docs: ✏️ Improve OIDC docs (#6628)

apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Packaged version for Linux.html

@@ -59,6 +59,102 @@ WantedBy=multi-user.target</code></pre>
   <li>You can now open a browser to http://[your-server-hostname]:8080 and you
     should see the Trilium initialization page.</li>
 </ul>
+<h2>Simple Autoupdate for Server</h2>
+<p>Run as the same User Trilium runs</p>
+<p>if you run as root please remove 'sudo' from the commands</p>
+<p>requires "jq" <code>apt install jq</code>
+</p>
+<p>It will stop the service above, overwrite everything (i expect no config.ini),
+  and start service It also creates a version file in the Trilium directory
+  so it updates only with a newer Version</p><pre><code class="language-text-x-trilium-auto">#!/bin/bash
+
+# Configuration
+REPO="TriliumNext/Trilium"
+PATTERN="TriliumNotes-Server-.*-linux-x64.tar.xz"
+DOWNLOAD_DIR="/var/tmp/trilium_download"
+OUTPUT_DIR="/opt/trilium"
+SERVICE_NAME="trilium"
+VERSION_FILE="$OUTPUT_DIR/version.txt"
+
+# Ensure dependencies are installed
+command -v curl &gt;/dev/null 2&gt;&amp;1 || { echo "Error: curl is required"; exit 1; }
+command -v jq &gt;/dev/null 2&gt;&amp;1 || { echo "Error: jq is required"; exit 1; }
+command -v tar &gt;/dev/null 2&gt;&amp;1 || { echo "Error: tar is required"; exit 1; }
+
+# Create download directory
+mkdir -p "$DOWNLOAD_DIR" || { echo "Error: Cannot create $DOWNLOAD_DIR"; exit 1; }
+
+# Get the latest release version
+LATEST_VERSION=$(curl -sL https://api.github.com/repos/$REPO/releases/latest | jq -r '.tag_name')
+if [ -z "$LATEST_VERSION" ]; then
+  echo "Error: Could not fetch latest release version"
+  exit 1
+fi
+
+# Check current installed version (from version.txt or existing tarball)
+CURRENT_VERSION=""
+if [ -f "$VERSION_FILE" ]; then
+  CURRENT_VERSION=$(cat "$VERSION_FILE")
+elif [ -f "$DOWNLOAD_DIR/TriliumNotes-Server-$LATEST_VERSION-linux-x64.tar.xz" ]; then
+  CURRENT_VERSION="$LATEST_VERSION"
+fi
+
+# Compare versions
+if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ]; then
+  echo "Latest version ($LATEST_VERSION) is already installed"
+  exit 0
+fi
+
+# Download the latest release
+LATEST_URL=$(curl -sL https://api.github.com/repos/$REPO/releases/latest | jq -r ".assets[] | select(.name | test(\"$PATTERN\")) | .browser_download_url")
+if [ -z "$LATEST_URL" ]; then
+  echo "Error: No asset found matching pattern '$PATTERN'"
+  exit 1
+fi
+
+FILE_NAME=$(basename "$LATEST_URL")
+FILE_PATH="$DOWNLOAD_DIR/$FILE_NAME"
+
+# Download if not already present
+if [ -f "$FILE_PATH" ]; then
+  echo "Latest release $FILE_NAME already downloaded"
+else
+  curl -LO --output-dir "$DOWNLOAD_DIR" "$LATEST_URL" || { echo "Error: Download failed"; exit 1; }
+  echo "Downloaded $FILE_NAME to $DOWNLOAD_DIR"
+fi
+
+# Extract the tarball
+EXTRACT_DIR="$DOWNLOAD_DIR/extracted"
+mkdir -p "$EXTRACT_DIR"
+tar -xJf "$FILE_PATH" -C "$EXTRACT_DIR" || { echo "Error: Extraction failed"; exit 1; }
+
+# Find the extracted directory (e.g., TriliumNotes-Server-0.97.2-linux-x64)
+INNER_DIR=$(find "$EXTRACT_DIR" -maxdepth 1 -type d -name "TriliumNotes-Server-*-linux-x64" | head -n 1)
+if [ -z "$INNER_DIR" ]; then
+  echo "Error: Could not find extracted directory matching TriliumNotes-Server-*-linux-x64"
+  exit 1
+fi
+
+# Stop the trilium-server service
+if systemctl is-active --quiet "$SERVICE_NAME"; then
+  echo "Stopping $SERVICE_NAME service..."
+  sudo systemctl stop "$SERVICE_NAME" || { echo "Error: Failed to stop $SERVICE_NAME"; exit 1; }
+fi
+
+# Copy contents to /opt/trilium, overwriting existing files
+echo "Copying contents from $INNER_DIR to $OUTPUT_DIR..."
+sudo mkdir -p "$OUTPUT_DIR"
+sudo cp -r "$INNER_DIR"/* "$OUTPUT_DIR"/ || { echo "Error: Copy failed"; exit 1; }
+echo "$LATEST_VERSION" | sudo tee "$VERSION_FILE" &gt;/dev/null
+echo "Files copied to $OUTPUT_DIR"
+
+# Start the trilium-server service
+echo "Starting $SERVICE_NAME service..."
+sudo systemctl start "$SERVICE_NAME" || { echo "Error: Failed to start $SERVICE_NAME"; exit 1; }
+
+# Clean up
+rm -rf "$EXTRACT_DIR"
+echo "Cleanup complete. Trilium updated to $LATEST_VERSION."</code></pre>
 <h2>Common issues</h2>
 <h3>Outdated glibc</h3><pre><code class="language-text-x-trilium-auto">Error: /usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by /var/www/virtual/.../node_modules/@mlink/scrypt/build/Release/scrypt.node)
     at Object.Module._extensions..node (module.js:681:18)

apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.html

@@ -1,6 +1,6 @@
 <p>Official docker images are published on docker hub for <strong>AMD64</strong>, <strong>ARMv7</strong> and <strong>ARM64/v8</strong>:
   <a
-  href="https://hub.docker.com/r/triliumnext/notes/">https://hub.docker.com/r/triliumnext/notes/</a>
+  href="https://hub.docker.com/r/triliumnext/trilium/">https://hub.docker.com/r/triliumnext/trilium/</a>
 </p>
 <h2>Prerequisites</h2>
 <p>Ensure Docker is installed on your system.</p>
@@ -15,7 +15,7 @@
       mounting your SMB share.</p>
 </aside>
 <h2>Running with Docker Compose</h2>
-<h3>Grab the latest docker-compose.yml:</h3><pre><code class="language-text-x-trilium-auto">wget https://raw.githubusercontent.com/TriliumNext/Notes/master/docker-compose.yml</code></pre>
+<h3>Grab the latest docker-compose.yml:</h3><pre><code class="language-text-x-trilium-auto">wget https://raw.githubusercontent.com/TriliumNext/Trilium/master/docker-compose.yml</code></pre>
 <p>Optionally, edit the <code>docker-compose.yml</code> file to configure the
   container settings prior to starting it. Unless configured otherwise, the
   data directory will be <code>~/trilium-data</code> and the container will
@@ -26,7 +26,7 @@
 <h3>Pulling the Docker Image</h3>
 <p>To pull the image, use the following command, replacing <code>[VERSION]</code> with
   the desired version or tag, such as <code>v0.91.6</code> or just <code>latest</code>.
-  (See published tag names at <a href="https://hub.docker.com/r/triliumnext/notes/tags">https://hub.docker.com/r/triliumnext/notes/tags</a>.):</p><pre><code class="language-text-x-trilium-auto">docker pull triliumnext/notes:v0.91.6</code></pre>
+  (See published tag names at <a href="https://hub.docker.com/r/triliumnext/trilium/tags">https://hub.docker.com/r/triliumnext/trilium/tags</a>.):</p><pre><code class="language-text-x-trilium-auto">docker pull triliumnext/trilium:v0.91.6</code></pre>
 <p><strong>Warning:</strong> Avoid using the "latest" tag, as it may automatically
   upgrade your instance to a new minor version, potentially disrupting sync
   setups or causing other issues.</p>
@@ -37,7 +37,7 @@
 <h4>Local Access Only</h4>
 <p>Run the container to make it accessible only from the localhost. This
   setup is suitable for testing or when using a proxy server like Nginx or
-  Apache.</p><pre><code class="language-text-x-trilium-auto">sudo docker run -t -i -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:[VERSION]</code></pre>
+  Apache.</p><pre><code class="language-text-x-trilium-auto">sudo docker run -t -i -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/trilium:[VERSION]</code></pre>
 <ol>
   <li>Verify the container is running using <code>docker ps</code>.</li>
   <li>Access Trilium via a web browser at <code>127.0.0.1:8080</code>.</li>
@@ -45,20 +45,20 @@
 <h4>Local Network Access</h4>
 <p>To make the container accessible only on your local network, first create
   a new Docker network:</p><pre><code class="language-text-x-trilium-auto">docker network create -d macvlan -o parent=eth0 --subnet 192.168.2.0/24 --gateway 192.168.2.254 --ip-range 192.168.2.252/27 mynet</code></pre>
-<p>Then, run the container with the network settings:</p><pre><code class="language-text-x-trilium-auto">docker run --net=mynet -d -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:-latest</code></pre>
+<p>Then, run the container with the network settings:</p><pre><code class="language-text-x-trilium-auto">docker run --net=mynet -d -p 127.0.0.1:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/trilium:-latest</code></pre>
 <p>To set a different user ID (UID) and group ID (GID) for the saved data,
-  use the <code>USER_UID</code> and <code>USER_GID</code> environment variables:</p><pre><code class="language-text-x-trilium-auto">docker run --net=mynet -d -p 127.0.0.1:8080:8080 -e "USER_UID=1001" -e "USER_GID=1001" -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:-latest</code></pre>
+  use the <code>USER_UID</code> and <code>USER_GID</code> environment variables:</p><pre><code class="language-text-x-trilium-auto">docker run --net=mynet -d -p 127.0.0.1:8080:8080 -e "USER_UID=1001" -e "USER_GID=1001" -v ~/trilium-data:/home/node/trilium-data triliumnext/trilium:-latest</code></pre>
 <p>Find the local IP address using <code>docker inspect [container_name]</code> and
   access the service from devices on the local network.</p><pre><code class="language-text-x-trilium-auto">docker ps
 docker inspect [container_name]</code></pre>
 <h4>Global Access</h4>
-<p>To allow access from any IP address, run the container as follows:</p><pre><code class="language-text-x-trilium-auto">docker run -d -p 0.0.0.0:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/notes:[VERSION]</code></pre>
+<p>To allow access from any IP address, run the container as follows:</p><pre><code class="language-text-x-trilium-auto">docker run -d -p 0.0.0.0:8080:8080 -v ~/trilium-data:/home/node/trilium-data triliumnext/trilium:[VERSION]</code></pre>
 <p>Stop the container with <code>docker stop &lt;CONTAINER ID&gt;</code>,
   where the container ID is obtained from <code>docker ps</code>.</p>
 <h3>Custom Data Directory</h3>
-<p>For a custom data directory, use:</p><pre><code class="language-text-x-trilium-auto">-v ~/YourOwnDirectory:/home/node/trilium-data triliumnext/notes:[VERSION]</code></pre>
+<p>For a custom data directory, use:</p><pre><code class="language-text-x-trilium-auto">-v ~/YourOwnDirectory:/home/node/trilium-data triliumnext/trilium:[VERSION]</code></pre>
 <p>If you want to run your instance in a non-default way, please use the
-  volume switch as follows: <code>-v ~/YourOwnDirectory:/home/node/trilium-data triliumnext/notes:&lt;VERSION&gt;</code>.
+  volume switch as follows: <code>-v ~/YourOwnDirectory:/home/node/trilium-data triliumnext/trilium:&lt;VERSION&gt;</code>.
   It is important to be aware of how Docker works for volumes, with the first
   path being your own and the second the one to virtually bind to. <a href="https://docs.docker.com/storage/volumes/">https://docs.docker.com/storage/volumes/</a> The
   path before the colon is the host directory, and the path after the colon
@@ -89,10 +89,10 @@ docker inspect [container_name]</code></pre>
 <p><em><strong>If you're unsure, stick to the “rootful” Docker image referenced above.</strong></em>
 </p>
 <p>Below are some commands to pull the rootless images:</p><pre><code class="language-text-x-trilium-auto"># For Debian-based image
-docker pull triliumnext/notes:rootless
+docker pull triliumnext/trilium:rootless
 
 # For Alpine-based image
-docker pull triliumnext/notes:rootless-alpine</code></pre>
+docker pull triliumnext/trilium:rootless-alpine</code></pre>
 <h3>Why Rootless?</h3>
 <p>Running containers as non-root is a security best practice that reduces
   the potential impact of container breakouts. If an attacker manages to
@@ -117,13 +117,13 @@ TRILIUM_UID=$(id -u) TRILIUM_GID=$(id -g) docker-compose -f docker-compose.rootl
 TRILIUM_DATA_DIR=/path/to/your/data TRILIUM_UID=$(id -u) TRILIUM_GID=$(id -g) docker-compose -f docker-compose.rootless.yml up -d
 </code></pre>
 <h4><strong>Using Docker CLI</strong></h4><pre><code class="language-text-x-trilium-auto"># Build the image
-docker build -t triliumnext/notes:rootless -f apps/server/Dockerfile.rootless .
+docker build -t triliumnext/trilium:rootless -f apps/server/Dockerfile.rootless .
 
 # Run with default UID/GID (1000:1000)
-docker run -d --name trilium -p 8080:8080 -v ~/trilium-data:/home/trilium/trilium-data triliumnext/notes:rootless
+docker run -d --name trilium -p 8080:8080 -v ~/trilium-data:/home/trilium/trilium-data triliumnext/trilium:rootless
 
 # Run with custom UID/GID
-docker run -d --name trilium -p 8080:8080 --user $(id -u):$(id -g) -v ~/trilium-data:/home/trilium/trilium-data triliumnext/notes:rootless
+docker run -d --name trilium -p 8080:8080 --user $(id -u):$(id -g) -v ~/trilium-data:/home/trilium/trilium-data triliumnext/trilium:rootless
 </code></pre>
 <h3>Environment Variables</h3>
 <ul>
@@ -176,11 +176,11 @@ TRILIUM_UID=1001 TRILIUM_GID=1001 docker-compose -f docker-compose.rootless.yml
 <h3>Building Custom Rootless Images</h3>
 <p>If you would prefer, you can also customize the UID/GID at build time:</p><pre><code class="language-text-x-trilium-auto"># For Debian-based image with custom UID/GID
 docker build --build-arg USER=myuser --build-arg UID=1001 --build-arg GID=1001 \
-  -t triliumnext/notes:rootless-custom -f apps/server/Dockerfile.rootless .
+  -t triliumnext/trilium:rootless-custom -f apps/server/Dockerfile.rootless .
 
 # For Alpine-based image with custom UID/GID
 docker build --build-arg USER=myuser --build-arg UID=1001 --build-arg GID=1001 \
-  -t triliumnext/notes:alpine-rootless-custom -f apps/server/Dockerfile.alpine.rootless .
+  -t triliumnext/trilium:alpine-rootless-custom -f apps/server/Dockerfile.alpine.rootless .
 </code></pre>
 <p>Available build arguments:</p>
 <ul>

apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html

@@ -27,36 +27,43 @@ class="admonition warning">
   </aside>
   <h3>TOTP</h3>
   <ol>
-    <li>Go to "Menu" -&gt; "Options" -&gt; "MFA"</li>
+    <li data-list-item-id="ee190226d19e91a9330c263fa05fc61e7">Go to "Menu" -&gt; "Options" -&gt; "MFA"</li>
-    <li>Click the “Enable Multi-Factor Authentication” checkbox if not checked</li>
+    <li data-list-item-id="ec7573505a7c9607c44a6a525a063fd3d">Click the “Enable Multi-Factor Authentication” checkbox if not checked</li>
-    <li>Choose “Time-Based One-Time Password (TOTP)” under MFA Method</li>
+    <li
-    <li>Click the "Generate TOTP Secret" button</li>
+    data-list-item-id="e49b476d39ceb086ac8ffab93be7ddb46">Choose “Time-Based One-Time Password (TOTP)” under MFA Method</li>
-    <li>Copy the generated secret to your authentication app/extension</li>
+      <li
-    <li>Click the "Generate Recovery Codes" button</li>
+      data-list-item-id="e8104db62f8a7b835cba5c79377ea441d">Click the "Generate TOTP Secret" button</li>
-    <li>Save the recovery codes. Recovery codes can be used once in place of the
+        <li data-list-item-id="e4928e65314a99efe44ee2806c989ac45">Copy the generated secret to your authentication app/extension</li>
+        <li
+        data-list-item-id="ea96afadbac44638a6ec6e13733e23b53">Click the "Generate Recovery Codes" button</li>
+          <li data-list-item-id="e67fffe2e3d945b23f93668c3ead03da7">Save the recovery codes. Recovery codes can be used once in place of the
             TOTP if you loose access to your authenticator. After a rerecovery code
             is used, it will show the unix timestamp when it was used in the MFA options
             tab.</li>
-    <li>Re-login will be required after TOTP setup is finished (After you refreshing
+          <li data-list-item-id="ee94c4493042bb4d50ef6e07a30c65b95">Re-login will be required after TOTP setup is finished (After you refreshing
             the page).</li>
   </ol>
   <h3>OpenID</h3>
   <p>In order to setup OpenID, you will need to setup a authentication provider.
     This requires a bit of extra setup. Follow <a href="https://developers.google.com/identity/openid-connect/openid-connect">these instructions</a> to
-    setup an OpenID service through google.</p>
+    setup an OpenID service through google. The Redirect URL of Trilium is <code>https://&lt;your-trilium-domain&gt;/callback</code>.</p>
   <ol>
-    <li>Set the <code>oauthBaseUrl</code>, <code>oauthClientId</code> and <code>oauthClientSecret</code> in
+    <li data-list-item-id="e12ea6450b407f0bbcb4109ef082bdfe3">Set the <code>oauthBaseUrl</code>, <code>oauthClientId</code> and <code>oauthClientSecret</code> in
       the <code>config.ini</code> file (check&nbsp;<a class="reference-link" href="#root/_help_Gzjqa934BdH4">Configuration (config.ini or environment variables)</a>&nbsp;for
       more information).
       <ol>
-        <li>You can also setup through environment variables (<code>TRILIUM_OAUTH_BASE_URL</code>, <code>TRILIUM_OAUTH_CLIENT_ID</code> and <code>TRILIUM_OAUTH_CLIENT_SECRET</code>).</li>
+        <li data-list-item-id="ed369d1f114cb20a128dc286729d8370d">You can also setup through environment variables (<code>TRILIUM_OAUTH_BASE_URL</code>, <code>TRILIUM_OAUTH_CLIENT_ID</code> and <code>TRILIUM_OAUTH_CLIENT_SECRET</code>).</li>
+        <li
+        data-list-item-id="e1b13f1b5f3be3cf1d2cb4f26da326b60"><code>oauthBaseUrl</code> should be the link of your Trilium instance server,
+          for example, <code>https://&lt;your-trilium-domain&gt;</code>.</li>
     </ol>
     </li>
-    <li>Restart the server</li>
+    <li data-list-item-id="e7e03745ea93c9ce8d79cfb4bd2815db2">Restart the server</li>
-    <li>Go to "Menu" -&gt; "Options" -&gt; "MFA"</li>
+    <li data-list-item-id="edbb2231e1ec4b4d1296245db1ab87f8d">Go to "Menu" -&gt; "Options" -&gt; "MFA"</li>
-    <li>Click the “Enable Multi-Factor Authentication” checkbox if not checked</li>
+    <li data-list-item-id="e1300f72967b25817d5944b27afa26182">Click the “Enable Multi-Factor Authentication” checkbox if not checked</li>
-    <li>Choose “OAuth/OpenID” under MFA Method</li>
+    <li
-    <li>Refresh the page and login through OpenID provider</li>
+    data-list-item-id="ea1290a6b9568d1f4bf44c803d366248d">Choose “OAuth/OpenID” under MFA Method</li>
+      <li data-list-item-id="e1801298cdda474547d810959fc3e79ef">Refresh the page and login through OpenID provider</li>
   </ol>
   <aside class="admonition note">
     <p>The default OAuth issuer is Google. To use other services such as Authentik
@@ -66,3 +73,24 @@ class="admonition warning">
       and <code>TRILIUM_OAUTH_ISSUER_ICON</code>. <code>oauthIssuerName</code> and <code>oauthIssuerIcon</code> are
       required for displaying correct issuer information at the Login page.</p>
   </aside>
+  <h4>Authentik</h4>
+  <p>If you don’t already have a running Authentik instance, please follow
+    <a
+    href="https://docs.goauthentik.io/docs/install-config/install/docker-compose">these instructions</a>to set one up.</p>
+  <ol>
+    <li data-list-item-id="eedb3ea2a0107b0bc34a61a088fba1b2d">In the Authentik admin dashboard, create a new OAuth2 application by following
+      <a
+      href="https://docs.goauthentik.io/docs/add-secure-apps/providers/oauth2/create-oauth2-provider">these steps</a>. Make sure to set the Redirect URL to: <code>https://&lt;your-trilium-domain&gt;/callback</code>.</li>
+    <li
+    data-list-item-id="eb98f26412740c574a384128637681e7d">In your config.ini file, set the relevant OAuth variables:
+      <ol>
+        <li data-list-item-id="e12ec552e0c5ce7f6a12af520dc6d8aa2"><code>oauthIssuerBaseUrl</code> → Use the <code>OpenID Configuration Issuer</code> URL
+          from your application's overview page.</li>
+        <li data-list-item-id="e3f6d6bbf6cf4cdee38be3a7d53bd57b9"><code>oauthIssuerName</code> and <code>oauthIssuerIcon</code> → Set these
+          to customize the name and icon displayed on the login page. If omitted,
+          Google’s name and icon will be shown by default.</li>
+      </ol>
+      </li>
+      <li data-list-item-id="eeae084919db88733646612f3c4f55a6e">Apply the changes by restarting your server.</li>
+      <li data-list-item-id="ec71ab917862af5f96f2a5567d82ac0da">Proceed with the remaining steps starting from Step 3 in the OpenID section.</li>
+  </ol>

docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Packaged version for Linux.md

@@ -60,15 +60,16 @@ sudo systemctl enable --now -q trilium
 ```
 
 *   You can now open a browser to http://\[your-server-hostname\]:8080 and you should see the Trilium initialization page.
+
 ## Simple Autoupdate for Server
+
 Run as the same User Trilium runs
 
 if you run as root please remove 'sudo' from the commands
 
-requires "jq" ```apt install jq```
+requires "jq" `apt install jq`
 
-It will stop the service above, overwrite everything (i expect no config.ini), and start service
+It will stop the service above, overwrite everything (i expect no config.ini), and start service It also creates a version file in the Trilium directory so it updates only with a newer Version
-It also creates a version file in the Trilium directory so it updates only with a newer Version
 
 ```
 #!/bin/bash

docs/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.md

@@ -34,10 +34,11 @@ MFA can only be set up on a server instance.
 
 ### OpenID
 
-In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow [these instructions](https://developers.google.com/identity/openid-connect/openid-connect) to setup an OpenID service through google.
+In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow [these instructions](https://developers.google.com/identity/openid-connect/openid-connect) to setup an OpenID service through google. The Redirect URL of Trilium is `https://<your-trilium-domain>/callback`.
 
 1.  Set the `oauthBaseUrl`, `oauthClientId` and `oauthClientSecret` in the `config.ini` file (check <a class="reference-link" href="../../Advanced%20Usage/Configuration%20(config.ini%20or%20e.md">Configuration (config.ini or environment variables)</a> for more information).
     1.  You can also setup through environment variables (`TRILIUM_OAUTH_BASE_URL`, `TRILIUM_OAUTH_CLIENT_ID` and `TRILIUM_OAUTH_CLIENT_SECRET`).
+    2.  `oauthBaseUrl` should be the link of your Trilium instance server, for example, `https://<your-trilium-domain>`.
 2.  Restart the server
 3.  Go to "Menu" -> "Options" -> "MFA"
 4.  Click the “Enable Multi-Factor Authentication” checkbox if not checked
@@ -46,3 +47,14 @@ In order to setup OpenID, you will need to setup a authentication provider. This
 
 > [!NOTE]
 > The default OAuth issuer is Google. To use other services such as Authentik or Auth0, you can configure the settings via `oauthIssuerBaseUrl`, `oauthIssuerName`, and `oauthIssuerIcon` in the `config.ini` file. Alternatively, these values can be set using environment variables: `TRILIUM_OAUTH_ISSUER_BASE_URL`, `TRILIUM_OAUTH_ISSUER_NAME`, and `TRILIUM_OAUTH_ISSUER_ICON`. `oauthIssuerName` and `oauthIssuerIcon` are required for displaying correct issuer information at the Login page.
+
+#### Authentik
+
+If you don’t already have a running Authentik instance, please follow [these instructions](https://docs.goauthentik.io/docs/install-config/install/docker-compose) to set one up.
+
+1.  In the Authentik admin dashboard, create a new OAuth2 application by following [these steps](https://docs.goauthentik.io/docs/add-secure-apps/providers/oauth2/create-oauth2-provider). Make sure to set the Redirect URL to: `https://<your-trilium-domain>/callback`.
+2.  In your config.ini file, set the relevant OAuth variables:
+    1.  `oauthIssuerBaseUrl` → Use the `OpenID Configuration Issuer` URL from your application's overview page.
+    2.  `oauthIssuerName` and `oauthIssuerIcon` → Set these to customize the name and icon displayed on the login page. If omitted, Google’s name and icon will be shown by default.
+3.  Apply the changes by restarting your server.
+4.  Proceed with the remaining steps starting from Step 3 in the OpenID section.