Pocket ID
Implement secure, passwordless sign-ins for your services. This simple OIDC provider uses only passkeys, making authentication easy for you and your users.
Pocket ID is a straightforward OpenID Connect (OIDC) provider designed for simplicity and ease of use. While other self-hosted solutions can be overly complex for many projects, this tool offers a lightweight alternative for managing user authentication.
What makes it unique is its exclusive support for passkey authentication. This means your services will operate entirely without passwords, embracing a more secure and modern approach. Users can easily and securely sign in to all your self-hosted services using physical security keys like a Yubikey or their device's built-in biometrics.
Getting started is simple, with the recommended setup method being a straightforward Docker deployment. This allows you to quickly integrate a robust, passwordless login system into your applications.
Directory Structure
docker-compose.yml
services:
pocket-id:
image: ghcr.io/pocket-id/pocket-id:v2
restart: unless-stopped
env_file: .env
ports:
- 1411:1411
volumes:
- "./data:/app/data"
# Optional healthcheck
healthcheck:
test: [ "CMD", "/app/pocket-id", "healthcheck" ]
interval: 1m30s
timeout: 5s
retries: 2
start_period: 10s.env
# See the documentation for more information: https://pocket-id.org/docs/configuration/environment-variables
# These variables must be configured for your deployment:
APP_URL=https://your-pocket-id-domain.com
# Encryption key (choose one method):
# Method 1: Direct key (simple but less secure)
# Generate with: openssl rand -base64 32
ENCRYPTION_KEY=
# Method 2: File-based key (recommended)
# Put the base64 key in a file and point to it here.
# ENCRYPTION_KEY_FILE=/path/to/encryption_key
# These variables are optional but recommended to review:
TRUST_PROXY=false
MAXMIND_LICENSE_KEY=
PUID=1000
PGID=1000Tags:
Similar to Pocket ID