How to Configure Login Options #

You can log into Quepid in a number of ways, including with email/password, or using oAuth providers like Google Auth or Keycloak.

Disabling Email/Password Sign In #

By default .env file contains:

# Whether or not signing in via email/password is enabled.
EMAIL_SIGNIN_ENABLED=true

Setting it to false prevents you from being able to sign in using an email/password combination.

OAuth #

Quepid uses OmniAuth for authenticating users against other resources besides it's own email/password database. OmniAuth provides an easy way to authenticate against dozens of outside services. The only ones that are packaged with Quepid are Google and Keycloak, but it's fairly easy to add new ones.

Learn more about setting up Google oAuth at https://support.google.com/cloud/answer/6158849?hl=en.

The built in options are GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, KEYCLOAK_REALM and KEYCLOAK_SITE.

The OmniAuth providers are defined in config/initializers/devise.rb. A list of available providers can be viewed on the OmniAuth Wiki. To enable a provider you need to add the gem (eg. omniauth-facebook) to the Gemfile and configure in devise.rb and user.rb

The existence of GOOGLE_CLIENT_ID or KEYCLOAK_REALM enables the respective sign in option.

Keycloak Setup Details #

Quepid has a basic Keycloak config file in /keycloak/realm-config/quepid-realm.json that is used for development purposes.

We have a Realm called Quepid, and it includes a Client called quepid. The client is where the specific configuration for how Quepid interacts with Keycloak via oAuth is set up.

We assume that the client definition in Keycloak will be named quepid, you can't change that. You can pick your Realm name however.

Keycloak 17+ removes the /auth portion of the url. If you are using earlier versions of keycloak, you need to set base_url:'/auth' in devise.rb.