Skip to main content

Authentication

important

We're in the middle of some fast-moving changes to the Forem Admin experience, so we've paused documentation updates for the time being. You may find that the docs are now outdated in parts. If you have any questions, please visit forem.dev to request additional support. We thank you for your patience and hope you're liking the changes!

important

NOTE: if you intend to use Twitter or GitHub liquid tags for embeds in your Forem posts, you will need to configure authentication for these OAuth apps as detailed below - even if you don't want to use OAuth for log in/sign in - otherwise these liquid tags will return authentication errors.

Setting Forem view-access#

If you'd like to change whether your Forem can be viewed by everyone or only registered users, be sure to address this in User Experience and Brand before setting your Authentication options.

General settings#

Block email domains#

This field allows you to block registration from specified domains using a comma-separated list. It's particularly useful if you've noticed a significant volume of spam users registering with a given domain. Entering "domain.com" blocks the domain and subdomains (e.g. user@domain.com and user@extra.domain.com).

Invite Only Mode#

Check this option if you'd like your Forem to be private. The only way that people will be able to create an account is if you send them an invite.

Authentication Methods#

At this point, you can choose to enable any/all of:

  • Email
  • GitHub
  • Twitter
  • Facebook

Be aware that restricting which emails are allowed to join your Forem will also restrict any OAuth accounts that are registered to a different email domain. For example, if you limit your Forem registrations to forem.com email addresses, someone with example@forem.com email address can register. However, if their GitHub account is registered to example@not-forem.com they won't be able to connect their GitHub account to their Forem via OAuth.

Email and Password#

You can configure whether community members can use email/password to register and/or login.'

You can optionally restrict which emails are allowed to join. Useful for internal company forems or college emails, etc. Within this setting you can specify whether you want the list of allowed emails to be publicly visible. (It is most likely a better experience if the list is visible, but you may want to keep it private for any reason.)

You will additionally have the option of enabling Google reCAPTCHA for email/password registration. Refer to the reCAPTCHA page for more info.

Generating Keys#

Choose which authentication providers users can log in from. We currently offer:

Apple and Google are coming soon.

In order to use these providers, you need to add their respective keys. You can create keys for these providers by visiting their developer portals, linked above.