Self-Hosting
Loading...

Authentication setup

Configure OAuth providers or email login for your self-hosted Tambo deployment.

Tambo supports two authentication modes for the dashboard: OAuth (Google and/or GitHub) and email login (via Resend). You must configure at least one.

Priority rules

  • If any OAuth provider is configured, the deployment uses OAuth only (email settings are ignored).
  • Email login is only active when no OAuth providers are configured.
  • If neither is configured, users cannot sign in.

Google OAuth

  1. Go to Google Cloud Console
  2. Create an OAuth 2.0 Client ID
  3. Add authorized redirect URIs:
    • Local: http://localhost:8260/api/auth/callback/google
    • Production: https://your-domain.com/api/auth/callback/google
  4. Copy the Client ID and Secret to docker.env:
GOOGLE_CLIENT_ID=your-client-id
GOOGLE_CLIENT_SECRET=your-client-secret

GitHub OAuth

  1. Go to GitHub Developer Settings
  2. Create a new OAuth App
  3. Set the Authorization callback URL:
    • Local: http://localhost:8260/api/auth/callback/github
    • Production: https://your-domain.com/api/auth/callback/github
  4. Copy the Client ID and Secret to docker.env:
GITHUB_CLIENT_ID=your-client-id
GITHUB_CLIENT_SECRET=your-client-secret

Email login via Resend

Email login requires Resend for sending magic link emails. Set at minimum:

RESEND_API_KEY=your-resend-api-key
EMAIL_FROM_DEFAULT=noreply@your-domain.com

See Environment Variables for additional email configuration options.

Environment variables

Complete reference for all Tambo self-hosting environment variables.

Docker Compose deployment

Deploy self-hosted Tambo with Docker Compose, including production considerations.

On this page

Priority rulesGoogle OAuthGitHub OAuthEmail login via Resend