Caddy Proxy Manager supports OAuth2/OIDC single sign-on for the dashboard itself. Users can log in with any OIDC-compliant identity provider alongside (or instead of) username/password credentials, and link OAuth identities to existing accounts from their profile page.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/fuomag9/caddy-proxy-manager/llms.txt
Use this file to discover all available pages before exploring further.
Supported providers
Any OIDC-compliant provider works, including:- Authentik
- Keycloak
- Auth0
- GitHub (via OIDC wrapper)
- Any provider with a standard OIDC discovery endpoint
Option A: Configure via the dashboard (recommended)
Fill in provider details
Enter the provider name, client ID, client secret, and OIDC issuer URL. The issuer URL is used for OIDC discovery — CPM auto-fetches the authorization, token, and userinfo endpoints.
Option B: Configure via environment variables
Add these variables to your.env before starting the stack:
.env
Optional endpoint overrides
If your provider does not support OIDC discovery, override individual endpoints:.env
Linking OAuth to an existing account
Users can link an OAuth identity to an existing password-based account from Profile → Connected Accounts. After linking, they can sign in with either method. SetOAUTH_ALLOW_AUTO_LINKING=true to automatically link OAuth logins to existing accounts that share the same email address — useful when migrating users to SSO.
User provisioning
OAuth users are provisioned on first login with the default user role. An admin must manually promote them to Admin if needed.The redirect URI shown in Settings → OAuth Providers is the authoritative callback URL. Always use this value in your OAuth provider — do not construct the URL manually. If you upgraded from a version before 1.0-RC, update your provider’s redirect URI to the new format: the old
/api/auth/callback/oauth2 path no longer works.