Hi everyone - I recently got Grist OIDC authentication to work with Pocket ID, which is a great OIDC solution which focuses solely on using Passkeys. I’ve been using it with Grist and other applications without issues for a few weeks now.
In case anyone else is interested, I’m sharing the details of how to set this up.
@Admins – I might suggest addition of this content to OIDC - Grist Help Center with a new “Example: Pocket ID” section.
IMPORTANT! In order to use Pocket ID (and Passkeys in general), both Grist and Pocket ID need to be hosted over SSL!
Step 1: Install Pocket ID
You can learn about Pocket ID on their website and the install/setup instructions are here. You can also reference the pocket-id Git repo.
Step 2: Setup your user account and at least one Passkey.
Refer to this page for instructions.
Step 3: Configure an OIDC Client for Grist in the Pocket ID Web UI
- Go to Settings → OIDC Clients → Click Add OIDC Client
- Enter required information - there’s not much to do
- Name:
Grist(or whatever you wish) - Callback URLs:
https://<Your Grist Hostname>/oauth2/callback
- Click Save
- Make note of the Client ID and Client secret values shown
Step 4: Configure Grist Environment Variables to use Pocket ID OIDC
GRIST_OIDC_IDP_ISSUER="https://<Your Pocket ID Hostname>/.well-known/openid-configuration"
GRIST_OIDC_IDP_CLIENT_ID="<Value of 'Client ID' from the Grist client in Pocket ID>"
GRIST_OIDC_IDP_CLIENT_SECRET="<Value of 'Client secret' from the Grist client in Pocket ID>"
GRIST_OIDC_SP_HOST="https://<Your Grist Hostname>"
GRIST_OIDC_IDP_SCOPES="openid email profile" # Default
GRIST_OIDC_IDP_SKIP_END_SESSION_ENDPOINT=false # Default
Step 5: Start or Restart Grist
When you go to your Grist URL, you should now be automatically redirected to the Pocket ID authentication page:
Click Sign in, then authenticate with the Passkey that you setup, and you should be redirected back to Grist!