Hey #pocketid users!
I submitted 2 feature requests on GitHub for Pocket-ID. Feel free to upvote them if you find them useful :-)
đ Feature: Approximate Location Recognizes Local IPv6 as LAN, Internal Network
https://github.com/pocket-id/pocket-id/issues/634
đ Feature: Global Audit Log Adds a Local Traffic Filter
https://github.com/pocket-id/pocket-id/issues/635
Thanks
@ironicbadger Heavy imho. #Pocketid is much more streamlined and does the job
@ironicbadger I tried it before and it feels very complex for my homelab. I'm very happy with #PocketID :-)
I love #PocketID, a light weight #selfhosted #OIDC using only #Passkey.
After using it for several months with an LXC installation using Proxmox Helper Scripts, I noticed that the service runs as root. I also learned that a VM installation is more secure than an LXC. This article will guide you through installing Pocket-ID as a non-root service on Debian. Additionally, there's an upgrade script included.
#Proxmox #debian #selfhosting #homelab #openID #passkeys #SSO
https://www.lucasjanin.com/2025/06/02/pocket-id-bare-metal-installation-on-debian
AprÚs avoir utilisé #PocketID pendant plusieurs mois avec une installation LXC via les Proxmox Helper Scripts, j'ai remarqué que le service s'exécute en tant que root. J'ai également appris qu'une VM est plus sécurisée qu'un LXC. Cet article vous guidera dans l'installation de PocketID en tant que service non root sur Debian. De plus, un script de mise à niveau est inclus.
#Proxmox #debian #selfhosted #selfhosting #homelab #OIDC #openID #passkey #passkeys #SSO
https://www.lucasjanin.com/2025/06/02/pocket-id-installation-bare-metal-sur-debian/
Pocket-ID: Bare Metal Installation on Debian
After using PocketID for several months with an LXC installation and Proxmox Helper Scripts, I noticed that the service runs as root. I also learned that a VM installation is more secure than an LXC. This article will guide you on installing Pocket-ID as a non-root service on Debian.
Presentation
First, if youâre not familiar with Pocket-ID, itâs a modern and lightweight OIDC client designed for managing authentication for services like Authentic and Aurelia. Its unique feature is that it exclusively supports passkeys. I use it with several self-hosted services, including Proxmox, Proxmox Backup Server, Komodo, Betszel, Karakeep, and, of course, Headscale/Headplane. For more details, the official website will surely answer many of your questions. If a Docker installation is more suitable for your environment, I invite you to visit BlackVoidâs excellent post. It also details the configuration for using Pocket-ID to connect to Synology DSM.
Preamble
Since Iâm not short on memory on my Proxmox node and Iâm very particular about the security of my home lab, I set about installing a VM. This was laborious, as up to version 0.53, there were two services, numerous dependencies, and required compilations. Despite the many obstacles, I succeeded in my mission! Then, a few hours later, without even having time to savour my small victory, version 1.0 was released. This major revision greatly simplifies things, as itâs an executable. Here is the procedure for a streamlined installation as a service with a non-root user in a Proxmox Debian VM. This procedure should be relatively easy to adapt to other types of configurations. There are many other methods for installing Pocket-ID; I invite you to consult the installation page on the Pocket-ID website.
Preparing the VM in Proxmox
If you are in Proxmox, I invite you to install a Debian VM using the Proxmox Helper Scripts. It is also possible to do this with a lighter Alpine, but I have not yet embarked on this adventure. Choose the advanced mode and adjust for your situation, and change the hostname to âpocketidâ.
bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/vm/debian-vm.sh)"QEMU
Itâs a good practice to install the QEMU Guest Agent on your VM. You can follow these steps in the Proxmox console of the VM.
Update your package list:
sudo apt update && sudo apt upgrade -yInstall the Proxmox QEMU Guest Agent package:
sudo apt install qemu-guest-agent -yStart and enable the service:
sudo systemctl start qemu-guest-agentsudo systemctl enable emu-guest-agentVerify that the service is running:
sudo systemctl status qemu-guest-agentThis will ensure that the Proxmox QEMU Guest Agent is successfully installed and running on your Debian system.
Installing Pocket-ID
Get Debian ready
apt update && apt upgrade -yCreate a dedicated user
useradd -r -s /bin/false -m -d /opt/pocket-id pocketidInstall curl needed for the installation
apt install -y curlDownloading and Installing Pocket-ID
cd /opt/pocket-idARCH="amd64"LATEST_RELEASE_URL=$(curl -s https://api.github.com/repos/pocket-id/pocket-id/releases/latest | grep "browser_download_url.*pocket-id-linux-${ARCH}" | cut -d '"' -f 4)sudo curl -L -o pocket-id "${LATEST_RELEASE_URL}"sudo chmod +x pocket-idsudo chown pocketid:pocketid pocket-idCreating directories for Pocket-ID data
sudo mkdir -p /opt/pocket-id/data/uploadsPocket-ID configuration file. To locate visitorsâ IP addresses, I invite you to create an API key on the Maxmind website.
sudo nano /opt/pocket-id/.envAPP_URL=https://id.xxxx.xxPORT=1411# Database: SQLite, file located at /opt/pocket-id/data/db.sqlite# (relative to WorkingDirectory=/opt/pocket-id)DB_CONNECTION_STRING=file:data/db.sqlite?_journal_mode=WAL&_busy_timeout=2500&_txlock=immediate# Optional: Maxmind License Key for IP GeolocationMAXMIND_LICENSE_KEY="YOUR-MAXMIND-LICENSE-KEY"# Optional: Logging level (debug, info, warn, error)LOG_LEVEL=infoMake sure all Pocket-ID files have the correct user permissions.
sudo chown pocketid:pocketid /opt/pocket-id/.envsudo chmod 600 /opt/pocket-id/.envSetting up the Pocket-ID service
sudo nano /etc/systemd/system/pocketid.service[Unit]Description=Pocket ID Application ServerAfter=network.target[Service]Type=simpleUser=pocketidGroup=pocketidWorkingDirectory=/opt/pocket-idExecStart=/opt/pocket-id/pocket-idEnvironmentFile=/opt/pocket-id/.envRestart=alwaysRestartSec=10NoNewPrivileges=truePrivateTmp=true[Install]WantedBy=multi-user.targetsudo systemctl daemon-reloadsudo systemctl enable pocketid.servicesudo systemctl start pocketid.servicesudo systemctl status pocketid.serviceIf everything goes as planned, you should receive a confirmation.
â pocketid.service - Pocket ID Application Server Loaded: loaded (/etc/systemd/system/pocketid.service; enabled; preset: enabled) Active: active (running) since Sun 2025-06-01 07:12:57 EDT; 7s ago Main PID: 28699 (pocket-id) Tasks: 8 (limit: 2309) Memory: 8.7M CPU: 65ms CGroup: /system.slice/pocketid.service ââ28699 /opt/pocket-id/pocket-idJun 01 07:12:57 pocketid systemd[1]: Started pocketid.service - Pocket ID Application Server.Jun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Starting job schedulerJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Server listening on 0.0.0.0:1411Jun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 GeoLite2 City database is up-to-dateJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "UpdateGeoLiteDB" run successfullyJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "SyncLdap" run successfullyJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "SendHeartbeat" run successfullyCaddy Reverse Proxy
Here is my Caddyfile with the /robots.txt file in case it is respected (itâs nice to dream).
# Snippet for robots.txt(common_robots_txt) {handle /robots.txt {# Set the Content-Type headerheader Content-Type "text/plain; charset=utf-8"# Respond with the body and status code 200respond `User-agent: *Disallow: /` 200}}# Pocket-IDid.xxxx.xx {import common_robots_txt# Fallback to reverse proxy for other requestsreverse_proxy 192.168.x.yyy:1411 [xxxx:xxxx:xxxx:xxxx::yyyy]:1411}systemctl reload caddy.service For the first setup of your Pocket-ID instance, I invite you to create your administrator account at https://id.xxxx.xx/login/setup.It is strongly encouraged to have two passkeys since this is the only way to authenticate. I have one in Bitwarden/Vaultwarden and another in iCloud Keychain (via Safari).
Update
Since weâre not using Docker, updating can be a bit more complicated. However, itâs nothing insurmountable, especially since version 1.0 is already compiled. Hereâs a small update script that allowed me to move from version 1.0 to 1.1.0 without a hitch.
nano /root/update-pocketid.sh#!/bin/bash# update-pocketid.sh# --- Configuration ---INSTALL_DIR="/opt/pocket-id"SERVICE_NAME="pocketid.service"USER="pocketid"GROUP="pocketid"VERSION_FILE="${INSTALL_DIR}/version.txt" ARCHITECTURE="amd64" # Change if needed (e.g., arm64)# --- End Configuration ---echo "Checking for the latest version of PocketID..."LATEST_TAG_JSON=$(curl -s https://api.github.com/repos/pocket-id/pocket-id/releases/latest)LATEST_TAG=$(echo "$LATEST_TAG_JSON" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') # Version without 'v'LATEST_TAG_WITH_V=$(echo "$LATEST_TAG_JSON" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') # Version with 'v'if [ -z "$LATEST_TAG" ]; then echo "Could not retrieve the latest version from GitHub." exit 1fiecho "Latest version available: v${LATEST_TAG}"CURRENT_VERSION="0" # Default to 0 if no version fileif [ -f "$VERSION_FILE" ]; then CURRENT_VERSION=$(cat "$VERSION_FILE")fiecho "Currently installed version: v${CURRENT_VERSION}"if [ "$LATEST_TAG" = "$CURRENT_VERSION" ]; then echo "PocketID is already up to date (v${CURRENT_VERSION})." exit 0fiecho "New version v${LATEST_TAG} available. Updating..."DOWNLOAD_URL=$(echo "$LATEST_TAG_JSON" | grep -E "browser_download_url.*pocket-id-linux-${ARCHITECTURE}" | cut -d '"' -f 4)if [ -z "$DOWNLOAD_URL" ]; then echo "Could not find the download URL for linux-${ARCHITECTURE} and version v${LATEST_TAG}." exit 1fiecho "Stopping service ${SERVICE_NAME}..."sudo systemctl stop "${SERVICE_NAME}"echo "Backing up the old binary..."BACKUP_NAME="pocket-id_backup_v${CURRENT_VERSION}_$(date +%Y%m%d_%H%M%S)"sudo cp "${INSTALL_DIR}/pocket-id" "${INSTALL_DIR}/${BACKUP_NAME}"echo "Old binary backed up to ${INSTALL_DIR}/${BACKUP_NAME}"Make the script executable
sudo chmod +x /root/update-pocketid.shCreate an alias
alias update='/root/update-pocketid.sh'Consider updating the system before updating Pocket-ID.
sudo apt update && sudo apt upgrade -yIf you are using Proxmox, I encourage you to take a snapshot just before the update and have regular backups (you never know :-).
Conclusion
Now, you are ready to step into the future with OIDC and Passkey. You can visit the Client Examples page to easily configure your services with Pocket-ID. I wish you a safe journey into the exciting world of self-hosting!
Pocket-ID: Installation Bare-metal sur Debian
AprĂšs avoir utilisĂ© PocketID pendant de nombreux mois via une installation dans un LXC avec les Proxmox Helper Scripts, jâai constatĂ© que le service tourne en tant que root. De plus, jâai lu quâune installation dans une VM sâavĂšre davantage sĂ©curisĂ©e quâun LXC.
Présentation de Pocket-ID
Avant toute chose, si vous ne connaissez pas Pocket-ID, câest un client OIDC moderne et lĂ©ger pour gĂ©rer lâauthentification de vos services tels quâAuthentific, Aurelia, etc. Sa particularitĂ© est quâil ne prend en charge que les passkeys. Je lâutilise avec de nombreux services auto-hĂ©bergĂ©s tels que Proxmox, Proxmox Backup Server, Komodo, Betszel, Karakeep, et Ă©videmment Headscale/Headplane. Pour davantage de dĂ©tails, le site officiel rĂ©pondra sĂ»rement Ă beaucoup de vos questions. Si une installation via Docker est plus adaptĂ©e Ă votre environnement, je vous invite Ă visiter lâexcellent billet de BlackVoid en anglais. Il dĂ©taille Ă©galement la configuration pour utiliser Pocket-ID afin de se connecter Ă Synology DSM.
Préamble
Ătant donnĂ© que je ne manque pas de mĂ©moire sur mon nĆud Proxmox et que je suis trĂšs attentif au niveau de sĂ©curitĂ© de mon homelab, je me suis lancĂ© dans lâinstallation dâune VM. Cela a Ă©tĂ© laborieux, car jusquâĂ la version 0.53, il y avait deux services, de nombreuses dĂ©pendances et des compilations nĂ©cessaires. MalgrĂ© les nombreux obstacles, jâai rĂ©ussi ma mission ! Puis, quelques heures aprĂšs, sans avoir mĂȘme eu le temps de savourer ma petite victoire, la version 1.0 est sortie. Cette rĂ©vision majeure simplifie grandement les choses, car câest un exĂ©cutable. Voici la procĂ©dure pour une installation simplifiĂ©e en tant que service avec un utilisateur non root dans une VM Debian de Proxmox. Cette procĂ©dure devrait pouvoir sâadapter relativement facilement Ă dâautres types de configurations. Il existe beaucoup dâautres mĂ©thodes pour installer Pocket-ID, je vous invite Ă consulter la page âinstallationâ sur du site de Pocket-ID.
Préparation de la VM dans Proxmox
Si vous ĂȘtes dans Proxmox, je vous invite Ă installer une VM Debian en utilisant les Proxmox Helper Scripts. Il est Ă©galement possible de le faire avec une Alpine plus lĂ©gĂšre, mais je ne me suis pas encore lancĂ© dans cette aventure. Choisir le mode mode advanced et ajuste pour votre situation et changer le nom du host Ă âpocketidâ.
bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/vm/debian-vm.sh)"QEMU
Il est recommandĂ© dâinstaller lâagent invitĂ© QEMU sur votre machine virtuelle. Vous pouvez suivre ces Ă©tapes dans la console Proxmox de la machine virtuelle.
Mettre Ă jour la liste des paquets :
sudo apt update && sudo apt upgrade -yInstaller le paquet Proxmox QEMU Guest Agent :
sudo apt install qemu-guest-agent -yDĂ©marrer et activer le service :
sudo systemctl start qemu-guest-agentsudo systemctl enable emu-guest-agentVĂ©rifier que le service est en cours dâexĂ©cution
sudo systemctl status qemu-guest-agentCela garantira que lâagent invitĂ© Proxmox QEMU est correctement installĂ© et exĂ©cutĂ© sur votre systĂšme Debian.
Installation de Pocket-ID
Préparation du systÚme
apt update && apt upgrade -yCréer un utilisateur dédié
useradd -r -s /bin/false -m -d /opt/pocket-id pocketidInstaller les dĂ©pendances nĂ©cessaires Ă lâinstallation
apt install -y curlTéléchargement et Installation de PocketID
cd /opt/pocket-idARCH="amd64"LATEST_RELEASE_URL=$(curl -s https://api.github.com/repos/pocket-id/pocket-id/releases/latest | grep "browser_download_url.*pocket-id-linux-${ARCH}" | cut -d '"' -f 4)sudo curl -L -o pocket-id "${LATEST_RELEASE_URL}"sudo chmod +x pocket-idsudo chown pocketid:pocketid pocket-idCréation des répertoires pour les données de Pocket-ID
sudo mkdir -p /opt/pocket-id/data/uploadsFichier de configuration de Pocket-ID. Pour obtenir la localisation des adresses IP des visiteurs, je vous invite à créer une clé API sur le site de Maxmind.
sudo nano /opt/pocket-id/.envAPP_URL=https://id.xxxx.xxPORT=1411# Database: SQLite, file located at /opt/pocket-id/data/db.sqlite# (relative to WorkingDirectory=/opt/pocket-id)DB_CONNECTION_STRING=file:data/db.sqlite?_journal_mode=WAL&_busy_timeout=2500&_txlock=immediate# Optional: Maxmind License Key for IP GeolocationMAXMIND_LICENSE_KEY="YOUR-MAXMIND-LICENSE-KEY"# Optional: Logging level (debug, info, warn, error)LOG_LEVEL=infoAssurez-vous que tous les fichiers de pocket-ID soient avec les bonnes permissions dâutilisateur.
sudo chown pocketid:pocketid /opt/pocket-id/.envsudo chmod 600 /opt/pocket-id/.envMise en place du service Pocket-ID
sudo nano /etc/systemd/system/pocketid.service[Unit]Description=Pocket ID Application ServerAfter=network.target[Service]Type=simpleUser=pocketidGroup=pocketidWorkingDirectory=/opt/pocket-idExecStart=/opt/pocket-id/pocket-idEnvironmentFile=/opt/pocket-id/.envRestart=alwaysRestartSec=10NoNewPrivileges=truePrivateTmp=true[Install]WantedBy=multi-user.targetsudo systemctl daemon-reloadsudo systemctl enable pocketid.servicesudo systemctl start pocketid.servicesudo systemctl status pocketid.serviceSi tout se passe comme prévu, vous devriez recevoir une confirmation.
â pocketid.service - Pocket ID Application Server Loaded: loaded (/etc/systemd/system/pocketid.service; enabled; preset: enabled) Active: active (running) since Sun 2025-06-01 07:12:57 EDT; 7s ago Main PID: 28699 (pocket-id) Tasks: 8 (limit: 2309) Memory: 8.7M CPU: 65ms CGroup: /system.slice/pocketid.service ââ28699 /opt/pocket-id/pocket-idJun 01 07:12:57 pocketid systemd[1]: Started pocketid.service - Pocket ID Application Server.Jun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Starting job schedulerJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Server listening on 0.0.0.0:1411Jun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 GeoLite2 City database is up-to-dateJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "UpdateGeoLiteDB" run successfullyJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "SyncLdap" run successfullyJun 01 07:12:57 pocketid pocket-id[28699]: 2025/06/01 07:12:57 Job "SendHeartbeat" run successfullyReverse Proxy avec Caddy
Voici mon Caddyfile avec le fichier /robots.txt au cas oĂč il serait respectĂ© (câest beau de rĂȘver).
# Snippet for robots.txt(common_robots_txt) {handle /robots.txt {# Set the Content-Type headerheader Content-Type "text/plain; charset=utf-8"# Respond with the body and status code 200respond `User-agent: *Disallow: /` 200}}# Pocket-IDid.xxxx.xx {import common_robots_txt# Fallback to reverse proxy for other requestsreverse_proxy 192.168.x.yyy:1411 [xxxx:xxxx:xxxx:xxxx::yyyy]:1411}systemctl reload caddy.service Pour la premiĂšre configuration de votre instance Pocket-ID, je vous invite Ă crĂ©er votre compte administrateur sur https://id.xxxx.xx/login/setup. Il est trĂšs fortement encouragĂ© dâavoir deux passkeys vu que câest la seule maniĂšre dâauthentification. Jâen ai une dans Bitwarden/Vaultwarden et une autre dans le trousseau iCloud (via Safari).
Mise Ă jour
Puisque nous ne sommes pas dans Docker, la mise Ă jour peut ĂȘtre un peu plus compliquĂ©e. Cependant, rien dâinsurmontable, surtout depuis la version 1.0 dĂ©jĂ compilĂ©e. Voici un petit script de mise Ă jour qui mâa permis de passer de la version 1.0 Ă 1.1.0 sans encombre.
nano /root/update-pocketid.sh#!/bin/bash# update-pocketid.sh# --- Configuration ---INSTALL_DIR="/opt/pocket-id"SERVICE_NAME="pocketid.service"USER="pocketid"GROUP="pocketid"VERSION_FILE="${INSTALL_DIR}/version.txt" ARCHITECTURE="amd64" # Change if needed (e.g., arm64)# --- End Configuration ---echo "Checking for the latest version of PocketID..."LATEST_TAG_JSON=$(curl -s https://api.github.com/repos/pocket-id/pocket-id/releases/latest)LATEST_TAG=$(echo "$LATEST_TAG_JSON" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') # Version without 'v'LATEST_TAG_WITH_V=$(echo "$LATEST_TAG_JSON" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') # Version with 'v'if [ -z "$LATEST_TAG" ]; then echo "Could not retrieve the latest version from GitHub." exit 1fiecho "Latest version available: v${LATEST_TAG}"CURRENT_VERSION="0" # Default to 0 if no version fileif [ -f "$VERSION_FILE" ]; then CURRENT_VERSION=$(cat "$VERSION_FILE")fiecho "Currently installed version: v${CURRENT_VERSION}"if [ "$LATEST_TAG" = "$CURRENT_VERSION" ]; then echo "PocketID is already up to date (v${CURRENT_VERSION})." exit 0fiecho "New version v${LATEST_TAG} available. Updating..."DOWNLOAD_URL=$(echo "$LATEST_TAG_JSON" | grep -E "browser_download_url.*pocket-id-linux-${ARCHITECTURE}" | cut -d '"' -f 4)if [ -z "$DOWNLOAD_URL" ]; then echo "Could not find the download URL for linux-${ARCHITECTURE} and version v${LATEST_TAG}." exit 1fiecho "Stopping service ${SERVICE_NAME}..."sudo systemctl stop "${SERVICE_NAME}"echo "Backing up the old binary..."BACKUP_NAME="pocket-id_backup_v${CURRENT_VERSION}_$(date +%Y%m%d_%H%M%S)"sudo cp "${INSTALL_DIR}/pocket-id" "${INSTALL_DIR}/${BACKUP_NAME}"echo "Old binary backed up to ${INSTALL_DIR}/${BACKUP_NAME}"Rendre le script exécutable
sudo chmod +x /root/update-pocketid.shJâai ajoutĂ© dans mes alias.
alias update='/root/update-pocketid.sh'Pensez Ă faire une mise Ă jour du systĂšme avant celle de Pocket-ID.
sudo apt update && sudo apt upgrade -ySi vous utilisez Proxmox, je vous encourage à faire un snapshot juste avant la mise à jour et à avoir des sauvegardes réguliÚres (on ne sait jamais :-).
Conclusion
Vous ĂȘtes maintenant prĂȘt a entrer dans le futur avec OIDC et Passkey. Vous pouvez visiter la page Exemples de clients pour configurer facilement vos services avec Pocket-ID. Je vous souhaite un bon voyage dans le monde captivant de lâauto-hĂ©bergement !
@beyondwatts đŻ agree! I love PockeID's simplicity and efficiency. I am still fighting to get some services configured (like Beszel) but it will be the same issue with any other OIDC I suppose.
Migrated the homelab authenitcation from Authelia to Pocket ID. Fantastic user experience and *so* much easier to configure.
698 - Se acabaron las contraseñas. Ahora inicio sesiĂłn asĂ
Como acceder a tus servicios auto alojados sin #contraseñas utilizando #passkeys y un estupendo proveedor de identidad como es #pocketid
Las contraseñas son una auténtica contrariedad. Probablemente es de los aspectos que mas fricción crean a la hora de utilizar cualquier servicio o aplicación que
Autenticación sin contraseñas con Passkeys y Pocket ID n
Como acceder a tus servicios auto alojados sin #contraseñas utilizando #passkeys y un estupendo proveedor de identidad como es #pocketid
Escucha: https://atareao.es/podcast/autenticacion-sin-contrasenas-con-passkeys-y-pocket-id/
Feed: https://atareao.es/mp3-feed/
Hab meinem blog mal ein neues theme verpasst, eine Anleitung zu #tinyauth geschrieben und die #Immich und #pocketid Anleitung an die neusten Versionen angepasst.
tinyauth ist ziemlich cool, ein super lightweight #authelia oder #authentik alternative geschrieben in #golang
đ Big shout-out to the Pocket ID devs â version 1.0 just dropped!
đ My go-to solution for self-hosted Single Sign-On is now officially out of beta.
â ïž Planning to upgrade? Donât skip the migration guide â itâs important:
Kudos to the Pocket-ID team for the excellent version 1.0.0 đ! The bare-metal installation is now incredibly simple, with no dependencies or compilation required â€ïž. Future updates will also be easier!
P.S. Thanks to Proxmox's snapshots for saving me from my many mistakes :-)
#pocketid #oidc #selfhosted #selfhosting #selfhost
#homelab #proxmox #passkey
Ha! I was able to get at least Forgejo configured with Pocket ID!
I thought I had to rebuild my Caddy container simply because I was misunderstanding how to properly configure it, but I don't actually need that. Interesting enough, the solution hit me in the head while I was brushing my teeth. đ
Okay, now let's see which other services accept OAUTH2. đ
Checkout latest blog post on Passwordless VPN authentication with #passkeys: https://anuragbhatia.com/post/2025/05/headscale-pocketid-integration
Proxmox + Pocket-ID + Bitwarden + Passkey = â€ïž
I love this seamless login experience! The future is passwordless authentication. Pocket-ID only supports passkey authentication, so you don't need a password.
#OIDC #PocketID #Bitwarden #Vaultwarden #passkey #Proxmox #selfhosted #selfhosting #homelab #security #authentication
I set up Pocket ID (https://docs.pocket-id.org/) for self-hosted OIDC SSO at the weekend. It was incredibly simple to get going (though testing out Authentik taught me a lot that carried over). I'd been ignoring Passkeys up until now, and it's the only credential type Pocket ID supports. I think I'm sold on them now, though the story on migrating them is still poor.
