Skip to content

OpenID Connect

You can set up RustiCal with an OpenID Connect identity provider

Example: Authelia

RustiCal configuration
[oidc]
name = "Authelia"
issuer = "https://auth.example.com"
client_id = "rustical"
client_secret = "secret..."
claim_userid = "preferred_username"  # (1)!
scopes = ["openid", "profile", "groups"]
require_group = "app/rustical"  # (2)!
allow_sign_up = true

[frontend]
allow_password_login = false  # optional
  1. Can be either preferred_username or sub
  2. Optional: You can require a user to be in a certain group to use RustiCal
Authelia configuration
identity_providers:
  oidc:
    clients:
      - client_id: rustical
        client_secret: secret...
        public: false
        consent_mode: implicit
        scopes: [openid, profile, groups]
        token_endpoint_auth_method: client_secret_basic
        redirect_uris:
          - https://rustical.example.com/frontend/login/oidc/callback

With environment variables

RUSTICAL_OIDC__NAME: "Authelia"
RUSTICAL_OIDC__ISSUER: "https://auth.example.com"
RUSTICAL_OIDC__CLIENT_ID: "rustical"
RUSTICAL_OIDC__CLIENT_SECRET: "secret..."
RUSTICAL_OIDC__CLAIM_USERID: "preferred_username"
RUSTICAL_OIDC__SCOPES: '["openid", "profile", "groups"]'
RUSTICAL_OIDC__REQUIRE_GROUP: "app:rustical"
RUSTICAL_OIDC__ALLOW_SIGN_UP: "true"
RUSTICAL_FRONTEND__ALLOW_PASSWORD_LOGIN: "false"