openreader/docs-site/docs/configure/auth.md
Richard R dae97b2afc docs(admin,config,tts): document admin panel for runtime TTS provider and feature config
Add a dedicated Admin Panel documentation page detailing management of shared TTS providers and site features via the admin UI. Update all TTS provider guides, environment variable references, and deployment docs to clarify the new runtime configuration model: environment variables serve as first-boot seeds only, with ongoing management handled through the admin interface. Revise sidebars and cross-links to include the new admin panel docs and clarify the distinction between legacy env-based and admin-managed configuration.
2026-05-12 22:39:37 -06:00

3.1 KiB

title
Auth

This page covers application-level configuration for provider access and authentication.

Auth behavior

  • Auth is enabled only when both BASE_URL and AUTH_SECRET are set.
  • Remove either value to disable auth.
  • Keep AUTH_TRUSTED_ORIGINS empty to trust only BASE_URL.
  • Anonymous auth sessions are disabled by default.
  • Set USE_ANONYMOUS_AUTH_SESSIONS=true to enable anonymous session flows.

Runtime modes

OpenReader effectively has three common runtime modes:

  • Auth disabled (BASE_URL or AUTH_SECRET unset): no admin panel. Shared providers can still exist via first-boot seeding (API_KEY/API_BASE), but you cannot manage them in-app.
  • Auth enabled, non-admin user: user account/session features are available, but no admin controls.
  • Auth enabled, admin user: full Settings → Admin access (shared providers + site features).

Admin role

When auth is enabled, you can designate one or more users as admins via the ADMIN_EMAILS env var:

ADMIN_EMAILS=alice@example.com,bob@example.com

Admins see a new Admin tab in Settings with two sub-tabs:

  • Shared TTS providers — server-managed TTS provider instances with encrypted keys, visible to all users.
  • Site features — runtime overrides for what were previously NEXT_PUBLIC_* build-time flags (default TTS provider/model, word highlighting, audiobook export, etc.).

Admin assignment is reconciled on every session resolution, so removing an email from ADMIN_EMAILS demotes the user on next login without a restart. See Admin Panel for the full reference.

Route behavior

  • / is a public landing/onboarding page and remains indexable.
  • /app is the protected app home (document list and uploader UI).
  • If auth is enabled and a valid session exists (including anonymous), visiting / redirects to /app.
  • Protected app routes continue to require auth; when anonymous sessions are disabled and no session exists, users are redirected to /signin.

Sync notes

Auth enabled

  • Settings and reading progress are saved to the server.
  • Updates are not instant push-based sync; they use normal client polling/refresh behavior.
  • If two devices change the same item around the same time, the newest update wins.

Auth disabled

  • Settings and reading progress stay local in the browser (Dexie/IndexedDB).
  • This avoids no-auth cross-browser conflicts, but there is no cross-device sync.

Claim modal note

  • You may still see old anonymous settings/progress available to claim from older deployments.