ars/iiEsaywebUIapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Update README to enhance authentication section with reverse proxy support and clarify custom headers usage

Browse Source
This commit is contained in:
cogwheel
2025-12-20 23:22:13 +05:30
parent 054f736e07
commit 5d199f2e36
1 changed files with 3 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@@ -73,10 +73,11 @@ flutter run -d ios # or: -d android
### Authentication
Conduit supports multiple authentication flows when connecting to your OpenWebUI:
- **Username + Password**: Sign in directly against servers that expose a login endpoint. Credentials are stored securely using platform keychains.
- **SSO / OAuth** (iOS & Android): Authenticate via your server's configured OAuth providers (Google, Microsoft, GitHub, OIDC, etc.) using an in-app WebView. The token is automatically captured after the OAuth flow completes. Also supports reverse proxy authentication (Authelia, Authentik, etc.).
- **SSO / OAuth** (iOS & Android): Authenticate via your server's configured OAuth providers (Google, Microsoft, GitHub, OIDC, etc.) using an in-app WebView. The token is automatically captured after the OAuth flow completes.
- **Reverse Proxy Support** (iOS & Android): Seamlessly connect to Open WebUI instances behind authentication proxies like oauth2-proxy, Authelia, or Authentik. Conduit automatically detects when proxy authentication is required and guides you through the login flow—no endpoint allowlisting or server-side configuration needed. Proxy session cookies are captured from the native cookie store and included in all subsequent API requests.
- **LDAP**: Sign in using LDAP credentials if enabled on your server.
- **JWT Token**: Paste a serverissued JWT token for manual token-based auth.
- **Custom Headers**: Add headers during login (e.g., `X-API-Key`, `Authorization`, `X-Org`, or selfhosted SSO headers) that Conduit will include on all HTTP/WebSocket requests (see [Endpoint Allowlist](#endpoint-allowlist-custom-auth) for reverse proxy whitelisting).
- **Custom Headers**: Add headers during login (e.g., `X-API-Key`, `Authorization`, `X-Org`) that Conduit will include on all HTTP/WebSocket requests.
The authentication page dynamically displays available options based on your server's configuration.
@@ -207,18 +208,6 @@ If you experience problems with real-time streaming or chat updates, ensure webs
- No analytics or telemetry are collected.
- Network calls are only made to your configured OpenWebUI server.
### Endpoint Allowlist (Custom Auth)
If you protect OpenWebUI with SSO or a reverse proxy (Authlia, Authentik,
etc.), whitelist these path prefixes so Conduit can complete login, sync, and
streaming flows. Paths are relative to your server base URL.
- `/health`
- `/api/*`
WebSocket connections use the Socket.IO handshake on `/ws/socket.io`. Ensure the
same headers (or allowlist rules) apply there as well.
## License
This project is licensed under the GPL3 License - see the LICENSE file for details.