Custom authentication for Roadie Local

Published on May 29th, 2025

Roadie Local can work with a custom identity provider. The supported identity providers are determined by those supported by vouch-proxy, which is what Roadie Local uses for authentication under the hood.

Configuring custom authentication

Create a file (e.g. ./vouch-config.yaml) with the following contents filled out from the OAuth provider of choice:

oauth:
  scopes: [openid, email, profile]
  provider: oidc
  client_id: roadie
  client_secret: roadie
  auth_url: http://keycloak.<your-domain-name>/realms/roadie/protocol/openid-connect/auth
  end_session_endpoint: http://keycloak.<your-domain-name>/realms/roadie/protocol/openid-connect/logout
  preferredDomain: roadie.io
  callback_url: http://vouch.<your-domain-name>/auth
  token_url: http://auth:7080/realms/roadie/protocol/openid-connect/token
  user_info_url: http://auth:7080/realms/roadie/protocol/openid-connect/userinfo

If not using the builtin Keycloak service, change auth_url and end_session_endpoint to point to your auth provider.

Then set the VOUCH_CONFIG_PATH environment variable to point to your config file:

VOUCH_CONFIG_PATH=/path/to/your/vouch-config.yaml

Or, pass this config file to the CLI with the -c option:

./roadie-local start  -c /path/to/your/vouch-config.yaml