TaskView Logo

Authentication

Configure authentication in TaskView - email/password, email/code, OAuth with GitHub, Google, and Apple Sign In. JWT session management, password recovery, and account deletion for your self-hosted instance.

TaskView supports multiple ways to sign in - email/password, email/code, GitHub, Google, and Apple. You can enable whichever methods make sense for your team.

Email and password

This is the default method and works out of the box. Users register with an email and password, and log in the same way (email conformation is required).

If you have SMTP configured, users will receive a confirmation email after registration. Without SMTP, email confirmation is skipped and accounts should be activated manually.

Password recovery

Requires SMTP. Users click "Forgot password" on the login screen, enter their email, and receive a reset link. Without SMTP configured, password recovery is not available - you'll need to reset passwords manually in the database.

OAuth providers

TaskView can use external providers for login. This is separate from the integration OAuth (which is for connecting GitHub/GitLab repositories).

GitHub login

Users click "Sign in with GitHub" and authorize the app. TaskView only requests the user:email scope - it reads the email to match or create an account.

To enable, you need a GitHub OAuth App (separate from the integrations one):

  1. Go to GitHub Developer Settings
  2. Create a New OAuth App
  3. Set the callback URL to {API_URL}/module/auth/provider/github/callback

Google login

Works the same way. Create credentials in the Google Cloud Console, set the callback to {API_URL}/module/auth/provider/google/callback.

Apple login

Available for users on Apple devices. Requires an Apple Developer account and Sign in with Apple configuration.

Sessions

TaskView uses JWT tokens for session management:

  • Access token - short-lived (default: 1 day), used for API requests
  • Refresh token - longer-lived (default: 2 days), used to get a new access token

When the access token expires, the app automatically uses the refresh token to get a new one. Users stay logged in as long as the refresh token is valid.

You can adjust token lifetimes with the ACCESS_LIFE_TIME and REFRESH_LIFE_TIME environment variables.

Account deletion

Users can delete their own account from the account settings page. This is a two-step process - they request a deletion code (sent by email if SMTP is configured), then confirm. Account deletion removes all personal data (You cannot undo this action. You can only restore the data from a backup, if you have one.).

Environment Variables

Complete reference for TaskView environment variables - database connection, JWT authentication, OAuth providers, SMTP email, GitHub/GitLab integration, encryption, and CORS configuration for your self-hosted Docker deployment.

Team Members

Invite team members to TaskView projects by email, assign tasks, manage access, and control visibility. Built-in collaboration tools with project ownership and role assignment for self-hosted project management.

Built with Nuxt UI • © 2026 Thank you Nuxt Team for this awesome UI library and for the template!