Skip to main content
WorkOS must be configured before users can sign in to a self-hosted OpenTaco deployment.

​
Setup flow

1

Sign in to WorkOS

Go to dashboard.workos.com and sign up or sign in.Create or select the project you will use for your OpenTaco environment.
2

Configure CORS, Redirects, and Webhooks

In your WorkOS dashboard, configure these sections:
  • Authentication > Sessions > Cross-Origin Resource Sharing (CORS)
    • Set https://<your-public-opentaco-url> as an allowed origin
  • Redirects:
    • Set callback: https://<your-public-opentaco-url>/api/auth/callback
    • Set sign-out redirect: https://<your-public-opentaco-url>/logout
  • Webhooks:
    • Create user.created webhook: https://<your-public-opentaco-url>/api/auth/workos/webhooks
3

Store WorkOS credentials

Copy the required WorkOS values, store them in your secret manager, and use them in your .env / secrets files:
  • WORKOS_CLIENT_ID
  • WORKOS_API_KEY
  • WORKOS_COOKIE_PASSWORD
  • WORKOS_WEBHOOK_SECRET
  • WORKOS_REDIRECT_URI
Do not commit these values to git.
4

Apply variables to the UI service

Inject all WorkOS variables into the UI runtime environment for your deployment target.
5

Verify login flow

Open your self-hosted OpenTaco URL and confirm you can reach and complete the login flow.