Skip to main content

🎫 Authentication

When running a self-hosted instance, you can customise how your users will authenticate to the system.

You essentially have 3 authentication mechanisms:

  • OAuth (aka Social) authentication (Google, Okta, GitHub etc.)
  • Password accounts (the good old email / password combination)
  • Anonymous accounts (where the user cannot retrieve his posts and sessions on a different machine)

By default, OAuth is disabled (because it is not configured), and the other two are enabled.


This is a subject of a dedicated page here.

Password accounts

You have two optional settings for password accounts.

You can disable them entirely, by setting the environment variable DISABLE_PASSWORD_LOGIN to true.

You can also only disable registration, by setting the environment variable DISABLE_PASSWORD_REGISTRATION to true.

If you want more details on how to set these environment variables, read this page.

If you disabled registration, it means the administrator will need to create the accounts manually, by using the admin screen.

Anonymous accounts

If you do not wish your users to use anonymous accounts, and force them to authenticate properly, they can be disabled by setting the environment variable DISABLE_ANONYMOUS_LOGIN to true.