Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts a a companion for common reverse proxies.
HedgeDoc as an example web app (formerly know as CodiMD) is an open-source, web-based, self-hosted, collaborative markdown editor. You can use it to easily collaborate on notes, graphs or even presentations in real-time.
- Authelia v4.36.3
- HedgeDoc 1.9.4
Before you begin
You are required to utilize a unique client id and a unique and random client secret for all OpenID Connect relying parties. You should not use the client secret in this example, you should randomly generate one yourself. You may also choose a to utilize a different client id, it’s completely up to you.
The example makes the following assumptions:
- Application Root URL:
- Authelia Root URL:
- Client ID: hedgedoc
Client Secret: hedgedoc_client_secret
Set the following HedgeDoc OAUTH2 configuration parameters.
- CMD_OAUTH2_PROVIDERNAME=Authelia - CMD_OAUTH2_CLIENT_ID=hedgedoc - CMD_OAUTH2_CLIENT_SECRET=hedgedoc_client_secret - CMD_OAUTH2_SCOPE=openid email profile - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=sub - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email - CMD_OAUTH2_USER_PROFILE_URL=https://auth.example.com/api/oidc/userinfo - CMD_OAUTH2_TOKEN_URL=https://auth.example.com/api/oidc/token - CMD_OAUTH2_AUTHORIZATION_URL=https://auth.example.com/api/oidc/authorize
- id: hedgedoc description: HedgeDoc SSO secret: hedgedoc_client_secret public: false authorization_policy: two_factor pre_configured_consent_duration: 3M audience:  scopes: - openid - email - profile redirect_uris: - https://hedgedoc.example.com/auth/oauth2/callback