP_SECRET={client_secret}
```

Users can now log in with their Slack accounts.

AzureAD (Microsoft) Authentication

In the Azure Portal, go to Azure Active Directory > App registrations and create a new registration.

Add the following redirect URIs:

https://example.com/login/service/azure/callback

Add the App ID, App Secret, and Tenant ID to your .env file or docker-compose.yaml:

AZURE_APP_ID={app_id}
AZURE_APP_SECRET={app_secret}
AZURE_TENANT={tenant_id}

Users can now log in with their AzureAD accounts.

Okta Authentication

In the Okta Admin Panel, create a new app with Web platform and OpenID Connect method.

Add the following callback URLs:

https://example.com/login/service/okta/callback
https://example.com/register/service/okta/callback

Add the Client ID, Client Secret, and Base URL to your .env file or docker-compose.yaml:
```
OKTA_APP_ID={client_id}
OKTA_APP_SECRET={client_secret}
OKTA_BASE_URL={base_url}
```

Users can now log in with their Okta accounts.

Twitch Authentication

In the Twitch Developer Dashboard, create a new application.

Add the following redirect URIs:

https://example.com/login/service/twitch/callback

Add the Client ID and Client Secret to your .env file or docker-compose.yaml:
```
TWITCH_APP_ID={client_id}
TWITCH_APP_SECRET={client_secret}
```

Users can now log in with their Twitch accounts.

Discord Authentication

In the Discord Developer Portal, create a new application.

Add the following redirect URIs:

https://example.com/login/service/discord/callback

Add the Client ID and Client Secret to your .env file or docker-compose.yaml:
```
DISCORD_APP_ID={client_id}
DISCORD_APP_SECRET={client_secret}
```

Users can now log in with their Discord accounts.