diff --git a/docs/.vitepress/config.mjs b/docs/.vitepress/config.mjs
deleted file mode 100644
index b25a562..0000000
--- a/docs/.vitepress/config.mjs
+++ /dev/null
@@ -1,89 +0,0 @@
-import { defineConfig } from 'vitepress'
-
-// https://vitepress.dev/reference/site-config
-export default defineConfig({
- title: "AuthentiKate",
- description: "A lightweight SSO/OIDC solution built for homelabbers",
- head: [
- ['meta', { name: 'theme-color', content: '#3b82f6' }],
- ],
- themeConfig: {
- // https://vitepress.dev/reference/default-theme-config
- logo: '/logo.svg',
-
- nav: [
- { text: 'Home', link: '/' },
- { text: 'Guide', link: '/guide/installation' },
- { text: 'Configuration', link: '/config/environment' },
- { text: 'Integrations', link: '/integrations/overview' }
- ],
-
- sidebar: {
- '/guide/': [
- {
- text: 'Getting Started',
- items: [
- { text: 'Installation', link: '/guide/installation' },
- { text: 'Quick Start', link: '/guide/quick-start' },
- { text: 'First Setup', link: '/guide/first-setup' }
- ]
- },
- {
- text: 'User Management',
- items: [
- { text: 'Creating Users', link: '/guide/users' },
- { text: 'Invitations', link: '/guide/invitations' },
- { text: 'User Profiles', link: '/guide/profiles' }
- ]
- },
- {
- text: 'Applications',
- items: [
- { text: 'Managing Apps', link: '/guide/applications' },
- { text: 'OAuth Configuration', link: '/guide/oauth' }
- ]
- }
- ],
- '/config/': [
- {
- text: 'Configuration',
- items: [
- { text: 'Environment Variables', link: '/config/environment' },
- { text: 'Database Setup', link: '/config/database' },
- { text: 'Security Settings', link: '/config/security' },
- { text: 'Email Configuration', link: '/config/email' }
- ]
- }
- ],
- '/integrations/': [
- {
- text: 'Integrations',
- items: [
- { text: 'Overview', link: '/integrations/overview' },
- { text: 'Grafana', link: '/integrations/grafana' },
- { text: 'Nextcloud', link: '/integrations/nextcloud' },
- { text: 'Traefik', link: '/integrations/traefik' },
- { text: 'Other Applications', link: '/integrations/generic' }
- ]
- }
- ]
- },
-
- socialLinks: [
- { icon: 'github', link: 'https://github.com/jdubpark/authentikate' }
- ],
-
- footer: {
- message: 'Released under the MIT License.',
- copyright: 'Copyright © 2024-present AuthentiKate'
- },
-
- editLink: {
- pattern: 'https://github.com/jdubpark/authentikate/edit/main/docs/:path'
- },
-
- search: {
- provider: 'local'
- }
- }
-})
diff --git a/docs/config/email.md b/docs/config/email.md
deleted file mode 100644
index c09ce0f..0000000
--- a/docs/config/email.md
+++ /dev/null
@@ -1,360 +0,0 @@
-# Email Configuration
-
-Email is essential for user invitations, password resets, and account verification. This guide covers how to configure email in AuthentiKate.
-
-## Why Email Matters
-
-Email is used for:
-- **User Invitations**: Send registration links to new users
-- **Password Resets**: Allow users to reset forgotten passwords
-- **Email Verification**: Verify user email addresses
-- **Account Notifications**: Security alerts and updates
-
-## Basic SMTP Configuration
-
-Set these environment variables for SMTP email:
-
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=your-smtp-server.com
-MAIL_PORT=587
-MAIL_USERNAME=your-email@domain.com
-MAIL_PASSWORD=your-password
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=auth@yourdomain.com
-MAIL_FROM_NAME="AuthentiKate"
-```
-
-## Provider-Specific Configurations
-
-### Gmail
-
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=smtp.gmail.com
-MAIL_PORT=587
-MAIL_USERNAME=your-email@gmail.com
-MAIL_PASSWORD=your-app-password # Not your regular Gmail password!
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=your-email@gmail.com
-MAIL_FROM_NAME="Your Name"
-```
-
-**Important**: Use an [App Password](https://support.google.com/accounts/answer/185833), not your regular Gmail password.
-
-#### Creating Gmail App Password
-1. Enable 2-Factor Authentication on your Google account
-2. Go to **Google Account** → **Security** → **App passwords**
-3. Generate a new app password for "Mail"
-4. Use this 16-character password in `MAIL_PASSWORD`
-
-### Outlook/Hotmail
-
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=smtp-mail.outlook.com
-MAIL_PORT=587
-MAIL_USERNAME=your-email@outlook.com
-MAIL_PASSWORD=your-password
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=your-email@outlook.com
-MAIL_FROM_NAME="Your Name"
-```
-
-### Custom Domain Email
-
-If you have your own domain with email hosting:
-
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=mail.yourdomain.com
-MAIL_PORT=587
-MAIL_USERNAME=auth@yourdomain.com
-MAIL_PASSWORD=your-password
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=auth@yourdomain.com
-MAIL_FROM_NAME="AuthentiKate"
-```
-
-## Email Service Providers
-
-### SendGrid
-
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=smtp.sendgrid.net
-MAIL_PORT=587
-MAIL_USERNAME=apikey
-MAIL_PASSWORD=your-sendgrid-api-key
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=auth@yourdomain.com
-MAIL_FROM_NAME="AuthentiKate"
-```
-
-### Mailgun
-
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=smtp.mailgun.org
-MAIL_PORT=587
-MAIL_USERNAME=your-mailgun-username
-MAIL_PASSWORD=your-mailgun-password
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=auth@yourdomain.com
-MAIL_FROM_NAME="AuthentiKate"
-```
-
-### Amazon SES
-
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=email-smtp.us-east-1.amazonaws.com # Change region as needed
-MAIL_PORT=587
-MAIL_USERNAME=your-ses-smtp-username
-MAIL_PASSWORD=your-ses-smtp-password
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=auth@yourdomain.com
-MAIL_FROM_NAME="AuthentiKate"
-```
-
-### Postmark
-
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=smtp.postmarkapp.com
-MAIL_PORT=587
-MAIL_USERNAME=your-postmark-token
-MAIL_PASSWORD=your-postmark-token
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=auth@yourdomain.com
-MAIL_FROM_NAME="AuthentiKate"
-```
-
-## Docker Compose Configuration
-
-### Environment Variables
-
-```yaml
-services:
- authentikate:
- image: authentikate/authentikate:latest
- environment:
- # Gmail example
- MAIL_MAILER: smtp
- MAIL_HOST: smtp.gmail.com
- MAIL_PORT: 587
- MAIL_USERNAME: your-email@gmail.com
- MAIL_PASSWORD: your-app-password
- MAIL_ENCRYPTION: tls
- MAIL_FROM_ADDRESS: your-email@gmail.com
- MAIL_FROM_NAME: "AuthentiKate"
-```
-
-### Environment File
-
-Create a `.env` file:
-
-```bash
-# Email configuration
-MAIL_MAILER=smtp
-MAIL_HOST=smtp.gmail.com
-MAIL_PORT=587
-MAIL_USERNAME=your-email@gmail.com
-MAIL_PASSWORD=your-app-password
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=your-email@gmail.com
-MAIL_FROM_NAME="AuthentiKate"
-```
-
-Reference it in docker-compose.yml:
-
-```yaml
-services:
- authentikate:
- image: authentikate/authentikate:latest
- env_file: .env
-```
-
-## Testing Email Configuration
-
-### Send Test Email
-
-AuthentiKate includes a command to test email sending:
-
-```bash
-# Test email configuration
-docker exec -it authentikate php artisan tinker
-
-# In the tinker console:
-Mail::raw('Test email from AuthentiKate', function($message) {
- $message->to('test@example.com')->subject('Test Email');
-});
-```
-
-### Check Logs
-
-If emails aren't sending, check the logs:
-
-```bash
-# View container logs
-docker logs authentikate
-
-# Look for email-related errors
-docker logs authentikate 2>&1 | grep -i mail
-```
-
-## Advanced Configuration
-
-### Custom SMTP Port
-
-Some providers use different ports:
-
-```bash
-# Standard ports
-MAIL_PORT=25 # Unencrypted (not recommended)
-MAIL_PORT=587 # STARTTLS (recommended)
-MAIL_PORT=465 # SSL/TLS
-
-# Custom port
-MAIL_PORT=2525 # Some providers use alternate ports
-```
-
-### SSL/TLS Configuration
-
-```bash
-# Use TLS (recommended)
-MAIL_ENCRYPTION=tls
-
-# Use SSL (older, but still secure)
-MAIL_ENCRYPTION=ssl
-
-# No encryption (not recommended)
-MAIL_ENCRYPTION=null
-```
-
-### Multiple From Addresses
-
-Configure different senders for different email types:
-
-```bash
-# Default sender
-MAIL_FROM_ADDRESS=auth@yourdomain.com
-MAIL_FROM_NAME="AuthentiKate"
-
-# Admin notifications (configure in application)
-ADMIN_EMAIL_FROM=admin@yourdomain.com
-ADMIN_EMAIL_NAME="AuthentiKate Admin"
-```
-
-## Email Templates
-
-AuthentiKate uses customizable email templates for different purposes:
-
-### Invitation Email
-- **Subject**: "You're invited to join AuthentiKate"
-- **Content**: Welcome message with registration link
-- **Action**: "Complete Registration" button
-
-### Password Reset
-- **Subject**: "Reset your AuthentiKate password"
-- **Content**: Instructions for password reset
-- **Action**: "Reset Password" button
-
-### Email Verification
-- **Subject**: "Verify your email address"
-- **Content**: Verification instructions
-- **Action**: "Verify Email" button
-
-## Troubleshooting
-
-### Common Issues
-
-#### "Connection could not be established"
-```
-Swift_TransportException: Connection could not be established
-```
-
-**Solutions**:
-- Check SMTP server address and port
-- Verify firewall isn't blocking SMTP ports
-- Try different encryption settings (TLS vs SSL)
-
-#### "Authentication failed"
-```
-Swift_TransportException: Expected response code 235 but got code "535"
-```
-
-**Solutions**:
-- Verify username and password
-- Use App Password for Gmail
-- Check if 2FA is enabled and requires app password
-
-#### "From address not allowed"
-```
-Message: From address not allowed
-```
-
-**Solutions**:
-- Ensure `MAIL_FROM_ADDRESS` matches authenticated user
-- Configure your email provider to allow sending from this address
-- Use provider's verified domain
-
-### Debug Mode
-
-Enable email debugging:
-
-```bash
-# Add to environment
-LOG_LEVEL=debug
-MAIL_LOG_CHANNEL=single
-
-# Check detailed logs
-docker logs authentikate | grep -i mail
-```
-
-### Test with Different Providers
-
-If one provider doesn't work, try another:
-
-```bash
-# Try Gmail first (easiest to set up)
-MAIL_HOST=smtp.gmail.com
-
-# Then try SendGrid (good for production)
-MAIL_HOST=smtp.sendgrid.net
-
-# Or use a transactional service
-MAIL_HOST=smtp.mailgun.org
-```
-
-## Production Recommendations
-
-### Dedicated Email Service
-For production, use a dedicated email service:
-- **SendGrid**: Easy setup, good deliverability
-- **Mailgun**: Reliable, detailed analytics
-- **Amazon SES**: Cost-effective, AWS integration
-- **Postmark**: Fast delivery, great for transactional emails
-
-### Domain Authentication
-Set up SPF, DKIM, and DMARC records:
-
-```dns
-# SPF record
-yourdomain.com. TXT "v=spf1 include:_spf.google.com ~all"
-
-# DKIM (provided by email service)
-default._domainkey.yourdomain.com. TXT "v=DKIM1; k=rsa; p=..."
-
-# DMARC
-_dmarc.yourdomain.com. TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com"
-```
-
-### Monitoring
-Monitor email delivery:
-- Track bounce rates
-- Monitor spam complaints
-- Watch delivery statistics
-- Set up alerts for failures
-
-Your email configuration is now ready! Users will receive professional-looking emails for invitations, password resets, and other notifications.
\ No newline at end of file
diff --git a/docs/config/environment.md b/docs/config/environment.md
deleted file mode 100644
index b1a3825..0000000
--- a/docs/config/environment.md
+++ /dev/null
@@ -1,402 +0,0 @@
-# Environment Variables
-
-AuthentiKate is configured through environment variables. This page covers all available configuration options.
-
-## Core Application Settings
-
-### APP_URL
-**Required** - The URL where AuthentiKate is accessible.
-
-```bash
-APP_URL=https://auth.yourdomain.com
-```
-
-::: warning
-This URL must match exactly how users access AuthentiKate. OAuth redirects and JWT tokens depend on this value.
-:::
-
-### APP_ENV
-**Default**: `production`
-
-```bash
-APP_ENV=production # or 'local' for development
-```
-
-### APP_DEBUG
-**Default**: `false`
-
-```bash
-APP_DEBUG=false # Set to 'true' only for debugging
-```
-
-::: danger
-Never set `APP_DEBUG=true` in production as it exposes sensitive information.
-:::
-
-### APP_KEY
-**Auto-generated** - Laravel application key for encryption.
-
-```bash
-APP_KEY=base64:generated-key-here
-```
-
-The key is automatically generated on first run. Do not change this after deployment as it will invalidate existing sessions and tokens.
-
-## Database Configuration
-
-### SQLite (Default)
-
-```bash
-DB_CONNECTION=sqlite
-DB_DATABASE=/var/www/html/storage/database/database.sqlite
-```
-
-### PostgreSQL
-
-```bash
-DB_CONNECTION=pgsql
-DB_HOST=postgres
-DB_PORT=5432
-DB_DATABASE=authentikate
-DB_USERNAME=authentikate
-DB_PASSWORD=secure_password
-```
-
-### MySQL/MariaDB
-
-```bash
-DB_CONNECTION=mysql
-DB_HOST=mysql
-DB_PORT=3306
-DB_DATABASE=authentikate
-DB_USERNAME=authentikate
-DB_PASSWORD=secure_password
-```
-
-## Email Configuration
-
-Email is used for user invitations, password resets, and verification.
-
-### SMTP
-
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=smtp.gmail.com
-MAIL_PORT=587
-MAIL_USERNAME=your-email@gmail.com
-MAIL_PASSWORD=your-app-password
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=auth@yourdomain.com
-MAIL_FROM_NAME="AuthentiKate"
-```
-
-### Common SMTP Providers
-
-#### Gmail
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=smtp.gmail.com
-MAIL_PORT=587
-MAIL_USERNAME=your-email@gmail.com
-MAIL_PASSWORD=your-app-password # Use App Password, not regular password
-MAIL_ENCRYPTION=tls
-```
-
-#### Outlook/Hotmail
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=smtp-mail.outlook.com
-MAIL_PORT=587
-MAIL_USERNAME=your-email@outlook.com
-MAIL_PASSWORD=your-password
-MAIL_ENCRYPTION=tls
-```
-
-#### SendGrid
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=smtp.sendgrid.net
-MAIL_PORT=587
-MAIL_USERNAME=apikey
-MAIL_PASSWORD=your-sendgrid-api-key
-MAIL_ENCRYPTION=tls
-```
-
-#### Mailgun
-```bash
-MAIL_MAILER=smtp
-MAIL_HOST=smtp.mailgun.org
-MAIL_PORT=587
-MAIL_USERNAME=your-mailgun-username
-MAIL_PASSWORD=your-mailgun-password
-MAIL_ENCRYPTION=tls
-```
-
-### Disable Email
-```bash
-MAIL_MAILER=log # Emails will be written to logs instead of sent
-```
-
-## Cache Configuration
-
-### Redis (Recommended for Production)
-
-```bash
-CACHE_DRIVER=redis
-REDIS_HOST=redis
-REDIS_PORT=6379
-REDIS_PASSWORD=your-redis-password
-```
-
-### File Cache (Default)
-
-```bash
-CACHE_DRIVER=file
-```
-
-### Database Cache
-
-```bash
-CACHE_DRIVER=database
-```
-
-## Session Configuration
-
-### Redis Sessions (Recommended for Production)
-
-```bash
-SESSION_DRIVER=redis
-SESSION_LIFETIME=120 # Minutes
-```
-
-### File Sessions (Default)
-
-```bash
-SESSION_DRIVER=file
-SESSION_LIFETIME=120
-```
-
-### Database Sessions
-
-```bash
-SESSION_DRIVER=database
-```
-
-## Security Settings
-
-### SSL/HTTPS
-
-```bash
-# Force HTTPS redirects
-FORCE_HTTPS=true
-
-# Set secure cookie settings
-SESSION_SECURE_COOKIE=true
-SANCTUM_STATEFUL_DOMAINS=auth.yourdomain.com
-```
-
-### CORS Configuration
-
-```bash
-# Allow CORS for your domains
-CORS_ALLOWED_ORIGINS=https://yourdomain.com,https://app.yourdomain.com
-```
-
-## Logging
-
-### Log Level
-
-```bash
-LOG_LEVEL=info # debug, info, notice, warning, error, critical, alert, emergency
-```
-
-### Log Channel
-
-```bash
-LOG_CHANNEL=stack # single, daily, slack, syslog, errorlog
-```
-
-### Daily Log Rotation
-
-```bash
-LOG_CHANNEL=daily
-LOG_DAILY_DAYS=14 # Keep logs for 14 days
-```
-
-## Queue Configuration
-
-For background job processing:
-
-### Redis Queue
-
-```bash
-QUEUE_CONNECTION=redis
-```
-
-### Database Queue
-
-```bash
-QUEUE_CONNECTION=database
-```
-
-### Sync Queue (Default)
-
-```bash
-QUEUE_CONNECTION=sync # Process jobs immediately
-```
-
-## OAuth/OIDC Settings
-
-### Token Lifetimes
-
-```bash
-# Access token lifetime (in minutes)
-OAUTH_ACCESS_TOKEN_LIFETIME=60
-
-# Refresh token lifetime (in days)
-OAUTH_REFRESH_TOKEN_LIFETIME=30
-
-# Authorization code lifetime (in minutes)
-OAUTH_AUTHORIZATION_CODE_LIFETIME=10
-```
-
-### JWT Configuration
-
-```bash
-# JWT algorithm (default: RS256)
-JWT_ALGORITHM=RS256
-
-# Key paths (automatically set)
-OAUTH_PRIVATE_KEY_PATH=storage/oauth/private.pem
-OAUTH_PUBLIC_KEY_PATH=storage/oauth/public.pem
-```
-
-## Performance Settings
-
-### PHP Configuration
-
-```bash
-# Memory limit
-PHP_MEMORY_LIMIT=256M
-
-# Upload limits
-PHP_UPLOAD_MAX_FILESIZE=10M
-PHP_POST_MAX_SIZE=10M
-
-# Execution time
-PHP_MAX_EXECUTION_TIME=300
-```
-
-### Application Optimization
-
-```bash
-# Enable optimizations for production
-APP_OPTIMIZE=true
-
-# Cache configuration
-CONFIG_CACHE=true
-ROUTE_CACHE=true
-VIEW_CACHE=true
-```
-
-## Development Settings
-
-These should only be used in development environments:
-
-```bash
-APP_ENV=local
-APP_DEBUG=true
-LOG_LEVEL=debug
-
-# Disable HTTPS for local development
-FORCE_HTTPS=false
-SESSION_SECURE_COOKIE=false
-```
-
-## Complete Production Example
-
-Here's a complete environment configuration for production:
-
-```bash
-# Application
-APP_ENV=production
-APP_DEBUG=false
-APP_URL=https://auth.yourdomain.com
-FORCE_HTTPS=true
-
-# Database
-DB_CONNECTION=pgsql
-DB_HOST=postgres
-DB_DATABASE=authentikate
-DB_USERNAME=authentikate
-DB_PASSWORD=secure_database_password
-
-# Email
-MAIL_MAILER=smtp
-MAIL_HOST=smtp.gmail.com
-MAIL_PORT=587
-MAIL_USERNAME=auth@yourdomain.com
-MAIL_PASSWORD=gmail_app_password
-MAIL_ENCRYPTION=tls
-MAIL_FROM_ADDRESS=auth@yourdomain.com
-MAIL_FROM_NAME="Your Company Auth"
-
-# Cache & Sessions
-CACHE_DRIVER=redis
-SESSION_DRIVER=redis
-REDIS_HOST=redis
-REDIS_PASSWORD=secure_redis_password
-
-# Security
-SESSION_SECURE_COOKIE=true
-SESSION_LIFETIME=120
-SANCTUM_STATEFUL_DOMAINS=yourdomain.com
-
-# Performance
-LOG_LEVEL=warning
-LOG_CHANNEL=daily
-LOG_DAILY_DAYS=30
-```
-
-## Docker Compose Integration
-
-Add environment variables to your `docker-compose.yml`:
-
-```yaml
-services:
- authentikate:
- image: authentikate/authentikate:latest
- environment:
- - APP_URL=https://auth.yourdomain.com
- - APP_ENV=production
- - DB_CONNECTION=pgsql
- - DB_HOST=postgres
- - MAIL_MAILER=smtp
- - MAIL_HOST=smtp.gmail.com
- # ... other variables
- env_file:
- - .env # Or load from file
-```
-
-## Environment File
-
-Create a `.env` file for easier management:
-
-```bash
-# Create environment file
-cat > .env << 'EOF'
-APP_URL=https://auth.yourdomain.com
-APP_ENV=production
-DB_CONNECTION=pgsql
-# ... other settings
-EOF
-
-# Reference in docker-compose.yml
-services:
- authentikate:
- env_file: .env
-```
-
-::: tip
-Keep your `.env` file secure and never commit it to version control.
-:::
\ No newline at end of file
diff --git a/docs/guide/applications.md b/docs/guide/applications.md
deleted file mode 100644
index 6e6e800..0000000
--- a/docs/guide/applications.md
+++ /dev/null
@@ -1,188 +0,0 @@
-# Managing Applications
-
-Learn how to create and manage OAuth applications in AuthentiKate.
-
-## Creating Applications
-
-### Via Web Interface
-
-1. **Navigate** to **Applications** in the admin panel
-2. **Click** "Create Application"
-3. **Fill in** the application details:
- - **Name**: Display name for your application
- - **Redirect URI**: OAuth callback URL
- - **Icon**: Optional icon URL for the application
-4. **Save** the application
-
-### Application Details
-
-Each application gets:
-- **Unique Client ID**: Public identifier for your application
-- **Client Secret**: Private key for token exchange
-- **Redirect URI**: Where users return after authentication
-
-::: warning
-Keep your Client Secret secure! It should never be exposed in client-side code.
-:::
-
-## Application Templates
-
-AuthentiKate includes templates for popular applications:
-
-### Available Templates
-- **Grafana**: Analytics and monitoring
-- **Nextcloud**: File sharing and collaboration
-- **Proxmox**: Virtualization management
-- **Portainer**: Docker container management
-- **GitLab**: Git repository hosting
-
-Templates automatically configure:
-- Correct redirect URI patterns
-- Appropriate application icons
-- Common configuration settings
-
-## OAuth Configuration
-
-### Client Credentials
-```yaml
-Client ID: f47ac10b-58cc-4372-a567-0e02b2c3d479
-Client Secret: 40-character-random-string
-```
-
-### Endpoints
-Your applications will use these endpoints:
-- **Authorization**: `/oauth/authorize`
-- **Token**: `/oauth/token`
-- **User Info**: `/oauth/userinfo`
-- **JWKS**: `/.well-known/jwks.json`
-
-### Supported Features
-- **Authorization Code Flow**: Standard OAuth2 flow
-- **PKCE**: Enhanced security for public clients
-- **JWT Tokens**: Signed with RSA256
-- **Refresh Tokens**: Long-lived token renewal
-
-## Security Best Practices
-
-### Redirect URI Validation
-- Use exact URI matching
-- Always use HTTPS in production
-- Avoid wildcard redirects
-
-### Client Secret Management
-- Store secrets securely
-- Rotate secrets regularly
-- Use different secrets per environment
-
-### Token Handling
-- Validate token signatures
-- Respect token expiration
-- Implement proper logout
-
-## Common Integration Patterns
-
-### Server-Side Applications
-Best for applications that can securely store client secrets:
-
-```javascript
-// Example: Node.js application
-const config = {
- clientId: 'your-client-id',
- clientSecret: 'your-client-secret',
- authorizationURL: 'https://auth.yourdomain.com/oauth/authorize',
- tokenURL: 'https://auth.yourdomain.com/oauth/token',
- callbackURL: 'https://yourapp.com/auth/callback'
-};
-```
-
-### Single Page Applications (SPA)
-For client-side applications using PKCE:
-
-```javascript
-// Example: React application with PKCE
-const config = {
- clientId: 'your-client-id',
- // No client secret for public clients
- authorizationURL: 'https://auth.yourdomain.com/oauth/authorize',
- tokenURL: 'https://auth.yourdomain.com/oauth/token',
- redirectUri: 'https://yourapp.com/callback',
- usePKCE: true
-};
-```
-
-### Mobile Applications
-Similar to SPAs, always use PKCE:
-
-```swift
-// Example: iOS Swift
-let config = OIDServiceConfiguration(
- authorizationEndpoint: URL(string: "https://auth.yourdomain.com/oauth/authorize")!,
- tokenEndpoint: URL(string: "https://auth.yourdomain.com/oauth/token")!
-)
-```
-
-## Testing Applications
-
-### Manual Testing
-1. **Start OAuth flow** from your application
-2. **Verify redirect** to AuthentiKate
-3. **Complete authentication**
-4. **Confirm successful** return to your app
-5. **Check user data** is populated correctly
-
-### Automated Testing
-```bash
-# Test authorization endpoint
-curl "https://auth.yourdomain.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=openid"
-
-# Test token exchange (after getting auth code)
-curl -X POST https://auth.yourdomain.com/oauth/token \
- -H "Content-Type: application/x-www-form-urlencoded" \
- -d "grant_type=authorization_code&code=AUTH_CODE&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&redirect_uri=REDIRECT_URI"
-```
-
-## Troubleshooting
-
-### Invalid Redirect URI
-**Error**: `The redirect URI is invalid`
-
-**Solutions**:
-- Verify exact URL match in application settings
-- Check for trailing slashes
-- Ensure HTTPS is used
-
-### Invalid Client
-**Error**: `Client authentication failed`
-
-**Solutions**:
-- Verify Client ID and Secret
-- Check that application exists and is active
-- Ensure secrets haven't been regenerated
-
-### Token Validation Issues
-**Error**: `Invalid token signature`
-
-**Solutions**:
-- Use JWKS endpoint for signature validation
-- Verify token hasn't expired
-- Check token issuer matches AuthentiKate URL
-
-## Application Management
-
-### Updating Applications
-- **Edit** application details anytime
-- **Regenerate** client secrets if compromised
-- **Update** redirect URIs for new environments
-
-### Deactivating Applications
-- **Disable** applications to prevent new logins
-- Existing tokens remain valid until expiration
-- **Re-enable** anytime to restore access
-
-### Monitoring Usage
-View application usage in the admin panel:
-- **Active tokens** per application
-- **Recent authentications**
-- **User access patterns**
-
-Your applications are now ready for OAuth integration with AuthentiKate!
\ No newline at end of file
diff --git a/docs/guide/first-setup.md b/docs/guide/first-setup.md
deleted file mode 100644
index b0225f5..0000000
--- a/docs/guide/first-setup.md
+++ /dev/null
@@ -1,202 +0,0 @@
-# First Setup
-
-After installing AuthentiKate, you'll want to complete the initial configuration to make it ready for production use.
-
-## Initial Login
-
-When you first start AuthentiKate, it automatically creates an admin user. The credentials are shown in the container logs:
-
-```bash
-docker logs authentikate
-```
-
-Look for:
-```
-✅ Initial admin user created:
- Email: admin@authentikate.local
- Password: randomly-generated-password
-```
-
-::: tip
-Save these credentials securely! You'll need them to access the admin interface.
-:::
-
-## Admin Dashboard
-
-After logging in, you'll see the AuthentiKate dashboard with:
-
-- **Applications**: Manage OAuth applications
-- **Users**: User management and invitations
-- **Tokens**: View active authentication tokens
-- **Profile**: Your user profile settings
-
-## Essential Configuration Steps
-
-### 1. Update Your Profile
-
-1. Click your avatar in the top right
-2. Select **"Profile"**
-3. Update your information:
- - Change the email from `admin@authentikate.local` to your real email
- - Set a preferred username
- - Upload an avatar (optional)
- - **Change your password** to something secure
-
-### 2. Configure Email (Recommended)
-
-Email is used for:
-- User invitations
-- Password resets
-- Account verification
-
-Set up email by updating your environment variables:
-
-```yaml
-environment:
- MAIL_MAILER: smtp
- MAIL_HOST: smtp.gmail.com
- MAIL_PORT: 587
- MAIL_USERNAME: your-email@gmail.com
- MAIL_PASSWORD: your-app-password
- MAIL_ENCRYPTION: tls
- MAIL_FROM_ADDRESS: auth@yourdomain.com
- MAIL_FROM_NAME: "AuthentiKate"
-```
-
-[→ See full email configuration guide](/config/email)
-
-### 3. Set Your Domain
-
-Update the `APP_URL` to match your actual domain:
-
-```yaml
-environment:
- APP_URL: https://auth.yourdomain.com
-```
-
-This ensures:
-- Correct OAuth redirect URLs
-- Proper JWT issuer claims
-- Working email links
-
-### 4. Create Your First Application
-
-1. Go to **Applications** → **Create Application**
-2. Fill in the basic information:
- - **Name**: Your application name (e.g., "Grafana")
- - **Redirect URI**: Where users return after authentication
- - **Icon**: Optional app icon URL
-
-3. Note the generated **Client ID** and **Client Secret**
-4. Use these in your application's OAuth configuration
-
-## Security Checklist
-
-Before going to production, verify these security settings:
-
-### ✅ Admin Account
-- [ ] Changed default admin email
-- [ ] Set a strong, unique password
-- [ ] Enabled email verification (if email is configured)
-
-### ✅ Environment
-- [ ] Set `APP_ENV=production`
-- [ ] Set `APP_DEBUG=false`
-- [ ] Using HTTPS with valid SSL certificate
-- [ ] `APP_URL` matches your actual domain
-
-### ✅ Database
-- [ ] Using persistent volume for data
-- [ ] Consider using PostgreSQL/MySQL for production
-- [ ] Regular backups configured
-
-### ✅ Reverse Proxy
-- [ ] Proper SSL termination
-- [ ] Security headers configured
-- [ ] Rate limiting in place
-
-## Application Integration
-
-### OIDC Endpoints
-
-Your applications will need these endpoints:
-
-| Endpoint | URL |
-|----------|-----|
-| Authorization | `https://auth.yourdomain.com/oauth/authorize` |
-| Token | `https://auth.yourdomain.com/oauth/token` |
-| User Info | `https://auth.yourdomain.com/oauth/userinfo` |
-| JWKS | `https://auth.yourdomain.com/.well-known/jwks.json` |
-| Discovery | `https://auth.yourdomain.com/.well-known/openid_configuration` |
-
-### OAuth Flow
-
-1. **User clicks login** in your application
-2. **Redirect to AuthentiKate** with authorization request
-3. **User authenticates** (if not already logged in)
-4. **User consents** to application access (if required)
-5. **Redirect back** to your application with authorization code
-6. **Exchange code** for access token and ID token
-7. **Access user info** using the access token
-
-## User Management
-
-### Invitation System
-
-AuthentiKate uses an invitation-based registration system:
-
-1. **Admin creates invitation** with user's email
-2. **Invitation email sent** with registration link
-3. **User completes registration** using the invitation
-4. **User can access applications** they're authorized for
-
-### User Permissions
-
-- **Admin users**: Full access to manage applications and users
-- **Regular users**: Can only access authorized applications and manage their own profile
-
-## Backup Strategy
-
-Set up regular backups of your AuthentiKate data:
-
-### SQLite (Default)
-```bash
-# Daily backup script
-#!/bin/bash
-docker exec authentikate cp /var/www/html/storage/database/database.sqlite /tmp/backup.sqlite
-docker cp authentikate:/tmp/backup.sqlite ./backups/authentikate-$(date +%Y%m%d).sqlite
-```
-
-### Full Volume Backup
-```bash
-# Backup all persistent data
-docker run --rm -v authentikate_data:/data -v $(pwd)/backups:/backup alpine tar czf /backup/authentikate-full-$(date +%Y%m%d).tar.gz -C /data .
-```
-
-## Common Next Steps
-
-### Popular Integrations
-- [Set up Grafana SSO](/integrations/grafana)
-- [Configure Nextcloud authentication](/integrations/nextcloud)
-- [Integrate with Traefik forward auth](/integrations/traefik)
-
-### Advanced Configuration
-- [Environment variables reference](/config/environment)
-- [Database configuration](/config/database)
-- [Security settings](/config/security)
-
-### User Management
-- [Create user invitations](/guide/invitations)
-- [Manage user profiles](/guide/profiles)
-- [Handle user permissions](/guide/users)
-
-## Getting Help
-
-If you run into issues:
-
-1. **Check the logs**: `docker logs authentikate`
-2. **Verify configuration**: Compare with working examples
-3. **Test endpoints**: Use curl or Postman to test OIDC endpoints
-4. **Community support**: Check GitHub issues and discussions
-
-Your AuthentiKate instance is now ready for production use! 🎉
\ No newline at end of file
diff --git a/docs/guide/installation.md b/docs/guide/installation.md
deleted file mode 100644
index 0d2d914..0000000
--- a/docs/guide/installation.md
+++ /dev/null
@@ -1,259 +0,0 @@
-# Installation
-
-AuthentiKate is designed to be deployed easily with Docker, making it perfect for homelab environments. This guide will walk you through different installation methods.
-
-## Quick Start with Docker
-
-The fastest way to get AuthentiKate running is with Docker:
-
-```bash
-docker run -d \
- --name authentikate \
- -p 8080:8080 \
- -e APP_URL=http://localhost:8080 \
- -v authentikate_data:/var/www/html/storage \
- authentikate/authentikate:latest
-```
-
-AuthentiKate will be available at `http://localhost:8080` with automatic setup completing in the background.
-
-## Docker Compose (Recommended)
-
-For production use, we recommend using Docker Compose for better configuration management:
-
-```yaml
-version: '3.8'
-
-services:
- authentikate:
- image: authentikate/authentikate:latest
- container_name: authentikate
- restart: unless-stopped
- ports:
- - "8080:8080"
- environment:
- # Required
- APP_URL: https://auth.yourdomain.com
- APP_ENV: production
-
- # Database (SQLite by default)
- DB_CONNECTION: sqlite
-
- # Email (optional but recommended)
- MAIL_MAILER: smtp
- MAIL_HOST: your-smtp-server.com
- MAIL_PORT: 587
- MAIL_USERNAME: your-email@domain.com
- MAIL_PASSWORD: your-password
- MAIL_ENCRYPTION: tls
- MAIL_FROM_ADDRESS: auth@yourdomain.com
- MAIL_FROM_NAME: "AuthentiKate"
-
- volumes:
- - authentikate_data:/var/www/html/storage
- - authentikate_logs:/var/www/html/storage/logs
-
- # Optional: Use external database
- # depends_on:
- # - postgres
-
- labels:
- # Traefik labels (if using Traefik)
- - "traefik.enable=true"
- - "traefik.http.routers.authentikate.rule=Host(`auth.yourdomain.com`)"
- - "traefik.http.routers.authentikate.entrypoints=websecure"
- - "traefik.http.routers.authentikate.tls.certresolver=letsencrypt"
- - "traefik.http.services.authentikate.loadbalancer.server.port=8080"
-
-volumes:
- authentikate_data:
- authentikate_logs:
-```
-
-## Environment Variables
-
-### Required Variables
-
-| Variable | Description | Example |
-|----------|-------------|---------|
-| `APP_URL` | The URL where AuthentiKate will be accessible | `https://auth.yourdomain.com` |
-
-### Optional Variables
-
-| Variable | Default | Description |
-|----------|---------|-------------|
-| `APP_ENV` | `production` | Application environment |
-| `APP_DEBUG` | `false` | Enable debug mode |
-| `DB_CONNECTION` | `sqlite` | Database type (`sqlite`, `mysql`, `postgres`) |
-| `DB_DATABASE` | `/var/www/html/storage/database/database.sqlite` | Database path/name |
-
-## Database Options
-
-### SQLite (Default)
-Perfect for most homelab setups. No additional configuration required.
-
-### PostgreSQL
-For larger installations:
-
-```yaml
-services:
- postgres:
- image: postgres:15
- environment:
- POSTGRES_DB: authentikate
- POSTGRES_USER: authentikate
- POSTGRES_PASSWORD: secure_password
- volumes:
- - postgres_data:/var/lib/postgresql/data
-
- authentikate:
- # ... other config
- environment:
- DB_CONNECTION: pgsql
- DB_HOST: postgres
- DB_DATABASE: authentikate
- DB_USERNAME: authentikate
- DB_PASSWORD: secure_password
- depends_on:
- - postgres
-
-volumes:
- postgres_data:
-```
-
-### MySQL/MariaDB
-```yaml
-services:
- mysql:
- image: mariadb:10
- environment:
- MYSQL_DATABASE: authentikate
- MYSQL_USER: authentikate
- MYSQL_PASSWORD: secure_password
- MYSQL_ROOT_PASSWORD: root_password
- volumes:
- - mysql_data:/var/lib/mysql
-
- authentikate:
- # ... other config
- environment:
- DB_CONNECTION: mysql
- DB_HOST: mysql
- DB_DATABASE: authentikate
- DB_USERNAME: authentikate
- DB_PASSWORD: secure_password
- depends_on:
- - mysql
-
-volumes:
- mysql_data:
-```
-
-## Reverse Proxy Setup
-
-### Traefik
-AuthentiKate works perfectly with Traefik. Add these labels to your Docker Compose:
-
-```yaml
-labels:
- - "traefik.enable=true"
- - "traefik.http.routers.authentikate.rule=Host(`auth.yourdomain.com`)"
- - "traefik.http.routers.authentikate.entrypoints=websecure"
- - "traefik.http.routers.authentikate.tls.certresolver=letsencrypt"
- - "traefik.http.services.authentikate.loadbalancer.server.port=8080"
-```
-
-### Nginx
-```nginx
-server {
- listen 443 ssl http2;
- server_name auth.yourdomain.com;
-
- ssl_certificate /path/to/cert.pem;
- ssl_certificate_key /path/to/key.pem;
-
- location / {
- proxy_pass http://localhost:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- }
-}
-```
-
-### Caddy
-```caddyfile
-auth.yourdomain.com {
- reverse_proxy localhost:8080
-}
-```
-
-## First Run
-
-When you first start AuthentiKate, it will automatically:
-
-1. **Generate RSA Keys**: Creates public/private key pair for JWT signing
-2. **Run Database Migrations**: Sets up all necessary database tables
-3. **Create Admin User**: Generates an initial admin account
-
-The initial admin credentials will be displayed in the container logs:
-
-```bash
-docker logs authentikate
-```
-
-Look for output like:
-```
-✅ Initial admin user created:
- Email: admin@authentikate.local
- Password: randomly-generated-password
-```
-
-## Updating
-
-To update AuthentiKate:
-
-```bash
-# Pull the latest image
-docker pull authentikate/authentikate:latest
-
-# Stop and remove the old container
-docker stop authentikate
-docker rm authentikate
-
-# Start with the new image
-docker-compose up -d
-```
-
-Your data will be preserved in the Docker volumes.
-
-## Backup
-
-### Database Backup (SQLite)
-```bash
-# Create backup
-docker exec authentikate cp /var/www/html/storage/database/database.sqlite /tmp/backup.sqlite
-docker cp authentikate:/tmp/backup.sqlite ./authentikate-backup-$(date +%Y%m%d).sqlite
-
-# Restore backup
-docker cp ./authentikate-backup-20240101.sqlite authentikate:/tmp/restore.sqlite
-docker exec authentikate cp /tmp/restore.sqlite /var/www/html/storage/database/database.sqlite
-```
-
-### Full Data Backup
-```bash
-# Backup all data
-docker run --rm -v authentikate_data:/data -v $(pwd):/backup alpine tar czf /backup/authentikate-data-$(date +%Y%m%d).tar.gz -C /data .
-
-# Restore data
-docker run --rm -v authentikate_data:/data -v $(pwd):/backup alpine tar xzf /backup/authentikate-data-20240101.tar.gz -C /data
-```
-
-## Next Steps
-
-Once AuthentiKate is running:
-
-1. [Complete the first setup →](/guide/first-setup)
-2. [Configure your first application →](/guide/applications)
-3. [Set up email notifications →](/config/email)
\ No newline at end of file
diff --git a/docs/guide/quick-start.md b/docs/guide/quick-start.md
deleted file mode 100644
index 06e8ef8..0000000
--- a/docs/guide/quick-start.md
+++ /dev/null
@@ -1,159 +0,0 @@
-# Quick Start
-
-This guide will get you up and running with AuthentiKate in under 5 minutes.
-
-## Prerequisites
-
-- Docker installed on your system
-- A domain name (optional, can use localhost for testing)
-
-## Step 1: Deploy AuthentiKate
-
-Run the following command to start AuthentiKate:
-
-```bash
-docker run -d \
- --name authentikate \
- -p 8080:8080 \
- -e APP_URL=http://localhost:8080 \
- -v authentikate_data:/var/www/html/storage \
- authentikate/authentikate:latest
-```
-
-## Step 2: Get Your Admin Credentials
-
-AuthentiKate automatically creates an admin user on first run. Get the credentials from the logs:
-
-```bash
-docker logs authentikate
-```
-
-Look for output like:
-```
-✅ Initial admin user created:
- Email: admin@authentikate.local
- Password: Xy9#mK2$vB8nQ4!p
-```
-
-## Step 3: Access the Interface
-
-1. Open your browser and go to `http://localhost:8080`
-2. Log in with the admin credentials from Step 2
-3. You'll be taken to the AuthentiKate dashboard
-
-## Step 4: Create Your First Application
-
-1. Click **"Applications"** in the navigation
-2. Click **"Create Application"**
-3. Fill in the details:
- - **Name**: `Test App`
- - **Redirect URI**: `http://localhost:3000/auth/callback`
- - **Client ID**: (auto-generated)
- - **Client Secret**: (auto-generated)
-
-4. Click **"Save"**
-
-## Step 5: Test the Integration
-
-Your application is now configured! Here are the OIDC endpoints you'll need:
-
-- **Authorization**: `http://localhost:8080/oauth/authorize`
-- **Token**: `http://localhost:8080/oauth/token`
-- **User Info**: `http://localhost:8080/oauth/userinfo`
-- **JWKS**: `http://localhost:8080/.well-known/jwks.json`
-- **Discovery**: `http://localhost:8080/.well-known/openid_configuration`
-
-## Common Integration Examples
-
-### Test with curl
-
-```bash
-# Get authorization URL (replace CLIENT_ID with your actual client ID)
-CLIENT_ID="your-client-id"
-REDIRECT_URI="http://localhost:3000/auth/callback"
-
-echo "Visit this URL to authorize:"
-echo "http://localhost:8080/oauth/authorize?client_id=${CLIENT_ID}&redirect_uri=${REDIRECT_URI}&response_type=code&scope=openid profile email"
-```
-
-### Simple HTML Test Page
-
-Create a simple test page to try the OAuth flow:
-
-```html
-
-
-
- AuthentiKate Test
-
-
- AuthentiKate OAuth Test
-
-
-
-
-
-```
-
-## What's Next?
-
-Now that you have AuthentiKate running:
-
-### Configure Your Environment
-- [Set up email notifications](/config/email)
-- [Configure a custom domain](/config/environment)
-- [Set up reverse proxy](/guide/installation#reverse-proxy-setup)
-
-### Add Real Applications
-- [Integrate with Grafana](/integrations/grafana)
-- [Set up Nextcloud SSO](/integrations/nextcloud)
-- [Configure other applications](/integrations/generic)
-
-### Manage Users
-- [Create user invitations](/guide/invitations)
-- [Set up user profiles](/guide/profiles)
-- [Configure user permissions](/guide/users)
-
-### Production Setup
-- [Use PostgreSQL/MySQL](/guide/installation#database-options)
-- [Set up proper email](/config/email)
-- [Configure security settings](/config/security)
-
-## Troubleshooting
-
-### Can't access AuthentiKate?
-- Make sure the container is running: `docker ps`
-- Check the logs: `docker logs authentikate`
-- Verify the port is accessible: `curl http://localhost:8080`
-
-### Forgot admin password?
-Reset it by running:
-```bash
-docker exec -it authentikate php artisan app:create-initial-admin --force
-```
-
-### Need to change the URL?
-Update the `APP_URL` environment variable and restart:
-```bash
-docker stop authentikate
-docker rm authentikate
-# Run again with new APP_URL
-```
-
-### Container won't start?
-Check for port conflicts:
-```bash
-# See what's using port 8080
-sudo netstat -tulpn | grep 8080
-
-# Use a different port
-docker run -d --name authentikate -p 8081:8080 ...
-```
\ No newline at end of file
diff --git a/docs/index.md b/docs/index.md
deleted file mode 100644
index d4d206d..0000000
--- a/docs/index.md
+++ /dev/null
@@ -1,75 +0,0 @@
----
-# https://vitepress.dev/reference/default-theme-home-page
-layout: home
-
-hero:
- name: "AuthentiKate"
- text: "SSO/OIDC for Homelabbers"
- tagline: A lightweight, self-hosted authentication solution that just works
- image:
- src: /logo.svg
- alt: AuthentiKate
- actions:
- - theme: brand
- text: Get Started
- link: /guide/installation
- - theme: alt
- text: View on GitHub
- link: https://github.com/jdubpark/authentikate
-
-features:
- - icon: 🔐
- title: OpenID Connect Ready
- details: Full OIDC compliance with JWT tokens, PKCE support, and industry-standard security practices. Integrate with any OAuth2/OIDC compatible application.
-
- - icon: 🐳
- title: Docker First
- details: Single container deployment with automatic setup. No complex configuration files or multi-service orchestration required.
-
- - icon: ⚡
- title: Built for Speed
- details: Powered by Laravel and optimized for homelab environments. Fast authentication flows and minimal resource usage.
-
- - icon: 🎨
- title: Beautiful Interface
- details: Clean, modern UI built with Livewire and Tailwind CSS. Intuitive user management and application configuration.
-
- - icon: 🔄
- title: Auto-Configuration
- details: Automatic RSA key generation, database setup, and admin user creation. Zero manual configuration needed.
-
- - icon: 🏠
- title: Homelab Optimized
- details: Perfect for self-hosters. Integrates seamlessly with Traefik, includes popular app presets, and supports local networks.
-
- - icon: 👥
- title: User Management
- details: Invitation-based registration, user profiles with avatars, and granular permission controls. Keep your homelab secure.
-
- - icon: 📱
- title: Modern Features
- details: JWT tokens with UUID-based user identification, token management, and comprehensive audit logging.
----
-
-## Why AuthentiKate?
-
-AuthentiKate is designed specifically for homelabbers who want enterprise-grade authentication without the enterprise complexity. Unlike heavyweight solutions that require extensive setup and maintenance, AuthentiKate gets you up and running in minutes.
-
-### Perfect for Your Homelab
-
-- **One Container**: Deploy with a single Docker command
-- **Zero Config**: Automatic setup with sensible defaults
-- **Popular Apps**: Pre-configured templates for Grafana, Nextcloud, and more
-- **Reverse Proxy Ready**: Works seamlessly with Traefik and other proxies
-
-### Enterprise Features, Homelab Simplicity
-
-- Full OpenID Connect compliance
-- JWT tokens with RSA256 signing
-- PKCE support for mobile apps
-- Invitation-based user registration
-- Comprehensive token management
-- Beautiful, responsive interface
-
-Ready to secure your homelab? [Get started in minutes →](/guide/installation)
-
diff --git a/docs/integrations/grafana.md b/docs/integrations/grafana.md
deleted file mode 100644
index 242359d..0000000
--- a/docs/integrations/grafana.md
+++ /dev/null
@@ -1,322 +0,0 @@
-# Grafana Integration
-
-This guide shows how to integrate Grafana with AuthentiKate for single sign-on authentication.
-
-## Prerequisites
-
-- AuthentiKate running and accessible
-- Grafana instance (Docker or standalone)
-- Admin access to both systems
-
-## Step 1: Create Application in AuthentiKate
-
-1. Log into your AuthentiKate admin panel
-2. Navigate to **Applications** → **Create Application**
-3. Fill in the application details:
-
-```
-Name: Grafana
-Redirect URI: https://grafana.yourdomain.com/login/generic_oauth
-Icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/grafana.webp
-```
-
-4. Click **Save** and note the generated:
- - **Client ID**
- - **Client Secret**
-
-## Step 2: Configure Grafana
-
-### Environment Variables (Docker)
-
-Add these environment variables to your Grafana container:
-
-```yaml
-services:
- grafana:
- image: grafana/grafana:latest
- environment:
- # OAuth Settings
- GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
- GF_AUTH_GENERIC_OAUTH_NAME: "AuthentiKate"
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "your-client-id"
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "your-client-secret"
- GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email"
- GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://auth.yourdomain.com/oauth/authorize"
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://auth.yourdomain.com/oauth/token"
- GF_AUTH_GENERIC_OAUTH_API_URL: "https://auth.yourdomain.com/oauth/userinfo"
-
- # Auto-login (optional)
- GF_AUTH_OAUTH_AUTO_LOGIN: "true"
- GF_AUTH_DISABLE_LOGIN_FORM: "true"
-
- # User mapping
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: "preferred_username"
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: "name"
- GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: "email"
-
- # Role mapping (optional)
- GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(groups[*], 'admin') && 'Admin' || 'Viewer'"
-```
-
-### Configuration File
-
-Alternatively, configure via `grafana.ini`:
-
-```ini
-[auth.generic_oauth]
-enabled = true
-name = AuthentiKate
-client_id = your-client-id
-client_secret = your-client-secret
-scopes = openid profile email
-auth_url = https://auth.yourdomain.com/oauth/authorize
-token_url = https://auth.yourdomain.com/oauth/token
-api_url = https://auth.yourdomain.com/oauth/userinfo
-
-# Auto-login
-auto_login = true
-
-# User attribute mapping
-login_attribute_path = preferred_username
-name_attribute_path = name
-email_attribute_path = email
-
-# Role mapping (optional)
-role_attribute_path = contains(groups[*], 'admin') && 'Admin' || 'Viewer'
-
-[auth]
-# Disable regular login form (optional)
-disable_login_form = true
-# Allow sign up
-oauth_auto_login = true
-```
-
-## Step 3: Docker Compose Example
-
-Complete Docker Compose configuration:
-
-```yaml
-version: '3.8'
-
-services:
- grafana:
- image: grafana/grafana:latest
- container_name: grafana
- restart: unless-stopped
- ports:
- - "3000:3000"
- environment:
- # Basic settings
- GF_SECURITY_ADMIN_PASSWORD: admin
- GF_INSTALL_PLUGINS: grafana-piechart-panel
-
- # OAuth with AuthentiKate
- GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
- GF_AUTH_GENERIC_OAUTH_NAME: "AuthentiKate"
- GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "your-client-id-here"
- GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "your-client-secret-here"
- GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email"
- GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://auth.yourdomain.com/oauth/authorize"
- GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://auth.yourdomain.com/oauth/token"
- GF_AUTH_GENERIC_OAUTH_API_URL: "https://auth.yourdomain.com/oauth/userinfo"
-
- # User mapping
- GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH: "preferred_username"
- GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH: "name"
- GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH: "email"
-
- # Auto-login
- GF_AUTH_OAUTH_AUTO_LOGIN: "true"
- GF_AUTH_DISABLE_LOGIN_FORM: "false" # Keep false for admin access
-
- volumes:
- - grafana_data:/var/lib/grafana
-
- labels:
- # Traefik labels (if using Traefik)
- - "traefik.enable=true"
- - "traefik.http.routers.grafana.rule=Host(`grafana.yourdomain.com`)"
- - "traefik.http.routers.grafana.entrypoints=websecure"
- - "traefik.http.routers.grafana.tls.certresolver=letsencrypt"
-
-volumes:
- grafana_data:
-```
-
-## Step 4: Advanced Configuration
-
-### Role Mapping
-
-Map AuthentiKate users to Grafana roles based on user attributes:
-
-```ini
-# Basic role mapping
-role_attribute_path = preferred_username == 'admin' && 'Admin' || 'Viewer'
-
-# Multiple admin users
-role_attribute_path = contains(['admin', 'grafana-admin'], preferred_username) && 'Admin' || 'Editor'
-
-# Default to Editor for all users
-role_attribute_path = 'Editor'
-```
-
-### Team Mapping
-
-Automatically assign users to Grafana teams:
-
-```ini
-# Team mapping (if you add groups to AuthentiKate in the future)
-team_ids_attribute_path = groups
-team_ids = 1,2,3
-```
-
-### Allow Sign-Up
-
-Control whether new users can sign up automatically:
-
-```ini
-[users]
-# Allow users to sign up
-allow_sign_up = true
-
-# Auto-assign organization
-auto_assign_org = true
-auto_assign_org_id = 1
-
-# Default role for new users
-auto_assign_org_role = Viewer
-```
-
-## Step 5: Testing
-
-1. **Restart Grafana** after configuration changes
-2. **Navigate to Grafana** in your browser
-3. **Click "Sign in with AuthentiKate"** (or get redirected automatically)
-4. **Authenticate with AuthentiKate** using your credentials
-5. **Verify** you're logged into Grafana with the correct user info
-
-## Troubleshooting
-
-### Common Issues
-
-#### "Invalid redirect URI" Error
-Ensure the redirect URI in AuthentiKate exactly matches:
-```
-https://grafana.yourdomain.com/login/generic_oauth
-```
-
-#### Users Not Getting Correct Roles
-Check the role mapping configuration:
-```ini
-# Debug role mapping
-role_attribute_path = 'Admin' # Give everyone admin temporarily
-```
-
-#### OAuth Login Button Not Appearing
-Verify these settings:
-```ini
-[auth.generic_oauth]
-enabled = true
-name = AuthentiKate # This shows as the button text
-```
-
-#### Auto-login Not Working
-Check the auto-login settings:
-```ini
-[auth]
-oauth_auto_login = true
-disable_login_form = false # Keep false to allow admin login
-```
-
-### Debug Mode
-
-Enable debug logging in Grafana:
-
-```ini
-[log]
-level = debug
-
-[log.console]
-level = debug
-```
-
-Then check the Grafana logs:
-```bash
-docker logs grafana
-```
-
-### Testing OAuth Flow
-
-Test the OAuth endpoints manually:
-
-```bash
-# Test AuthentiKate discovery
-curl https://auth.yourdomain.com/.well-known/openid_configuration
-
-# Test with specific parameters
-curl "https://auth.yourdomain.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=https://grafana.yourdomain.com/login/generic_oauth&response_type=code&scope=openid+profile+email"
-```
-
-## Advanced Features
-
-### Custom Login Page
-
-Create a custom login experience:
-
-```ini
-[auth]
-disable_login_form = true
-oauth_auto_login = true
-
-[server]
-# Custom login logo
-login_logo = https://yourdomain.com/logo.png
-```
-
-### Organization Management
-
-Control organization assignment:
-
-```ini
-[users]
-# Assign all OAuth users to specific org
-auto_assign_org = true
-auto_assign_org_id = 1
-
-# Allow org admins to invite users
-allow_org_create = false
-```
-
-### Session Management
-
-Configure session settings:
-
-```ini
-[session]
-# Session timeout
-session_life_time = 86400 # 24 hours
-
-# Cookie settings
-cookie_secure = true
-cookie_samesite = strict
-```
-
-## Production Considerations
-
-### Security
-- Use HTTPS for both AuthentiKate and Grafana
-- Store client secrets securely
-- Consider using environment files for secrets
-- Set up proper SSL certificates
-
-### Performance
-- Enable caching in Grafana
-- Use external databases for larger installations
-- Monitor authentication latency
-
-### Backup
-- Backup Grafana configuration
-- Include OAuth settings in your backup strategy
-- Test authentication after restores
-
-Your Grafana instance is now integrated with AuthentiKate! Users can sign in with their AuthentiKate credentials and access Grafana with appropriate roles and permissions.
\ No newline at end of file
diff --git a/docs/integrations/nextcloud.md b/docs/integrations/nextcloud.md
deleted file mode 100644
index b81c2a1..0000000
--- a/docs/integrations/nextcloud.md
+++ /dev/null
@@ -1,370 +0,0 @@
-# Nextcloud Integration
-
-This guide shows how to integrate Nextcloud with AuthentiKate using the OpenID Connect app for seamless single sign-on.
-
-## Prerequisites
-
-- AuthentiKate running and accessible
-- Nextcloud instance with admin access
-- Nextcloud OpenID Connect app installed
-
-## Step 1: Install OpenID Connect App
-
-### Via Nextcloud App Store
-
-1. Log into Nextcloud as an administrator
-2. Go to **Apps** → **Authentication**
-3. Find and install **"OpenID Connect user backend"**
-4. Enable the app
-
-### Via Command Line
-
-```bash
-# Install via occ command
-sudo -u www-data php occ app:install user_oidc
-sudo -u www-data php occ app:enable user_oidc
-```
-
-## Step 2: Create Application in AuthentiKate
-
-1. Log into your AuthentiKate admin panel
-2. Navigate to **Applications** → **Create Application**
-3. Fill in the application details:
-
-```
-Name: Nextcloud
-Redirect URI: https://cloud.yourdomain.com/apps/user_oidc/code
-Icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/nextcloud.webp
-```
-
-4. Click **Save** and note the generated:
- - **Client ID**
- - **Client Secret**
-
-## Step 3: Configure Nextcloud OIDC
-
-### Via Web Interface
-
-1. Go to **Settings** → **Administration** → **OpenID Connect**
-2. Configure the OIDC provider:
-
-```
-Provider Name: AuthentiKate
-Identifier: authentikate
-Client ID: your-client-id
-Client Secret: your-client-secret
-Discovery endpoint: https://auth.yourdomain.com/.well-known/openid_configuration
-```
-
-3. **Advanced Settings** (click to expand):
-```
-Scope: openid profile email
-Unique user identifier: preferred_username
-```
-
-4. Click **Save**
-
-### Via Command Line
-
-```bash
-# Set OIDC configuration
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-clientId --value="your-client-id"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-clientSecret --value="your-client-secret"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-discoveryUrl --value="https://auth.yourdomain.com/.well-known/openid_configuration"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-scope --value="openid profile email"
-
-# Set unique identifier
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-uniqueUid --value="1"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-uniqueUidMapping --value="preferred_username"
-```
-
-## Step 4: User Attribute Mapping
-
-Configure how AuthentiKate user attributes map to Nextcloud:
-
-### Via Web Interface
-
-In **Settings** → **Administration** → **OpenID Connect** → **Advanced**:
-
-```
-Display name mapping: name
-Email mapping: email
-Unique user identifier: preferred_username
-```
-
-### Via Command Line
-
-```bash
-# User attribute mapping
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-displayNameMapping --value="name"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-emailMapping --value="email"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-quotaMapping --value=""
-```
-
-## Step 5: Auto-Provisioning (Optional)
-
-Enable automatic user creation on first login:
-
-### Via Web Interface
-
-In the OIDC settings, enable:
-- **Auto provision users**
-- **Respect email verified claim**
-
-### Via Command Line
-
-```bash
-# Enable auto-provisioning
-sudo -u www-data php occ config:app:set user_oidc auto-provision --value="1"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-provisioningEnabled --value="1"
-
-# Respect email verification
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-checkEmailVerification --value="1"
-```
-
-## Step 6: Group Mapping (Optional)
-
-If you plan to add groups to AuthentiKate in the future:
-
-```bash
-# Enable group provisioning
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-groupProvisioning --value="1"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-groupMapping --value="groups"
-```
-
-## Step 7: Login Button Customization
-
-Customize the OAuth login button:
-
-### Via Config
-
-```bash
-# Set custom button text
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-buttonText --value="Login with AuthentiKate"
-
-# Hide default login form (optional)
-sudo -u www-data php occ config:system:set hide_login_form --value=true
-```
-
-### Custom CSS (Optional)
-
-Add custom styling in **Settings** → **Administration** → **Theming**:
-
-```css
-/* Style the OIDC login button */
-.oidc-login-button {
- background-color: #3b82f6 !important;
- border-color: #3b82f6 !important;
-}
-
-.oidc-login-button:hover {
- background-color: #2563eb !important;
- border-color: #2563eb !important;
-}
-```
-
-## Complete Configuration Example
-
-Here's a complete command-line setup:
-
-```bash
-#!/bin/bash
-
-# Install and enable OIDC app
-sudo -u www-data php occ app:install user_oidc
-sudo -u www-data php occ app:enable user_oidc
-
-# Configure OIDC provider
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-clientId --value="your-client-id"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-clientSecret --value="your-client-secret"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-discoveryUrl --value="https://auth.yourdomain.com/.well-known/openid_configuration"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-scope --value="openid profile email"
-
-# User mapping
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-uniqueUid --value="1"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-uniqueUidMapping --value="preferred_username"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-displayNameMapping --value="name"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-emailMapping --value="email"
-
-# Auto-provisioning
-sudo -u www-data php occ config:app:set user_oidc auto-provision --value="1"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-provisioningEnabled --value="1"
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-checkEmailVerification --value="1"
-
-# Button customization
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-buttonText --value="Login with AuthentiKate"
-
-echo "Nextcloud OIDC integration configured successfully!"
-```
-
-## Docker Compose Example
-
-Complete Docker setup with Nextcloud and AuthentiKate:
-
-```yaml
-version: '3.8'
-
-services:
- nextcloud:
- image: nextcloud:latest
- container_name: nextcloud
- restart: unless-stopped
- ports:
- - "80:80"
- environment:
- - NEXTCLOUD_ADMIN_USER=admin
- - NEXTCLOUD_ADMIN_PASSWORD=secure_password
- - NEXTCLOUD_TRUSTED_DOMAINS=cloud.yourdomain.com
- - OVERWRITEPROTOCOL=https
- - OVERWRITEHOST=cloud.yourdomain.com
- volumes:
- - nextcloud_data:/var/www/html
- - ./setup-oidc.sh:/docker-entrypoint-hooks.d/pre-installation/setup-oidc.sh:ro
- labels:
- # Traefik labels
- - "traefik.enable=true"
- - "traefik.http.routers.nextcloud.rule=Host(`cloud.yourdomain.com`)"
- - "traefik.http.routers.nextcloud.entrypoints=websecure"
- - "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
-
-volumes:
- nextcloud_data:
-```
-
-## Testing the Integration
-
-1. **Log out** of Nextcloud (if currently logged in)
-2. **Navigate to** your Nextcloud login page
-3. **Click "Login with AuthentiKate"** button
-4. **Authenticate** with your AuthentiKate credentials
-5. **Verify** you're logged into Nextcloud with correct user information
-
-## Advanced Configuration
-
-### Custom User Provisioning
-
-Control how users are created:
-
-```bash
-# Set default quota for new users
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-defaultQuota --value="5GB"
-
-# Set default group for new users
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-defaultGroup --value="users"
-```
-
-### Backup Users
-
-Prevent deletion of users not found in OIDC:
-
-```bash
-# Enable soft delete (backup users)
-sudo -u www-data php occ config:app:set user_oidc provider-authentikate-softAutoUpdate --value="1"
-```
-
-### Admin Users
-
-Make specific users administrators:
-
-```bash
-# Add users to admin group (run after first login)
-sudo -u www-data php occ group:adduser admin "admin_username"
-```
-
-## Troubleshooting
-
-### Common Issues
-
-#### "Invalid redirect URI" Error
-Ensure the redirect URI in AuthentiKate exactly matches:
-```
-https://cloud.yourdomain.com/apps/user_oidc/code
-```
-
-#### OIDC Login Button Missing
-Check that the app is enabled:
-```bash
-sudo -u www-data php occ app:list | grep user_oidc
-```
-
-#### Users Not Auto-Created
-Verify auto-provisioning is enabled:
-```bash
-sudo -u www-data php occ config:app:get user_oidc auto-provision
-sudo -u www-data php occ config:app:get user_oidc provider-authentikate-provisioningEnabled
-```
-
-#### Wrong User Information
-Check the attribute mapping:
-```bash
-sudo -u www-data php occ config:app:get user_oidc provider-authentikate-displayNameMapping
-sudo -u www-data php occ config:app:get user_oidc provider-authentikate-emailMapping
-```
-
-### Debug Mode
-
-Enable debugging in Nextcloud:
-
-```bash
-# Enable debug mode
-sudo -u www-data php occ config:system:set debug --value=true
-
-# Check logs
-sudo -u www-data php occ log:tail
-```
-
-### Configuration Check
-
-Verify your OIDC configuration:
-
-```bash
-# List all OIDC settings
-sudo -u www-data php occ config:list user_oidc
-
-# Test OIDC discovery endpoint
-curl https://auth.yourdomain.com/.well-known/openid_configuration
-```
-
-### Reset Configuration
-
-If you need to start over:
-
-```bash
-# Remove OIDC configuration
-sudo -u www-data php occ config:app:delete user_oidc provider-authentikate-clientId
-sudo -u www-data php occ config:app:delete user_oidc provider-authentikate-clientSecret
-sudo -u www-data php occ config:app:delete user_oidc provider-authentikate-discoveryUrl
-
-# Disable auto-provisioning
-sudo -u www-data php occ config:app:set user_oidc auto-provision --value="0"
-```
-
-## Security Considerations
-
-### Trusted Domains
-
-Ensure your domain is in Nextcloud's trusted domains:
-
-```bash
-sudo -u www-data php occ config:system:set trusted_domains 0 --value="cloud.yourdomain.com"
-```
-
-### HTTPS Configuration
-
-Force HTTPS in Nextcloud:
-
-```bash
-sudo -u www-data php occ config:system:set overwriteprotocol --value="https"
-sudo -u www-data php occ config:system:set overwrite.cli.url --value="https://cloud.yourdomain.com"
-```
-
-### Session Security
-
-Configure secure sessions:
-
-```bash
-sudo -u www-data php occ config:system:set session_lifetime --value=3600
-sudo -u www-data php occ config:system:set session_keepalive --value=false
-```
-
-Your Nextcloud instance is now integrated with AuthentiKate! Users can sign in with their AuthentiKate credentials and access their Nextcloud files and applications.
\ No newline at end of file
diff --git a/docs/integrations/overview.md b/docs/integrations/overview.md
deleted file mode 100644
index fe61d32..0000000
--- a/docs/integrations/overview.md
+++ /dev/null
@@ -1,324 +0,0 @@
-# Integration Overview
-
-AuthentiKate supports OpenID Connect (OIDC) and OAuth 2.0, making it compatible with hundreds of applications. This section covers how to integrate AuthentiKate with popular homelab applications.
-
-## OIDC Endpoints
-
-All applications will need these AuthentiKate endpoints:
-
-| Endpoint | URL | Description |
-|----------|-----|-------------|
-| **Discovery** | `/.well-known/openid_configuration` | Auto-configuration endpoint |
-| **Authorization** | `/oauth/authorize` | User authorization endpoint |
-| **Token** | `/oauth/token` | Token exchange endpoint |
-| **User Info** | `/oauth/userinfo` | User profile endpoint |
-| **JWKS** | `/.well-known/jwks.json` | JSON Web Key Set |
-
-::: tip
-Most modern applications can auto-configure using just the discovery endpoint. Use `https://auth.yourdomain.com/.well-known/openid_configuration` when possible.
-:::
-
-## Quick Integration Steps
-
-### 1. Create Application in AuthentiKate
-
-1. Log into AuthentiKate admin panel
-2. Go to **Applications** → **Create Application**
-3. Fill in the details:
- - **Name**: Your application name
- - **Redirect URI**: Your app's OAuth callback URL
- - **Icon**: Optional icon URL
-
-4. Save and note the **Client ID** and **Client Secret**
-
-### 2. Configure Your Application
-
-Use the generated credentials in your application's OAuth/OIDC settings:
-
-- **Provider URL**: `https://auth.yourdomain.com`
-- **Client ID**: (from step 1)
-- **Client Secret**: (from step 1)
-- **Scopes**: `openid profile email`
-
-### 3. Test the Integration
-
-1. Try logging into your application
-2. You should be redirected to AuthentiKate
-3. After authentication, you'll be returned to your app
-
-## Supported Applications
-
-### Ready-to-Use Guides
-
-- [**Grafana**](/integrations/grafana) - Analytics and monitoring
-- [**Nextcloud**](/integrations/nextcloud) - File sharing and collaboration
-- [**Traefik Forward Auth**](/integrations/traefik) - Reverse proxy authentication
-
-### Compatible Applications
-
-AuthentiKate works with any application that supports OIDC/OAuth2:
-
-#### **Monitoring & Analytics**
-- Grafana ✅
-- Prometheus
-- Uptime Kuma
-- Tautulli
-- Zabbix
-- LibreNMS
-
-#### **Media & Entertainment**
-- Jellyfin
-- Plex (via Tautulli)
-- Overseerr
-- Sonarr/Radarr/Lidarr
-- Ombi
-
-#### **Productivity & Files**
-- Nextcloud ✅
-- BookStack
-- Paperless-ngx
-- Standard Notes
-- Joplin Server
-- PhotoPrism
-- Immich
-
-#### **Development & Git**
-- Gitea
-- GitLab
-- Forgejo
-- Drone CI
-- Jenkins
-
-#### **Communication**
-- Mattermost
-- Rocket.Chat
-- Element (Matrix)
-
-#### **Infrastructure & Networking**
-- Portainer
-- Proxmox
-- pfSense
-- OPNsense
-- Traefik ✅
-
-#### **Finance & Business**
-- Firefly III
-- Invoice Ninja
-- Crater
-- Akaunting
-
-## Application Templates
-
-AuthentiKate includes templates for popular applications:
-
-```javascript
-// Example: Grafana template
-{
- name: "Grafana",
- redirectUri: "https://grafana.yourdomain.com/login/generic_oauth",
- icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/grafana.webp"
-}
-```
-
-Available templates:
-- Grafana
-- Nextcloud
-- Proxmox
-- Portainer
-- GitLab
-- And many more...
-
-## Integration Patterns
-
-### Pattern 1: Direct OIDC Integration
-
-Best for applications with built-in OIDC support:
-
-```mermaid
-graph LR
- A[User] --> B[Application]
- B --> C[AuthentiKate]
- C --> B
- B --> A
-```
-
-**Examples**: Grafana, Nextcloud, GitLab
-
-### Pattern 2: Reverse Proxy Authentication
-
-For applications without OIDC support:
-
-```mermaid
-graph LR
- A[User] --> B[Reverse Proxy]
- B --> C[AuthentiKate]
- C --> B
- B --> D[Application]
- D --> B
- B --> A
-```
-
-**Examples**: Traefik Forward Auth, nginx auth_request
-
-### Pattern 3: Header-Based Authentication
-
-Applications that accept authentication headers:
-
-```mermaid
-graph LR
- A[User] --> B[Proxy + Headers]
- B --> C[AuthentiKate]
- C --> B
- B --> D[Application]
-```
-
-**Examples**: Proxmox, Portainer (with middleware)
-
-## Common Configuration Values
-
-Most applications need these standard values:
-
-### Basic OIDC Settings
-```yaml
-provider_url: https://auth.yourdomain.com
-client_id: your-client-id
-client_secret: your-client-secret
-scopes: openid profile email
-```
-
-### Advanced Settings
-```yaml
-# Token validation
-jwks_uri: https://auth.yourdomain.com/.well-known/jwks.json
-issuer: https://auth.yourdomain.com
-
-# User mapping
-username_claim: preferred_username
-email_claim: email
-name_claim: name
-
-# Security
-require_https: true
-verify_ssl: true
-```
-
-## User Attribute Mapping
-
-AuthentiKate provides these user claims:
-
-| Claim | Description | Example |
-|-------|-------------|---------|
-| `sub` | Unique user ID (UUID) | `f47ac10b-58cc-4372-a567-0e02b2c3d479` |
-| `email` | User email address | `user@example.com` |
-| `name` | Full display name | `John Doe` |
-| `preferred_username` | Username | `john.doe` |
-| `email_verified` | Email verification status | `true` |
-| `picture` | Avatar URL | `https://auth.yourdomain.com/storage/avatars/...` |
-
-### Custom User Mapping
-
-Some applications need custom field mapping:
-
-```yaml
-# Grafana example
-field_mapping:
- login: preferred_username
- email: email
- name: name
-
-# GitLab example
-user_info_mapping:
- username: preferred_username
- email: email
- name: name
-```
-
-## Troubleshooting Common Issues
-
-### Invalid Redirect URI
-```
-Error: Invalid redirect URI
-```
-
-**Solution**: Ensure the redirect URI in AuthentiKate exactly matches your application's callback URL.
-
-### Invalid Client
-```
-Error: Invalid client credentials
-```
-
-**Solution**: Double-check the Client ID and Client Secret in your application settings.
-
-### SSL/HTTPS Issues
-```
-Error: SSL verification failed
-```
-
-**Solutions**:
-- Ensure AuthentiKate is accessible via HTTPS
-- Use valid SSL certificates
-- Set `verify_ssl: false` only for testing
-
-### Token Validation Errors
-```
-Error: Invalid token signature
-```
-
-**Solution**: Verify the JWKS endpoint is accessible and your application is using the correct validation method.
-
-## Testing Your Integration
-
-### 1. Manual Testing
-1. Try logging into your application
-2. Check that you're redirected to AuthentiKate
-3. Verify successful authentication returns you to the app
-4. Confirm user details are populated correctly
-
-### 2. Token Validation
-```bash
-# Test the discovery endpoint
-curl https://auth.yourdomain.com/.well-known/openid_configuration
-
-# Test JWKS endpoint
-curl https://auth.yourdomain.com/.well-known/jwks.json
-
-# Test user info (requires valid token)
-curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
- https://auth.yourdomain.com/oauth/userinfo
-```
-
-### 3. Debug Mode
-Enable debug logging in your application to see:
-- OAuth request/response details
-- Token validation steps
-- User claim mapping
-
-## Security Best Practices
-
-### Client Configuration
-- Use strong, unique Client Secrets
-- Implement proper redirect URI validation
-- Use HTTPS for all communication
-- Validate SSL certificates
-
-### Scope Management
-- Request minimal necessary scopes
-- Use `openid` scope for OIDC compliance
-- Add `profile` and `email` as needed
-
-### Token Handling
-- Store tokens securely
-- Implement proper token refresh
-- Validate token signatures
-- Respect token expiration
-
-## Getting Help
-
-If you're having trouble integrating an application:
-
-1. **Check the logs**: Both AuthentiKate and your application logs
-2. **Verify endpoints**: Test OIDC endpoints with curl
-3. **Compare settings**: Use working examples as reference
-4. **Community help**: Check GitHub discussions for similar integrations
-
-Ready to integrate your first application? Start with our [Grafana guide](/integrations/grafana) for a step-by-step walkthrough.
\ No newline at end of file
diff --git a/docs/package.json b/docs/package.json
deleted file mode 100644
index be92f74..0000000
--- a/docs/package.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "scripts": {
- "docs:dev": "vitepress dev",
- "docs:build": "vitepress build",
- "docs:preview": "vitepress preview"
- },
- "devDependencies": {
- "vitepress": "^1.6.3"
- }
-}
\ No newline at end of file