Using Cloudron as OAuth 2 provider
2 min read

Using Cloudron as OAuth 2 provider

The OAuth 2 protocol can be used to allow users with an account in your Cloudron to sign into an external service.

For this post, we will see how you can use Cloudron OAuth functionality to allow Cloudron users in to login to Kanboard at

Register OAuth application

Create an OAuth application in your Cloudron under the API Access menu.

The dialog requires 3 parameters:

The Application Name is the name of the external application. Set this to something memorable.

Authorization Callback URL is the URL that the Cloudron will callback after authentication. This value must be set to

Once authenticated, Scope specifies the resources to which the application has access. The profile scope indicates that the app only gets access to the user's profile and nothing else.

Make note of the Client ID and Client Secret. We will use them when configuring the OAuth2 plugin on Kanboard.

Configure OAuth2 plugin on Kanboard

First install the OAuth2 plugin in Kanboard (Plugins -> Plugin Directory -> Install), Then, configure it to use your Cloudron for authentication (Settings -> Integrations)

  • Client ID is the value obtained when registering the OAuth application.
  • Client Secret is the value obtained when registering the OAuth application.
  • Authorize URL must be set to https://my.<domain>/api/v1/oauth/dialog/authorize
  • Token URL must be set to https://my.<domain>/api/v1/oauth/token
  • User API URL must be set https://my.<domain>/api/v1/profile

The rest of the values define the mapping for the User profile API response.

  • Username Key must be set to username
  • Name Key must be set to displayName
  • Email Key must be set to email
  • User ID Key must be set to id

Testing the flow

You can now test the authentication flow on Kanboard.

Logging in using the OAuth link, takes you to the Cloudron authentication screen. On successful login, the Cloudron redirects you to Kanboard. Kanboard automatically picks up the display name, username, id and email information from the user's profile.