|
| 1 | +--- |
| 2 | +title: Zerobyte |
| 3 | +description: Use the Tinyauth OpenID Connect provider to authenticate users with Zerobyte. |
| 4 | +--- |
| 5 | + |
| 6 | +import { Tabs, TabItem } from '@astrojs/starlight/components'; |
| 7 | + |
| 8 | +[Zerobyte](https://github.com/nicotsx/zerobyte) is a popular self-hosted backup automation solution based on restic. It allows users to easily manage and automate their backup tasks through a user-friendly web interface. By integrating Tinyauth as an OpenID Connect provider, you can enhance the security of your Zerobyte instance by enabling single sign-on (SSO) and centralized authentication. |
| 9 | + |
| 10 | +## Requirements |
| 11 | + |
| 12 | +- A running instance of Zerobyte |
| 13 | +- A Tinyauth instance |
| 14 | +- A cup of coffee (optional but recommended) |
| 15 | + |
| 16 | +:::caution |
| 17 | +You will need to run Tinyauth with HTTPS to use it as an OpenID Connect provider. |
| 18 | +::: |
| 19 | + |
| 20 | +## Tinyauth Configuration |
| 21 | + |
| 22 | +To begin with, we need to generate a client ID and secret in Tinyauth for Zerobyte. This can be done by running the following command: |
| 23 | + |
| 24 | +<Tabs> |
| 25 | + <TabItem label="Docker"> |
| 26 | + ```sh |
| 27 | + docker run -i -t --rm ghcr.io/steveiliop56/tinyauth:v5 oidc create zerobyte |
| 28 | + ``` |
| 29 | + </TabItem> |
| 30 | + <TabItem label="Binary"> |
| 31 | + ```sh |
| 32 | + ./tinyauth oidc create zerobyte |
| 33 | + ``` |
| 34 | + </TabItem> |
| 35 | +</Tabs> |
| 36 | + |
| 37 | +From the output, make sure to note down the client ID and secret as we will need them later for the Zerobyte configuration. |
| 38 | + |
| 39 | +Now, we can pass our configuration to Tinyauth using environment variables: |
| 40 | + |
| 41 | +```sh |
| 42 | +TINYAUTH_OIDC_PRIVATEKEYPATH=/path/to/private/key.pem |
| 43 | +TINYAUTH_OIDC_PUBLICKEYPATH=/path/to/public/key.pem |
| 44 | +TINYAUTH_OIDC_CLIENTS_ZEROBYTE_CLIENTID=client-id |
| 45 | +TINYAUTH_OIDC_CLIENTS_ZEROBYTE_CLIENTSECRET=ta-client-secret |
| 46 | +TINYAUTH_OIDC_CLIENTS_ZEROBYTE_TRUSTEDREDIRECTURIS=https://your-zerobyte-instance.com/api/auth/sso/callback/tinyauth |
| 47 | +TINYAUTH_OIDC_CLIENTS_ZEROBYTE_NAME=Zerobyte |
| 48 | +``` |
| 49 | + |
| 50 | +:::note |
| 51 | +In the trusted redirect URIs field, we used the `/tinyauth` suffix for the callback URL. This needs to match with the name of the client we will create in Zerobyte in the next step. In case you want to use a different name, make sure to update the callback URL accordingly. |
| 52 | +::: |
| 53 | + |
| 54 | +Restart your Tinyauth instance to apply the new configuration. |
| 55 | + |
| 56 | +## Zerobyte Configuration |
| 57 | + |
| 58 | +Next, we need to configure Zerobyte to use Tinyauth as an OpenID Connect provider. This can be done by creating a new client in the Zerobyte admin panel. This can be done by navigating to the *Settings* page and then to the *Organization* tab. Here, you can click on the *Register New* under the *Single Sign-On* section to create a new client. |
| 59 | + |
| 60 | +Fill in the form with the following details: |
| 61 | + |
| 62 | +| Name | Value | |
| 63 | +| - | - | |
| 64 | +| Provider ID | `tinyauth` | |
| 65 | +| Organization Domain | The parent domain of your Tinyauth instance, e.g., `example.com` | |
| 66 | +| Issuer URL | Your Tinyauth instance URL, e.g., `https://tinyauth.example.com` | |
| 67 | +| Discovery Endpoint | Your Tinyauth instance URL followed by `/.well-known/openid-configuration`, e.g., `https://tinyauth.example.com/.well-known/openid-configuration` | |
| 68 | +| Client ID | The client ID generated in the previous step. | |
| 69 | +| Client Secret | The client secret generated in the previous step. | |
| 70 | +| Link matching emails to existing accounts | Optional, but you probably want to enable this if your users have the same email addresses in both Tinyauth and Zerobyte. | |
| 71 | + |
| 72 | + |
| 73 | + |
| 74 | +After filling in the form, click on the *Register Provider* button to create the new client. Lastly, in case your Tinyauth email address doesn't match with any of the existing Zerobyte users, you will need to invite them to your instance. |
| 75 | + |
| 76 | +This can be done by navigating to the *Invite-only access* section, entering the email address of the user you want to invite, selecting the appropriate role, and then clicking on the *Invite* button. |
| 77 | + |
| 78 | + |
| 79 | + |
| 80 | +Finally, you can test the integration by logging out of your Zerobyte instance and then clicking on the *Login with Tinyauth* button on the login page. You should be redirected to the Tinyauth login page, where you can enter your credentials to authenticate. After successful authentication, you should be redirected back to Zerobyte and logged in to your account. |
| 81 | + |
| 82 | + |
| 83 | + |
| 84 | +:::caution |
| 85 | +As of Tinyauth v5.0.6, Tinyauth does not support automatically preserving the OpenID Connect parameters while trying to authenticate with an OAuth provider. This means that you will firstly need to Tinyauth to authenticate with your OAuth provider in another window, and then go back to the original window to authenticate with Tinyauth. This is a known issue that will be fixed in a future release. |
| 86 | +::: |
0 commit comments