Add 3rd Party Authentication (Google, Twitch etc.)
BookStack supports third-party authentication, allowing users to log in with services like Google, GitHub, Twitter, and others. By default, these services are disabled, but you can enable them by configuring the necessary credentials from each external service.
This guide will walk you through setting up third-party authentication, focusing on the most popular services: Google, GitHub, Twitter, Facebook, Slack, AzureAD, Okta, GitLab, Twitch, and Discord.
Step 1: Enable Automatic Registration (Optional)
If you want to auto-register users when they log in via a third-party service, add the following option to your .env file or to your docker-compose.yaml:
{SERVICE}_AUTO_REGISTER=trueFor example, if you're setting up Google authentication:
GOOGLE_AUTO_REGISTER=trueThis will allow users to register through third-party login services even if general registration is disabled.
Step 2: Enable Automatic Email Confirmation (Optional)
You can also enable automatic email confirmation, skipping the confirmation step for trusted third-party login services:
{SERVICE}_AUTO_CONFIRM_EMAIL=trueFor example, for Google:
GOOGLE_AUTO_CONFIRM_EMAIL=trueStep 3: Configure Individual Third-Party Services
Google Authentication
-
- Open the Google Developers Console.
- Create a new project (May have to wait a short while for it to be created).
- In ‘API and Services’ go to the ‘OAuth consent screen’ section and enter a product name (‘BookStack’ or your custom set name) along with any other required details until you can save your consent screen.
- Now in the ‘API and Services’ > ‘Credentials’ section click ‘Create Credentials’ > ‘OAuth client ID’.
- Choose an application type of ‘Web application’ and enter the following urls under ‘Authorized redirect URIs’, changing
https://example.comto your own domain where BookStack is hosted:https://example.com/login/service/google/callbackhttps://example.com/register/service/google/callback
- Hit ‘Create’ then take note of the ‘Client ID’ and ‘Client secret’ which you’ll use in the next step.
- Add or set the following items in your
.envfile like so:
All done! Users should now be able to link their social accounts in their account profile pages and also register/login using their Google accounts.# Replace the '{client_id}' and '{client_secret}' below with your Google Client ID and Client secret GOOGLE_APP_ID={client_id} GOOGLE_APP_SECRET={client_secret}
Users can now register and log in using their Google accounts.
GitHub Authentication
-
Go to your GitHub Developer Applications and click Register new application.
-
Enter an application name and add your BookStack instance URL under Homepage URL and Authorization callback URL.
-
Save the Client ID and Client Secret.
-
Add the following to your
.envfile ordocker-compose.yaml:GITHUB_APP_ID={client_id} GITHUB_APP_SECRET={client_secret}
Users can now log in with their GitHub accounts.
Twitter Authentication
-
Sign up at the Twitter Developer Portal and get approved for API access.
-
Create a new app, then add the following callback URLs (replace
https://example.comwith your domain):https://example.com/login/service/twitter/callback https://example.com/register/service/twitter/callback - Add the API key and API secret key to your
.envfile ordocker-compose.yaml:
TWITTER_APP_ID={api_key} TWITTER_APP_SECRET={api_secret}
Users can now log in with their Twitter accounts.
Facebook Authentication
-
Go to the Facebook Developers Portal and create a new app.
-
In the Facebook login settings, add the following redirect URIs:
https://example.com/login/service/facebook/callback https://example.com/register/service/facebook/callback - Add the App ID and App Secret to your
.envfile ordocker-compose.yaml:
FACEBOOK_APP_ID={app_id} FACEBOOK_APP_SECRET={app_secret}
Users can now log in with their Facebook accounts.
Slack Authentication
-
Go to the Slack Apps page and create a new app.
-
In OAuth & Permissions, add your BookStack URL to the Redirect URLs.
-
Add the Client ID and Client Secret to your
.envfile ordocker-compose.yaml:SLACK_APP_ID={client_id} SLACK_APP_SECRET={client_secret}
Users can now log in with their Slack accounts.
AzureAD (Microsoft) Authentication
-
In the Azure Portal, go to Azure Active Directory > App registrations and create a new registration.
-
Add the following redirect URIs:
https://example.com/login/service/azure/callback - Add the App ID, App Secret, and Tenant ID to your
.envfile ordocker-compose.yaml:
AZURE_APP_ID={app_id} AZURE_APP_SECRET={app_secret} AZURE_TENANT={tenant_id}
Users can now log in with their AzureAD accounts.
Okta Authentication
-
In the Okta Admin Panel, create a new app with Web platform and OpenID Connect method.
-
Add the following callback URLs:
https://example.com/login/service/okta/callback https://example.com/register/service/okta/callback - Add the Client ID, Client Secret, and Base URL to your
.envfile ordocker-compose.yaml:
OKTA_APP_ID={client_id} OKTA_APP_SECRET={client_secret} OKTA_BASE_URL={base_url}
Users can now log in with their Okta accounts.
Twitch Authentication
-
In the Twitch Developer Dashboard, create a new application.
-
Add the following redirect URIs:
https://example.com/login/service/twitch/callback - Add the Client ID and Client Secret to your
.envfile ordocker-compose.yaml:
TWITCH_APP_ID={client_id} TWITCH_APP_SECRET={client_secret}
Users can now log in with their Twitch accounts.
Discord Authentication
-
In the Discord Developer Portal, create a new application.
-
Add the following redirect URIs:
https://example.com/login/service/discord/callback - Add the Client ID and Client Secret to your
.envfile ordocker-compose.yaml:
DISCORD_APP_ID={client_id} DISCORD_APP_SECRET={client_secret}
Users can now log in with their Discord accounts.