Security Concepts
OliveTin implements a security model that covers Authentication, Authorization (via ACLs) and Accounting.
Authentication
To allow users to be Authenticated to OliveTin, there are several options to choose from;
-
Local Users (ie: Login with Username and Password)
-
OAuth2 (eg: Google, GitHub, etc)
-
Trusted Header (eg: Nginx, Apache, etc)
-
JWT (eg: Traefik, Organizr, etc)
Authorization
OliveTin’s authorization system, or permissions, is built on Access Control Lists. This is a powerful mechanism that allows you to implement very fine grained access control, or your own role based access control (RBAC).
Accounting
OliveTin’s accounting is via it’s logs. This aspect of OliveTin’s security model is poorly documented at the moment.
What’s Next?
Now that you understand OliveTin’s security model, implement it for your use case:
-
Set up local users - Configure username/password authentication
-
Configure OAuth2 - Integrate with OAuth2 providers (Google, GitHub, etc.)
-
Use trusted headers - Authenticate via reverse proxy headers
-
Configure JWT - Use JWT tokens for authentication
-
Set up Access Control Lists - Implement fine-grained permissions
-
View security examples - See complete security configurations
-
Security design recommendations - Learn best practices for securing OliveTin