Authentication
Midcore can integrate with your identity provider and enforce role-based access for teams and enterprises. How you configure auth depends on whether you use the hosted service or self-host.
Quick setup
- Obtain an API key or configure SSO from your Midcore admin or deployment.
- Set the API base URL and auth token (or key) in environment variables (see Environment variables).
- Test with
midcore --versionand a simplemidcore gates runor agent task. - For CI, store credentials in pipeline secrets and pass them into the job.
Overview
Typical options:
| Option | Use case |
|---|---|
| Email / password or magic link | Individual sign-up and sign-in |
| SSO (SAML, OIDC) | Enterprise; use your IdP (e.g. Okta, Azure AD) |
| API keys | CI/CD, scripts, and service accounts |
The hosted Midcore service may offer email and SSO in the dashboard. Self-hosted deployments use your own IdP and API key issuance; see Self-hosted deployment.
SSO and OIDC
When SSO or OIDC is enabled, users sign in through your identity provider. You configure the provider’s metadata (issuer URL, client ID, client secret or cert) in the Midcore admin or config. Redirect URIs and scopes must match what your IdP expects. Exact steps depend on your deployment; check the admin UI or deployment docs for the relevant settings screen or YAML keys.
API keys and service accounts
For automation (CI, scripts, headless use), create API keys or service accounts from the admin or CLI. Store keys in a secret manager or CI secrets—never in repo or logs. Rotate keys periodically and revoke any that are exposed.
RBAC