Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Authentication systems

Tuwunel gives you fine-grained control over who can register and how users authenticate. This chapter covers everything from basic password login and token-based invitations to the built-in OAuth 2.0 / OpenID Connect server that powers next-generation Matrix auth.

  • Legacy Authentication: control who can register, token-based invitations, guest access, and the basic password and token login options.

  • OIDC Authorization Server: Tuwunel’s built-in OAuth 2.0 / OIDC server for next-generation Matrix clients. It fronts the identity providers below and adds refresh-token, device-grant, and account-management support.

  • Identity Providers: single sign-on through GitHub, Google, Keycloak, and other upstream OAuth/OIDC providers. These also supply the human authentication step for the OIDC server above.

  • LDAP Delegation: delegate user management and password authentication to an LDAP directory.

  • Enterprise JWT: an operator-controlled signing key that can mint a token authenticating as any user.