Documentation Index Fetch the complete documentation index at: https://oxy.tech/docs/llms.txt
Use this file to discover all available pages before exploring further.
Authentication in Oxy For operators. Authentication is configured by the person who deploys and administers the Oxy server. End users sign in through the web UI β they do not need to read this section.
Oxy supports several authentication methods that can be enabled individually or combined. All methods are configured entirely through environment variables β no config files required.
Available Methods
Magic Link Passwordless email sign-in via one-time links delivered through Amazon SES.
No passwords to manage.
Google OAuth Social login with Google accounts. One-click sign-in for users.
Okta OAuth Enterprise SSO integration with Okta Identity Cloud.
API Keys Programmatic access for automation and integrations.
Quick Configuration # Magic link (passwordless email) export MAGIC_LINK_FROM_EMAIL = noreply @ yourcompany . com export AWS_REGION = us-east-1 # Google OAuth export GOOGLE_CLIENT_ID = your_client_id . apps . googleusercontent . com export GOOGLE_CLIENT_SECRET = your_client_secret # Okta OAuth export OKTA_CLIENT_ID = your_okta_client_id export OKTA_CLIENT_SECRET = your_okta_client_secret export OKTA_DOMAIN = your-domain . okta . com oxy serve
Comparison Method Setup Best For Magic Link π‘ Medium (AWS SES) Passwordless access, all team sizes Google OAuth π‘ Medium Social login, zero password management Okta OAuth π‘ Medium Enterprise SSO, existing Okta deployments
Multiple Methods You can enable multiple methods simultaneously. Users will see all available sign-in options and choose their preferred one.
Local Development (No Cloud Required) For local development without any cloud accounts, use magic linkβs browser mode:
export MAGIC_LINK_LOCAL_TEST = 1 oxy serve
Sign-in emails open directly in your browser instead of being sent via SES.
See the Magic Link guide for details. 
