auth_required = true
[google_oauth]
client_id = "REPLACE_ME"
client_secret = "REPLACE_ME"
allowed_domains = ["example.com"]
[rbac]
enabled = true
default_roles = ["reader"]
Local username/password auth and Google OAuth can coexist on the same login page. RBAC then maps users to roles and roles to path patterns through resolve_roles() and is_allowed().