feat(web,server): link/unlink oauth account (#1154)

* feat(web,server): link/unlink oauth account * chore: linting * fix: broken oauth callback * fix: user core bugs * fix: tests * fix: use user response * chore: update docs * feat: prevent the same oauth account from being linked twice * chore: mock logger
2025-08-07 23:03:36 +02:00 · 2022-12-26 10:35:52 -05:00
parent ab0a3690f3
commit 7dc12dea1e
27 changed files with 877 additions and 205 deletions
--- a/docs/docs/features/oauth.md
+++ b/docs/docs/features/oauth.md
@ -26,14 +26,33 @@ Before enabling OAuth in Immich, a new client application needs to be configured

 The **Sign-in redirect URIs** should include:

- All URLs that will be used to access the login page of the Immich web client (eg. `http://localhost:2283/auth/login`, `http://192.168.0.200:2283/auth/login`, `https://immich.example.com/auth/login`)
- Mobile app redirect URL `app.immich:/`
+- `app.immich:/` - for logging in with OAuth from the [Mobile App](/docs/features/mobile-app.mdx)
+- `http://DOMAIN:PORT/auth/login` - for logging in with OAuth from the Web Client
+- `http://DOMAIN:PORT/user-settings` - for manually linking OAuth in the Web Client

-:::caution
-You **MUST** include `app.immich:/` as the redirect URI for iOS and Android mobile app to work properly.
+:::info Redirect URIs
+
+Redirect URIs should contain all the domains you will be using to access Immich. Some examples include:
+
+Mobile
+
+- `app.immich:/` (You **MUST** include this for iOS and Android mobile apps to work properly)
+
+Localhost
+
+- `http://localhost:2283/auth/login`
+- `http://localhost:2283/user-settings`
+
+Local IP
+
+- `http://192.168.0.200:2283/auth/login`
+- `http://192.168.0.200:2283/user-settings`
+
+Hostname
+
+- `https://immich.example.com/auth/login`)
+- `https://immich.example.com/user-settings`)

-**Authentik example**
-<img src={require('./img/authentik-redirect.png').default} title="Authentik Redirection URL" width="80%" />
 :::

 ## Enable OAuth
@ -42,7 +61,7 @@ Once you have a new OAuth client application configured, Immich can be configure

 | Setting       | Type    | Default              | Description                                                               |
 | ------------- | ------- | -------------------- | ------------------------------------------------------------------------- |
-| Enabled       | boolean | false                | Enable/disable OAuth                                                     |
+| Enabled       | boolean | false                | Enable/disable OAuth                                                      |
 | Issuer URL    | URL     | (required)           | Required. Self-discovery URL for client (from previous step)              |
 | Client ID     | string  | (required)           | Required. Client ID (from previous step)                                  |
 | Client secret | string  | (required)           | Required. Client Secret (previous step)                                   |