Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Authentication systems

Tuwunel gives you fine-grained control over who can register and how users authenticate. This chapter covers everything from basic password login and token-based invitations to full OpenID Connect federation.

  • Legacy Authentication — Control who can register, token-based invitations, guest access, and basic login options.

  • Identity Providers — Single-sign-on login via GitHub, Google, Keycloak, and other OAuth/OIDC providers.

  • OIDC Services — Tuwunel’s built-in OIDC authorization server for next-generation Matrix applications.

  • LDAP Delegation — Delegate user management and password authentication to an LDAP directory.

  • Enterprise JWT — Operator-controlled signing key can mint a token that authenticates as any user.