284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
30 lines
1.7 KiB
Markdown
30 lines
1.7 KiB
Markdown
# Mobile App Access on an Appliance
|
|
|
|
Mobile sign-in is an EE feature: CE (open-source) builds reject the mobile token
|
|
exchange and report `enabled: false` from the capabilities endpoint, so the app refuses
|
|
to save a CE host. The appliance runs the EE image, where access is governed by the
|
|
license tier (`MOBILE_ACCESS`).
|
|
|
|
The published AlgaPSA mobile app (App Store / Google Play) can connect to any appliance:
|
|
the user opens **Change server** on the sign-in screen (or scans the **Connect this
|
|
server** QR on the MSP dashboard's mobile-app card) and the app validates the host via
|
|
`GET /api/v1/mobile/auth/capabilities` before saving it. Sign-in then runs the standard
|
|
web handoff (`/auth/mobile/handoff`) against the appliance.
|
|
|
|
## Operator configuration
|
|
|
|
- `NEXTAUTH_URL` — the appliance's public URL (same value as the setup page's App URL).
|
|
Drives the handoff redirect and OAuth callbacks; mobile sign-in fails without it.
|
|
- `GOOGLE_OAUTH_CLIENT_ID` / `GOOGLE_OAUTH_CLIENT_SECRET` and/or
|
|
`MICROSOFT_OAUTH_CLIENT_ID` / `MICROSOFT_OAUTH_CLIENT_SECRET` — at least one SSO
|
|
provider must be configured; the capabilities endpoint only advertises providers whose
|
|
credentials resolve, and the app shows "SSO is not configured" otherwise. Native Apple
|
|
sign-in works only against Alga Cloud.
|
|
- `ALGA_MOBILE_HOST_ALLOWLIST` — optional, comma-separated hostnames permitted for
|
|
mobile sign-in. Leave empty to allow the appliance host; if set, it must include the
|
|
appliance's own hostname or the app blocks sign-in with "domain not allowed".
|
|
|
|
The dashboard's connect QR encodes `alga://server?url=<this server's origin>` and only
|
|
renders on self-host installs (`isSelfHostLicensing()`); Alga Cloud hides it because the
|
|
published app already defaults to that host.
|