Authentication
Description
Configuration for user authentication.
Danger
At least one authentication method should be configured before running the app in production. It's a security risk to disable user authentication in any environment where the app is exposed to the internet or broader networks than just 'localhost'.
These settings change how the application applies user authentication and allow different authentication methods to be used to 'sign in'.
Authentication will be disabled in either of these situations:
- The environment variable
TIGRQC_DISABLE_AUTHis set to something 'truthy'. - The app is running in debug mode and no authentication methods have been provided.
Otherwise the application will attempt to run with authentication enabled and crash if it is unable to do so (for example, if auth methods are incorrectly configured).
Authentication Behavior
These settings configure how the application applies user authentication.
TIGRQC_DISABLE_AUTH- Description: Whether to disable user authentication for the entire app. If the application is running in debug mode and no authentication methods have been configured this flag does not need to be set; Authentication is disabled automatically. This flag can allow you to disable auth for a production instance but it's probably not a good idea to do that :)
- Default:
False
Authentication Methods
These settings turn various authentication methods on. At least one authentication method should be configured before running a production instance.