Authentication
Releval supports email/password authentication by default, with optional OAuth providers for single sign-on.
Registration
| Variable | Default | Description |
|---|---|---|
Registration__Enabled | true | Whether self-registration is allowed |
Registration__AllowedDomain | (none) | Restrict registration to a specific email domain |
Restricting Registration
To allow only users from your organization:
- Environment Variable
- appsettings.json
environment:
- Registration__Enabled=true
- Registration__AllowedDomain=example.com
{
"Registration": {
"Enabled": true,
"AllowedDomain": "example.com"
}
}
This only allows email addresses ending in @example.com to register. Users outside this domain can still be
added via admin invitation.
To disable self-registration entirely and require admin invitations:
- Environment Variable
- appsettings.json
environment:
- Registration__Enabled=false
{
"Registration": {
"Enabled": false
}
}
OAuth Providers
Releval supports Google and GitHub as external authentication providers. When configured, users see additional login options on the sign-in page.
Google
| Variable | Description |
|---|---|
Authentication__Google__ClientId | Google OAuth 2.0 client ID |
Authentication__Google__ClientSecret | Google OAuth 2.0 client secret |
To set up Google authentication:
- Create a project in the Google Cloud Console
- Navigate to APIs & Services > Credentials
- Create an OAuth 2.0 Client ID (Web application type)
- Add
https://<your-releval-host>/api/auth/login-googleas an authorized redirect URI - Set the client ID and secret:
- Environment Variable
- appsettings.json
environment:
- Authentication__Google__ClientId=your-client-id.apps.googleusercontent.com
- Authentication__Google__ClientSecret=your-client-secret
{
"Authentication": {
"Google": {
"ClientId": "your-client-id.apps.googleusercontent.com",
"ClientSecret": "your-client-secret"
}
}
}
GitHub
| Variable | Description |
|---|---|
Authentication__GitHub__ClientId | GitHub OAuth App client ID |
Authentication__GitHub__ClientSecret | GitHub OAuth App client secret |
To set up GitHub authentication:
- Go to Settings > Developer Settings > OAuth Apps in GitHub
- Create a new OAuth App
- Set the Authorization callback URL to
https://<your-releval-host>/api/auth/login-github - Set the client ID and secret:
- Environment Variable
- appsettings.json
environment:
- Authentication__GitHub__ClientId=your-client-id
- Authentication__GitHub__ClientSecret=your-client-secret
{
"Authentication": {
"GitHub": {
"ClientId": "your-client-id",
"ClientSecret": "your-client-secret"
}
}
}
JWT Settings
JWT tokens are used for App Client authentication via the OAuth 2.0 client credentials flow.
| Variable | Default | Description |
|---|---|---|
JwtSettings__Key | (default key) | Secret key for signing JWT tokens |
JwtSettings__Issuer | https://releval.co | Token issuer |
JwtSettings__Audience | https://releval.co | Token audience |
JwtSettings__ExpireTimeSpan | 01:00:00 | Token expiration (1 hour) |
Change the default JWT key for production deployments. The key must be at least 512 bits (64 bytes) for the HS512 algorithm.
Encryption Key
Releval encrypts sensitive data at rest (such as endpoint authentication credentials) using AES-256 encryption.
| Variable | Default | Description |
|---|---|---|
AesEncryptor__Key | (default key) | Base64-encoded 256-bit key for AES encryption |
Change the default encryption key for production deployments. Generate a new key by creating a random 32-byte value and base64-encoding it.
Password Policy
Releval enforces the following password requirements:
- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one digit
- At least one non-alphanumeric character