[{"data":1,"prerenderedAt":1057},["ShallowReactive",2],{"docs-admin\u002Foauth":3,"navigation":999},{"id":4,"title":5,"body":6,"description":991,"extension":992,"meta":993,"navigation":994,"path":995,"seo":996,"stem":997,"__hash__":998},"docs\u002F2.admin\u002F3.oauth.md","Configuring OAuth \u002F OIDC Authentication",{"type":7,"value":8,"toc":956},"minimark",[9,13,22,34,37,42,85,87,91,106,138,140,144,147,152,155,165,176,182,192,196,199,220,235,239,246,250,253,319,326,328,332,416,418,422,437,441,448,452,463,608,615,621,623,627,633,637,643,663,667,673,676,680,686,694,696,700,714,716,720,724,777,780,816,819,844,846,850,857,860,884,888,898,916,925,941,949,952],[10,11,5],"h1",{"id":12},"configuring-oauth-oidc-authentication",[14,15,16,17,21],"p",{},"udServer uses the ",[18,19,20],"strong",{},"OAuth 2.0 Authorization Code flow with OpenID Connect (OIDC)"," for all user authentication. There is no built-in username\u002Fpassword login — every user authenticates through a configured identity provider (IdP).",[14,23,24,25,29,30,33],{},"At least one provider must be registered before anyone can log in. Until one is configured, ",[26,27,28],"code",{},"\u002F_user\u002Fwhoami"," will return ",[26,31,32],{},"\"needsAuthProvider\": true"," and the server portal will prompt for initial setup.",[35,36],"hr",{},[38,39,41],"h2",{"id":40},"how-it-works","How It Works",[43,44,45,53,60,75,78],"ol",{},[46,47,48,49,52],"li",{},"The browser visits ",[26,50,51],{},"\u002F_oauth\u002Flogin?provider=\u003Cid>"," and is redirected to the IdP's authorisation endpoint.",[46,54,55,56,59],{},"After the user authenticates with the IdP, they are redirected back to ",[26,57,58],{},"{serverURL}\u002Fapi\u002F_oauth\u002Fredirect"," with an authorisation code.",[46,61,62,63,66,67,70,71,74],{},"udServer exchanges the code for tokens at the IdP's token endpoint, decodes the returned ",[26,64,65],{},"id_token"," (JWT), and reads the ",[26,68,69],{},"email"," and ",[26,72,73],{},"name"," claims.",[46,76,77],{},"If a user with that email address already exists they are logged in; otherwise a new account is created automatically.",[46,79,80,81,84],{},"A session cookie (",[26,82,83],{},"apikey",") is set and the browser is sent to the portal.",[35,86],{},[38,88,90],{"id":89},"prerequisites","Prerequisites",[14,92,93,94,97,98,100,101,70,103,105],{},"You need an OAuth 2.0 \u002F OIDC-compliant identity provider. Any provider that supports the ",[18,95,96],{},"Authorization Code flow"," and returns an ",[26,99,65],{}," with ",[26,102,69],{},[26,104,73],{}," claims will work. Common choices include:",[107,108,109,115,120,125,130,135],"ul",{},[46,110,111,114],{},[18,112,113],{},"Microsoft Entra ID"," (formerly Azure AD)",[46,116,117],{},[18,118,119],{},"Google Workspace",[46,121,122],{},[18,123,124],{},"Okta",[46,126,127],{},[18,128,129],{},"Keycloak",[46,131,132],{},[18,133,134],{},"Auth0",[46,136,137],{},"Any OIDC-compliant provider",[35,139],{},[38,141,143],{"id":142},"registering-an-application-in-your-idp","Registering an Application in Your IdP",[14,145,146],{},"Before adding a provider to udServer you must register udServer as an application (sometimes called a \"client\") in your IdP. The exact steps differ per IdP but you always need to configure:",[148,149,151],"h3",{"id":150},"redirect-uri","Redirect URI",[14,153,154],{},"Register the following URI as an allowed redirect (also called \"callback URL\"):",[156,157,162],"pre",{"className":158,"code":160,"language":161},[159],"language-text","https:\u002F\u002F\u003Cyour-udserver-hostname>\u002Fapi\u002F_oauth\u002Fredirect\n","text",[26,163,160],{"__ignoreMap":164},"",[14,166,167,168,171,172,175],{},"The URI is case-sensitive and must match exactly, including the scheme (",[26,169,170],{},"https:\u002F\u002F","). If your server runs on a non-standard HTTPS port (e.g. ",[26,173,174],{},"8443",") include it:",[156,177,180],{"className":178,"code":179,"language":161},[159],"https:\u002F\u002F\u003Cyour-udserver-hostname>:8443\u002Fapi\u002F_oauth\u002Fredirect\n",[26,181,179],{"__ignoreMap":164},[183,184,185],"blockquote",{},[14,186,187,188,191],{},"The ",[26,189,190],{},"serverURL"," setting in udServer's configuration must resolve to the same base URL, because udServer constructs the redirect URI from it at runtime.",[148,193,195],{"id":194},"required-scopes","Required Scopes",[14,197,198],{},"Request (or ensure the application is permitted to receive) the following scopes:",[107,200,201,206,211,215],{},[46,202,203],{},[26,204,205],{},"openid",[46,207,208],{},[26,209,210],{},"profile",[46,212,213],{},[26,214,69],{},[46,216,217],{},[26,218,219],{},"offline_access",[14,221,222,223,225,226,228,229,231,232,234],{},"udServer requests all four during the authorisation redirect. If ",[26,224,69],{}," or ",[26,227,210],{}," (which provides ",[26,230,73],{},") are not present in the returned ",[26,233,65],{},", user creation and login will fail.",[148,236,238],{"id":237},"grant-type","Grant Type",[14,240,241,242,245],{},"The application must be configured for the ",[18,243,244],{},"Authorization Code"," grant type. Implicit flow is not supported.",[148,247,249],{"id":248},"note-the-following-values","Note the Following Values",[14,251,252],{},"After registering the application you will need:",[254,255,256,269],"table",{},[257,258,259],"thead",{},[260,261,262,266],"tr",{},[263,264,265],"th",{},"Value",[263,267,268],{},"Where to find it",[270,271,272,283,293,307],"tbody",{},[260,273,274,280],{},[275,276,277],"td",{},[18,278,279],{},"Client ID",[275,281,282],{},"Provided by the IdP after app registration",[260,284,285,290],{},[275,286,287],{},[18,288,289],{},"Client Secret",[275,291,292],{},"Generated during or after app registration",[260,294,295,300],{},[275,296,297],{},[18,298,299],{},"Authorisation Endpoint",[275,301,302,303,306],{},"From the IdP's OIDC discovery document (",[26,304,305],{},"authorization_endpoint",")",[260,308,309,314],{},[275,310,311],{},[18,312,313],{},"Token Endpoint",[275,315,302,316,306],{},[26,317,318],{},"token_endpoint",[14,320,321,322,325],{},"Most IdPs publish a discovery document at ",[26,323,324],{},"https:\u002F\u002F\u003Cidp-domain>\u002F.well-known\u002Fopenid-configuration"," that lists both endpoints.",[35,327],{},[38,329,331],{"id":330},"provider-field-reference","Provider Field Reference",[254,333,334,344],{},[257,335,336],{},[260,337,338,341],{},[263,339,340],{},"Field",[263,342,343],{},"Description",[270,345,346,364,376,386,396,406],{},[260,347,348,353],{},[275,349,350],{},[26,351,352],{},"id",[275,354,355,356,359,360,363],{},"Internal identifier used in API calls and login URLs. Lowercase, no spaces (e.g. ",[26,357,358],{},"entra",", ",[26,361,362],{},"google","). Minimum 3 characters.",[260,365,366,370],{},[275,367,368],{},[26,369,73],{},[275,371,372,373,363],{},"Display name shown to users in the portal login screen (e.g. ",[26,374,375],{},"Contoso Azure AD",[260,377,378,383],{},[275,379,380],{},[26,381,382],{},"authendpoint",[275,384,385],{},"Full URL of the IdP's authorisation endpoint",[260,387,388,393],{},[275,389,390],{},[26,391,392],{},"tokenendpoint",[275,394,395],{},"Full URL of the IdP's token endpoint",[260,397,398,403],{},[275,399,400],{},[26,401,402],{},"client_id",[275,404,405],{},"The client\u002Fapplication ID from the IdP",[260,407,408,413],{},[275,409,410],{},[26,411,412],{},"client_secret",[275,414,415],{},"The client secret from the IdP",[35,417],{},[38,419,421],{"id":420},"first-time-setup-bootstrapping","First-Time Setup (Bootstrapping)",[14,423,424,425,428,429,432,433,436],{},"When no providers are configured the ",[26,426,427],{},"\u002F_auth\u002Fproviders\u002Fadd"," endpoint is ",[18,430,431],{},"publicly accessible"," to avoid a chicken-and-egg problem where you cannot log in to configure login. Once the first provider is successfully added this bootstrap access closes permanently; subsequent providers require the ",[18,434,435],{},"Server Config Edit"," global permission.",[148,438,440],{"id":439},"via-the-portal","Via the Portal",[14,442,443,444,447],{},"On first launch the udServer portal will detect that no auth provider is configured (",[26,445,446],{},"needsAuthProvider: true",") and present a setup form. Fill in the fields and submit.",[148,449,451],{"id":450},"via-the-api","Via the API",[14,453,454,455,458,459,462],{},"Send a ",[26,456,457],{},"POST"," to ",[26,460,461],{},"https:\u002F\u002F\u003Cyour-udserver-hostname>\u002Fapi\u002F_auth\u002Fproviders\u002Fadd",":",[156,464,468],{"className":465,"code":466,"language":467,"meta":164,"style":164},"language-json shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","{\n  \"id\": \"entra\",\n  \"name\": \"Contoso Azure AD\",\n  \"authendpoint\": \"https:\u002F\u002Flogin.microsoftonline.com\u002F\u003Ctenant-id>\u002Foauth2\u002Fv2.0\u002Fauthorize\",\n  \"tokenendpoint\": \"https:\u002F\u002Flogin.microsoftonline.com\u002F\u003Ctenant-id>\u002Foauth2\u002Fv2.0\u002Ftoken\",\n  \"client_id\": \"\u003Capplication-client-id>\",\n  \"client_secret\": \"\u003Capplication-client-secret>\"\n}\n","json",[26,469,470,479,504,523,543,563,583,602],{"__ignoreMap":164},[471,472,475],"span",{"class":473,"line":474},"line",1,[471,476,478],{"class":477},"sMK4o","{\n",[471,480,482,485,488,491,493,496,499,501],{"class":473,"line":481},2,[471,483,484],{"class":477},"  \"",[471,486,352],{"class":487},"spNyl",[471,489,490],{"class":477},"\"",[471,492,462],{"class":477},[471,494,495],{"class":477}," \"",[471,497,358],{"class":498},"sfazB",[471,500,490],{"class":477},[471,502,503],{"class":477},",\n",[471,505,507,509,511,513,515,517,519,521],{"class":473,"line":506},3,[471,508,484],{"class":477},[471,510,73],{"class":487},[471,512,490],{"class":477},[471,514,462],{"class":477},[471,516,495],{"class":477},[471,518,375],{"class":498},[471,520,490],{"class":477},[471,522,503],{"class":477},[471,524,526,528,530,532,534,536,539,541],{"class":473,"line":525},4,[471,527,484],{"class":477},[471,529,382],{"class":487},[471,531,490],{"class":477},[471,533,462],{"class":477},[471,535,495],{"class":477},[471,537,538],{"class":498},"https:\u002F\u002Flogin.microsoftonline.com\u002F\u003Ctenant-id>\u002Foauth2\u002Fv2.0\u002Fauthorize",[471,540,490],{"class":477},[471,542,503],{"class":477},[471,544,546,548,550,552,554,556,559,561],{"class":473,"line":545},5,[471,547,484],{"class":477},[471,549,392],{"class":487},[471,551,490],{"class":477},[471,553,462],{"class":477},[471,555,495],{"class":477},[471,557,558],{"class":498},"https:\u002F\u002Flogin.microsoftonline.com\u002F\u003Ctenant-id>\u002Foauth2\u002Fv2.0\u002Ftoken",[471,560,490],{"class":477},[471,562,503],{"class":477},[471,564,566,568,570,572,574,576,579,581],{"class":473,"line":565},6,[471,567,484],{"class":477},[471,569,402],{"class":487},[471,571,490],{"class":477},[471,573,462],{"class":477},[471,575,495],{"class":477},[471,577,578],{"class":498},"\u003Capplication-client-id>",[471,580,490],{"class":477},[471,582,503],{"class":477},[471,584,586,588,590,592,594,596,599],{"class":473,"line":585},7,[471,587,484],{"class":477},[471,589,412],{"class":487},[471,591,490],{"class":477},[471,593,462],{"class":477},[471,595,495],{"class":477},[471,597,598],{"class":498},"\u003Capplication-client-secret>",[471,600,601],{"class":477},"\"\n",[471,603,605],{"class":473,"line":604},8,[471,606,607],{"class":477},"}\n",[14,609,610,611,614],{},"On success the server returns ",[26,612,613],{},"{ \"success\": true }",". You can now log in at:",[156,616,619],{"className":617,"code":618,"language":161},[159],"https:\u002F\u002F\u003Cyour-udserver-hostname>\u002Fapi\u002F_oauth\u002Flogin?provider=entra\n",[26,620,618],{"__ignoreMap":164},[35,622],{},[38,624,626],{"id":625},"managing-providers-after-initial-setup","Managing Providers (After Initial Setup)",[14,628,629,630,632],{},"All provider management after first setup requires the ",[18,631,435],{}," global permission. Use an account that already has that permission (typically the first admin user created during initial setup).",[148,634,636],{"id":635},"list-providers","List Providers",[156,638,641],{"className":639,"code":640,"language":161},[159],"GET \u002Fapi\u002F_auth\u002Fproviders\u002Flist\n",[26,642,640],{"__ignoreMap":164},[14,644,645,646,70,648,650,651,359,654,656,657,659,660,662],{},"Without the Server Config Edit permission, only ",[26,647,352],{},[26,649,73],{}," are returned. With it, ",[26,652,653],{},"clientid",[26,655,382],{},", and ",[26,658,392],{}," are also included (the ",[26,661,412],{}," is never returned).",[148,664,666],{"id":665},"add-another-provider","Add Another Provider",[156,668,671],{"className":669,"code":670,"language":161},[159],"POST \u002Fapi\u002F_auth\u002Fproviders\u002Fadd\n",[26,672,670],{"__ignoreMap":164},[14,674,675],{},"Same body as the bootstrap call above.",[148,677,679],{"id":678},"remove-a-provider","Remove a Provider",[156,681,684],{"className":682,"code":683,"language":161},[159],"POST \u002Fapi\u002F_auth\u002Fproviders\u002Fremove\n\n{ \"id\": \"entra\" }\n",[26,685,683],{"__ignoreMap":164},[183,687,688],{},[14,689,690,693],{},[18,691,692],{},"Warning:"," If you remove the only configured provider, no one will be able to log in until the server is restarted.",[35,695],{},[38,697,699],{"id":698},"multiple-providers","Multiple Providers",[14,701,702,703,705,706,709,710,713],{},"Multiple providers are fully supported. Each must have a unique ",[26,704,352],{},". The portal login page will present a button for each configured provider. API clients specify which provider to use with the ",[26,707,708],{},"provider"," query parameter on ",[26,711,712],{},"\u002F_oauth\u002Flogin",".",[35,715],{},[38,717,719],{"id":718},"provider-specific-setup-notes","Provider-Specific Setup Notes",[148,721,723],{"id":722},"microsoft-entra-id-azure-ad","Microsoft Entra ID (Azure AD)",[43,725,726,732,743,749,764],{},[46,727,728,729,713],{},"Register a new app in ",[18,730,731],{},"Entra ID > App registrations",[46,733,734,735,738,739,742],{},"Under ",[18,736,737],{},"Authentication",", add a platform of type ",[18,740,741],{},"Web"," and set the redirect URI.",[46,744,734,745,748],{},[18,746,747],{},"Certificates & secrets",", create a new client secret and note its value.",[46,750,734,751,754,755,359,757,359,759,656,761,763],{},[18,752,753],{},"API permissions",", ensure ",[26,756,205],{},[26,758,210],{},[26,760,69],{},[26,762,219],{}," delegated permissions are granted.",[46,765,766,767,770,771],{},"Find your endpoints under ",[18,768,769],{},"Endpoints"," in the app overview — or use the discovery document at:\n",[156,772,775],{"className":773,"code":774,"language":161},[159],"https:\u002F\u002Flogin.microsoftonline.com\u002F\u003Ctenant-id>\u002Fv2.0\u002F.well-known\u002Fopenid-configuration\n",[26,776,774],{"__ignoreMap":164},[148,778,119],{"id":779},"google-workspace",[43,781,782,792,799],{},[46,783,784,785,788,789,713],{},"In ",[18,786,787],{},"Google Cloud Console",", create an OAuth 2.0 client ID under ",[18,790,791],{},"APIs & Services > Credentials",[46,793,794,795,798],{},"Set the application type to ",[18,796,797],{},"Web application"," and add the redirect URI.",[46,800,801,802],{},"Use the following endpoints:\n",[107,803,804,810],{},[46,805,806,807],{},"Auth: ",[26,808,809],{},"https:\u002F\u002Faccounts.google.com\u002Fo\u002Foauth2\u002Fv2\u002Fauth",[46,811,812,813],{},"Token: ",[26,814,815],{},"https:\u002F\u002Foauth2.googleapis.com\u002Ftoken",[148,817,129],{"id":818},"keycloak",[43,820,821,828,835],{},[46,822,823,824,827],{},"Create a new client in the target realm with ",[18,825,826],{},"Client authentication"," enabled.",[46,829,830,831,834],{},"Set the ",[18,832,833],{},"Valid redirect URIs"," to include the udServer redirect URI.",[46,836,837,838],{},"Retrieve the endpoints from:\n",[156,839,842],{"className":840,"code":841,"language":161},[159],"https:\u002F\u002F\u003Ckeycloak-host>\u002Frealms\u002F\u003Crealm>\u002F.well-known\u002Fopenid-configuration\n",[26,843,841],{"__ignoreMap":164},[35,845],{},[38,847,849],{"id":848},"troubleshooting","Troubleshooting",[148,851,853,854],{"id":852},"users-are-redirected-to-erroroauthfailure","Users are redirected to ",[26,855,856],{},"\u002F#error=oauthfailure",[14,858,859],{},"This indicates the token exchange failed. Check that:",[107,861,862,867,874,879],{},[46,863,187,864,866],{},[26,865,392],{}," URL is correct.",[46,868,187,869,70,871,873],{},[26,870,402],{},[26,872,412],{}," are correct and the secret has not expired.",[46,875,876,877,713],{},"The redirect URI registered in the IdP exactly matches ",[26,878,58],{},[46,880,187,881,883],{},[26,882,190],{}," configuration in udServer does not have a trailing slash and matches the scheme\u002Fhost\u002Fport the browser used.",[148,885,887],{"id":886},"users-cannot-log-in-but-the-oauth-flow-completes","Users cannot log in but the OAuth flow completes",[14,889,890,891,225,894,897],{},"If the redirect completes but no session is established, check the server logs for ",[26,892,893],{},"oauthfailure",[26,895,896],{},"nosession",". This can occur if:",[107,899,900,911],{},[46,901,187,902,904,905,907,908,910],{},[26,903,65],{}," returned by the IdP does not contain an ",[26,906,69],{}," claim — ensure the ",[26,909,69],{}," scope is granted.",[46,912,187,913,915],{},[26,914,69],{}," claim is present but the account is deactivated in udServer.",[148,917,919,922,923],{"id":918},"message-malformed-on-_authprovidersadd",[26,920,921],{},"\"message\": \"malformed\""," on ",[26,924,427],{},[14,926,927,928,359,930,359,932,359,934,359,936,359,938,940],{},"All six fields (",[26,929,352],{},[26,931,73],{},[26,933,382],{},[26,935,392],{},[26,937,402],{},[26,939,412],{},") are required and must each be at least 3 characters long.",[148,942,944,922,947],{"id":943},"message-notallowed-on-_authprovidersadd",[26,945,946],{},"\"message\": \"notallowed\"",[26,948,427],{},[14,950,951],{},"At least one provider is already configured and the request was made without a valid session that has the Server Config Edit global permission.",[953,954,955],"style",{},"html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":164,"searchDepth":481,"depth":481,"links":957},[958,959,960,966,967,971,976,977,982],{"id":40,"depth":481,"text":41},{"id":89,"depth":481,"text":90},{"id":142,"depth":481,"text":143,"children":961},[962,963,964,965],{"id":150,"depth":506,"text":151},{"id":194,"depth":506,"text":195},{"id":237,"depth":506,"text":238},{"id":248,"depth":506,"text":249},{"id":330,"depth":481,"text":331},{"id":420,"depth":481,"text":421,"children":968},[969,970],{"id":439,"depth":506,"text":440},{"id":450,"depth":506,"text":451},{"id":625,"depth":481,"text":626,"children":972},[973,974,975],{"id":635,"depth":506,"text":636},{"id":665,"depth":506,"text":666},{"id":678,"depth":506,"text":679},{"id":698,"depth":481,"text":699},{"id":718,"depth":481,"text":719,"children":978},[979,980,981],{"id":722,"depth":506,"text":723},{"id":779,"depth":506,"text":119},{"id":818,"depth":506,"text":129},{"id":848,"depth":481,"text":849,"children":983},[984,986,987,989],{"id":852,"depth":506,"text":985},"Users are redirected to \u002F#error=oauthfailure",{"id":886,"depth":506,"text":887},{"id":918,"depth":506,"text":988},"\"message\": \"malformed\" on \u002F_auth\u002Fproviders\u002Fadd",{"id":943,"depth":506,"text":990},"\"message\": \"notallowed\" on \u002F_auth\u002Fproviders\u002Fadd","udServer uses the OAuth 2.0 Authorization Code flow with OpenID Connect (OIDC) for all user authentication. There is no built-in username\u002Fpassword login — every user authenticates through a configured identity provider (IdP).","md",{},true,"\u002Fadmin\u002Foauth",{"title":5,"description":991},"2.admin\u002F3.oauth","QaI7S9LuZ26jZqQky_voYz_PDYpuTfrFVkXtV39PvPQ",[1000,1004,1033,1048],{"title":1001,"path":1002,"stem":1003},"udServer Manuals","\u002F","0.index",{"title":1005,"path":1006,"stem":1007,"children":1008},"User Guide","\u002Fdocs\u002Fuser","1.user\u002F0.index",[1009,1013,1017,1021,1025,1029],{"title":1010,"path":1011,"stem":1012},"Login","\u002Fdocs\u002Fuser\u002Flogin","1.user\u002F1.login",{"title":1014,"path":1015,"stem":1016},"3rd Party Licenses","\u002Fdocs\u002Fuser\u002Flicenses","1.user\u002Flicenses",{"title":1018,"path":1019,"stem":1020},"Organisations","\u002Fdocs\u002Fuser\u002Forganisations","1.user\u002Forganisations",{"title":1022,"path":1023,"stem":1024},"Permissions","\u002Fdocs\u002Fuser\u002Fpermissions","1.user\u002Fpermissions",{"title":1026,"path":1027,"stem":1028},"Connecting an AWS S3 Bucket to a Project","\u002Fdocs\u002Fuser\u002Fproject-s3-setup","1.user\u002Fproject-s3-setup",{"title":1030,"path":1031,"stem":1032},"Organisation Projects","\u002Fdocs\u002Fuser\u002Fprojects","1.user\u002Fprojects",{"title":1034,"path":1035,"stem":1036,"children":1037},"IT Administrators Guide","\u002Fdocs\u002Fadmin","2.admin\u002F0.index",[1038,1042,1046],{"title":1039,"path":1040,"stem":1041},"Generic Installation","\u002Fdocs\u002Fadmin\u002Fgettingstarted","2.admin\u002F1.gettingstarted",{"title":1043,"path":1044,"stem":1045},"Setting up on an Amazon EC2 instance","\u002Fdocs\u002Fadmin\u002Famazon-ec2","2.admin\u002F2.amazon-ec2",{"title":5,"path":1047,"stem":997},"\u002Fdocs\u002Fadmin\u002Foauth",{"title":1049,"path":1050,"stem":1051,"children":1052},"Developers Guide","\u002Fdocs\u002Fdev","3.dev\u002F0.index",[1053],{"title":1054,"path":1055,"stem":1056},"udServer API","\u002Fdocs\u002Fdev\u002Fudserverapi","3.dev\u002FudServerAPI",1779890364915]