Overview

Unla supports user login through third-party OAuth services, currently supporting Google and GitHub login methods. Users can quickly log in to the Unla Web interface using their existing Google or GitHub accounts without needing to register separately.

Google Login

Quick login using Google account

GitHub Login

Quick login using GitHub account

Prerequisites

Before configuring OAuth login, you need to create OAuth applications with the respective service providers:
1

Google Cloud Console

Create OAuth 2.0 client ID in Google Cloud Console
2

GitHub Settings

Create OAuth application in GitHub
3

Configure Callback URLs

Configure correct callback URLs for each OAuth application

Google OAuth Configuration

1. Create Google OAuth Application

1

Access Google Cloud Console

Visit Google Cloud Console and log in to your account
2

Create or Select Project

Create a new project or select an existing project
3

Enable Google+ API

Enable Google+ API in APIs & Services
4

Create OAuth Client ID

Create OAuth 2.0 client ID in the Credentials page, select “Web application” type
5

Configure Authorization Callback URL

Add to “Authorized redirect URIs”:
https://your-domain.com/api/auth/google/callback

2. Obtain Credentials

After creation, you will get:
  • Client ID: Used for client_id configuration
  • Client Secret: Used for client_secret configuration

3. Configure apiserver.yaml

Add Google OAuth configuration to the apiserver.yaml configuration file: 
oauth:
  google:
    client_id: "your-google-client-id.apps.googleusercontent.com"
    client_secret: "your-google-client-secret"
It’s recommended to use environment variables to manage sensitive information:
oauth:
  google:
    client_id: "${OAUTH_GOOGLE_CLIENT_ID:}"
    client_secret: "${OAUTH_GOOGLE_CLIENT_SECRET:}"

GitHub OAuth Configuration

1. Create GitHub OAuth Application

1

Access GitHub Settings

Go to GitHub Settings → Developer settings → OAuth Apps
2

Create New Application

Click “New OAuth App” to create a new OAuth application
3

Fill Application Information

4

Register Application

Click “Register application” to complete creation

2. Obtain Credentials

After creation, you will get:
  • Client ID: Used for client_id configuration
  • Client Secret: Need to generate, used for client_secret configuration

3. Configure apiserver.yaml

Add GitHub OAuth configuration to the apiserver.yaml configuration file: 
oauth:
  github:
    client_id: "your-github-client-id"
    client_secret: "your-github-client-secret"
It’s recommended to use environment variables to manage sensitive information:
oauth:
  github:
    client_id: "${OAUTH_GITHUB_CLIENT_ID:}"
    client_secret: "${OAUTH_GITHUB_CLIENT_SECRET:}"

Complete Configuration Example

Here’s a complete OAuth configuration example: 
oauth:
  # Google OAuth Configuration
  google:
    client_id: "${OAUTH_GOOGLE_CLIENT_ID:}"
    client_secret: "${OAUTH_GOOGLE_CLIENT_SECRET:}"

  # GitHub OAuth Configuration
  github:
    client_id: "${OAUTH_GITHUB_CLIENT_ID:}"
    client_secret: "${OAUTH_GITHUB_CLIENT_SECRET:}"

# Corresponding environment variable configuration (.env file)
# OAUTH_GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
# OAUTH_GOOGLE_CLIENT_SECRET=your-google-client-secret
# OAUTH_GITHUB_CLIENT_ID=your-github-client-id
# OAUTH_GITHUB_CLIENT_SECRET=your-github-client-secret

Callback URL Configuration

Ensure correct callback URLs are configured in the OAuth applications: 
https://your-domain.com/api/auth/google/callback
Important Notes:
  • Callback URLs must match your deployed Unla service domain
  • Use HTTPS in production environments
  • Don’t hardcode sensitive information in code, use environment variables

Features

Automatic Account Creation

  • Users logging in via OAuth for the first time will have accounts created automatically
  • User information (username, email, avatar) will be synced from the OAuth provider
  • Subsequent logins will automatically link to the created account

Account Association

  • Supports multiple login methods coexisting (local accounts + OAuth)
  • Users can use both local password and OAuth login
  • Administrator account functionality is unaffected

Security

  • All OAuth processes follow standard OAuth 2.0 protocol
  • Sensitive information (like access tokens) is only processed server-side
  • Supports HTTPS encrypted transmission

FAQ

Check if client_id and client_secret are properly configured. Login options only appear when the corresponding parameters are configured.
Ensure the callback URL configured in the OAuth application matches the actual deployed domain, including protocol (http/https) and port.
User information is automatically synced on first login. For re-sync, contact administrator or re-login.
Delete or comment out the corresponding OAuth configuration in apiserver.yaml to disable the respective login option.

Environment Variable Reference

Variable NameDescriptionExample
OAUTH_GOOGLE_CLIENT_IDGoogle OAuth Client ID123456789.apps.googleusercontent.com
OAUTH_GOOGLE_CLIENT_SECRETGoogle OAuth Client SecretGOCSPX-abc123def456
OAUTH_GITHUB_CLIENT_IDGitHub OAuth Client IDIv1.abc123def456
OAUTH_GITHUB_CLIENT_SECRETGitHub OAuth Client Secretabc123def456ghi789