If you’re deploying Sourcebot behind a domain, you must set the AUTH_URL environment variable.

Sourcebot’s built-in authentication system gates your deployment, and allows administrators to manage users and their permissions.

Authentication providers

Configure additional authentication providers for your deployment.

Access settings

Learn how to configure how members join your deployment.

Roles and permissions

Learn more about the different roles and permissions in Sourcebot.

FAQ

Have a question about Sourcebot’s auth system? We might have the answers here.

Session lifetime

By default, session cookies remain valid for 30 days from the time they are issued, after which the user is signed out and must authenticate again. You can change this by setting the AUTH_SESSION_MAX_AGE_SECONDS environment variable to the desired lifetime in seconds. A session is guaranteed to remain valid for at least its configured lifetime. The JWT verifier applies a small clock-skew tolerance when checking expiry, so a session may continue to be accepted for a brief additional window past that point before it is rejected.

Troubleshooting

If you experience issues logging in, logging out, or accessing an organization you should have access to, try clearing your cookies & performing a full page refresh (Cmd/Ctrl + Shift + R on most browsers).
Still not working? Reach out to us on our discord or GitHub

External Identity Providers

Providers

⌘I

Authentication providers

Access settings

Roles and permissions

FAQ

​Session lifetime

​Troubleshooting

Session lifetime

Troubleshooting