OIDC with pocket id

Incus
1

It’s very easy to set up. You only need a reverse proxy and pocket-id.

docker compose from Installation

services:
  pocket-id:
    image: ghcr.io/pocket-id/pocket-id
    container_name: pocketid
    restart: unless-stopped
    ports:
      - 1411:1411
    volumes:
      - "/docker/pocketid:/app/data"
    environment:
      - APP_URL=https://<pocket id>
      - TRUST_PROXY=true
      - PUID=1000
      - PGID=1000
      - LOG_JSON=true
      - ANALYTICS_DISABLED=true

After docker compose up -d , use reverse proxy to reverse proxy pocket id and incus webui, go to https://(pocket id)/setup to create a admin account and setup passkey. Go to Administration - OIDC Clients click Add OIDC Client:

1
11898×962 18.4 KB

Give a name, add https://(incus url) + /oidc/callback in Client Launch URL, and click save, like this:

2
21898×963 27.6 KB

Then you will see an Client ID , click to copy it. Now we are done with pocket id. Let’s config incus:

incus config set oidc.client.id=<Client ID>

incus config set oidc.issuer=https://<pocket id>

incus config set oidc.scopes=openid,email,profile

Hope this cmds are right, I did it in webui.

4
4924×159 6.91 KB

Now you can visit https://(incus url) and login with SSO.

3
31920×962 25.8 KB

2 Likes