Custom authentication for Roadie Local
Published on May 29th, 2025Roadie Local can work with a custom identity provider. The supported identity providers are determined by those supported by vouch-proxy, which is what Roadie Local uses for authentication under the hood.
Configuring custom authentication
Create a file (e.g. ./vouch-config.yaml
) with the following contents filled out from the OAuth provider of choice:
oauth:
scopes: [openid, email, profile]
provider: oidc
client_id: roadie
client_secret: roadie
auth_url: http://keycloak.<your-domain-name>/realms/roadie/protocol/openid-connect/auth
end_session_endpoint: http://keycloak.<your-domain-name>/realms/roadie/protocol/openid-connect/logout
preferredDomain: roadie.io
callback_url: http://vouch.<your-domain-name>/auth
token_url: http://auth:7080/realms/roadie/protocol/openid-connect/token
user_info_url: http://auth:7080/realms/roadie/protocol/openid-connect/userinfo
If not using the builtin Keycloak service, change auth_url
and end_session_endpoint
to point to your auth provider.
Then set the VOUCH_CONFIG_PATH
environment variable to point to your config file:
VOUCH_CONFIG_PATH=/path/to/your/vouch-config.yaml
Or, pass this config file to the CLI with the -c
option:
./roadie-local start -c /path/to/your/vouch-config.yaml