User Authentication with OIDC
Note
OIDC authentication is only available when self-managing Lamini Platform. Contact us to learn more.
Lamini Platform supports Open ID Connect (OIDC) for user authentication. When enabled, only OIDC-authenticated users are able to access your Lamini instance. When an unauthenticated user tries to access your Lamini instance, they will be redirected to the OIDC identity provider you specify to log in. You can use any vendor-provided OIDC provider (like Auth0, Okta, AWS IAM, GCP Identity Platform, Azure Entra, and many more) or any internal service that adheres to the OIDC standard.
After a user has signed in to Lamini Platform, they can create API keys and authenticate requests as described in API authentication.
Setup flow
- Determine the URI where your Lamini Platform instance will run.
- Create an application in your OIDC provider for Lamini and configure it.
- Example configuration: Auth0
- Application Type:
Regular Web Application - Login URL:
https://<LAMINI_INSTANCE_URI>/v1/auth/login - Callback URL
https://<LAMINI_INSTANCE_URI>/v1/auth/auth - Logout URL
https://<LAMINI_INSTANCE_URI> - Web origins
https://<LAMINI_INSTANCE_URI>
- Application Type:
- Example configuration: Google
- Redirect URI:
https://<LAMINI_INSTANCE_URI>/v1/auth/auth - Authorized Origin:
https://<LAMINI_INSTANCE_URI>
- Redirect URI:
- Example configuration: Auth0
- Get the Application Client ID, Application Client Secret, and the OIDC Connect URL for your OIDC provider.
- Example URL: Auth0:
https://<YOUR-AUTH0-APP>/.well-known/openid-configuration - Example URL: Google:
https://accounts.google.com/.well-known/openid-configuration
- Example URL: Auth0:
-
Configure OIDC in the
llama_config_edits.yamlfile for your Lamini install- Set
disable_authtoFalseto enable auth
- Set
websiteto the URI of your Lamini Platform instance
- Set the
client_id,client_secret, andserver_metadata_urlvalues
- Set