Skip to content

Security

By default, Byblos is accessible without any form of authentication or authorization. While this is useful for quickly testing it, it will not be suitable for most production deployments.

Enabling security

Security is enabled by defining the following configuration parameters:

Key Type Description
byblos.webapi.security.enabled boolean Whether to require authentication to access protected resources
byblos.webapi.security.provider string Which OAuth provider to use

The available providers are described in the next sections. Each provider comes with its own additional settings.

GitHub

To use GitHub as an authentication provider, use the following configuration values:

byblos.webapi.security {
  enabled = true
  provider = github
}

You will then need to define the following parameters to further configure GitHub:

Key Type Description
byblos.webapi.security.client-id string Client ID for the OAuth flow
byblos.webapi.security.client-secret string Client secret for the OAuth flow
byblos.webapi.security.github-org string A GitHub organization that users must be a member of. Optional.

Please refer to GitHub's documentation to learn how to obtain your client ID and secret. The authorization callback URL will look like https://byblos.fly.dev/login/oauth2/code/github.

By default, any GitHub user is allowed to access Byblos. Make sure to use the github-org parameter if you wish to restrict access to only members of a given org.

Google

To use Google as an authentication provider, use the following configuration values:

byblos.webapi.security {
  enabled = true
  provider = google
}

You will then need to define the following parameters to further configure Google:

Key Type Description
byblos.webapi.security.client-id string Client ID for the OAuth flow
byblos.webapi.security.client-secret string Client secret for the OAuth flow

Please refer to Google's documentation to learn how to obtain your client ID and secret. The authorized redirect URI will look like https://byblos.fly.dev/login/oauth2/code/google.

Okta

To use Google as an authentication provider, use the following configuration values:

byblos.webapi.security {
  enabled = true
  provider = okta
}

You will then need to define the following parameters to further configure Okta:

Key Type Description
byblos.webapi.security.client-id string Client ID for the OAuth flow
byblos.webapi.security.client-secret string Client secret for the OAuth flow
byblos.webapi.security.okta-subdomain string Okta subdomain

Please refer to Okta's documentation to learn how to obtain your client ID and secret. The redirect URI will look like https://byblos.fly.dev/login/oauth2/code/okta.