FeaturesAboutDocsBlogPricingCommunity
Star on GitHubBuy me a coffeeGet Started

OAuth Setup

Configure GitHub and Google OAuth for team authentication.

GitHub OAuth

Step 1: Create a GitHub OAuth App

  1. Go to GitHub Settings → Developer settings → OAuth Apps
  2. Click "New OAuth App"
  3. Fill in the details:
    • Application name: Kubey (or your preferred name)
    • Homepage URL: https://your-kubey-domain.com
    • Authorization callback URL: https://your-kubey-domain.com/auth/callback/github
  4. Click "Register application"
  5. Copy the Client ID
  6. Click "Generate a new client secret" and copy it

Step 2: Configure Kubey

Add the credentials to your environment:

GITHUB_CLIENT_ID=your_client_id_here
GITHUB_CLIENT_SECRET=your_client_secret_here

Important: For local development, use http://localhost:8080/auth/callback/github as the callback URL.

Google OAuth

Step 1: Create Google OAuth Credentials

  1. Go to the Google Cloud Console
  2. Create a new project or select an existing one
  3. Navigate to APIs & Services → Credentials
  4. Click "Create Credentials" → "OAuth client ID"
  5. If prompted, configure the OAuth consent screen first:
    • User Type: External (or Internal for Google Workspace)
    • App name: Kubey
    • Support email: your email
    • Scopes: email, profile, openid
  6. For the OAuth client ID:
    • Application type: Web application
    • Name: Kubey
    • Authorized JavaScript origins: https://your-kubey-domain.com
    • Authorized redirect URIs: https://your-kubey-domain.com/auth/callback/google
  7. Click "Create" and copy the Client ID and Client Secret

Step 2: Configure Kubey

GOOGLE_CLIENT_ID=your_client_id_here.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your_client_secret_here

Complete Configuration Example

Here's a complete example with both providers configured:

.envbash
# Authentication mode
AUTH_MODE=shared

# Database (required for shared mode)
DATABASE_URL=postgres://kubey:kubey@localhost:5432/kubey?sslmode=disable

# Security
JWT_SECRET=your-jwt-secret-min-32-chars
ENCRYPTION_KEY=your-encryption-key-min-32-chars

# GitHub OAuth
GITHUB_CLIENT_ID=Iv1.xxxxxxxxxxxxxxxx
GITHUB_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# Google OAuth
GOOGLE_CLIENT_ID=xxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-xxxxxxxxxxxxxxxxxxxxxxxx

Domain Restrictions

You can restrict sign-ups to specific email domains through the Admin Panel:

  1. Log in as an admin user
  2. Go to Admin → Settings
  3. Add allowed domains (e.g., yourcompany.com)
  4. Optionally enable "Invite Only" mode

Tip: When domain restrictions are enabled, users with emails outside the allowed domains will see an error when trying to sign up, even if they successfully authenticate with GitHub/Google.

First-Time Setup

When you first deploy Kubey with AUTH_MODE=shared, you'll see a setup page to create the first admin user. This user will have full access to manage other users and settings.