coollabsio · LK-maker-007 · Apr 16, 2026
diff --git a/app/Http/Controllers/OauthController.php b/app/Http/Controllers/OauthController.php
@@ -22,7 +22,10 @@ public function callback(string $provider)
             $user = User::whereEmail($oauthUser->email)->first();
             if (! $user) {
                 $settings = instanceSettings();
-                if (! $settings->is_registration_enabled) {
+                // Allow new user creation via OAuth when either:
+                // 1. General registration is enabled, OR
+                // 2. OAuth-only registration is explicitly enabled
+                if (! $settings->is_registration_enabled && ! $settings->is_oauth_registration_enabled) {
                     abort(403, 'Registration is disabled');
                 }
 
@@ -31,6 +34,7 @@ public function callback(string $provider)
                     'email' => $oauthUser->email,
                 ]);
             }
+
             Auth::login($user);
 
             return redirect('/');

diff --git a/app/Livewire/Settings/Advanced.php b/app/Livewire/Settings/Advanced.php
@@ -15,6 +15,9 @@ class Advanced extends Component
     #[Validate('boolean')]
     public bool $is_registration_enabled;
 
+    #[Validate('boolean')]
+    public bool $is_oauth_registration_enabled;
+
     #[Validate('boolean')]
     public bool $do_not_track;
 
@@ -41,6 +44,7 @@ public function rules()
     {
         return [
             'is_registration_enabled' => 'boolean',
+            'is_oauth_registration_enabled' => 'boolean',
             'do_not_track' => 'boolean',
             'is_dns_validation_enabled' => 'boolean',
             'custom_dns_servers' => ['nullable', 'string', new ValidDnsServers],
@@ -62,6 +66,7 @@ public function mount()
         $this->allowed_ips = $this->settings->allowed_ips;
         $this->do_not_track = $this->settings->do_not_track;
         $this->is_registration_enabled = $this->settings->is_registration_enabled;
+        $this->is_oauth_registration_enabled = $this->settings->is_oauth_registration_enabled ?? false;
         $this->is_dns_validation_enabled = $this->settings->is_dns_validation_enabled;
         $this->is_api_enabled = $this->settings->is_api_enabled;
         $this->disable_two_step_confirmation = $this->settings->disable_two_step_confirmation;
@@ -142,6 +147,7 @@ public function instantSave()
     {
         try {
             $this->settings->is_registration_enabled = $this->is_registration_enabled;
+            $this->settings->is_oauth_registration_enabled = $this->is_oauth_registration_enabled;
             $this->settings->do_not_track = $this->do_not_track;
             $this->settings->is_dns_validation_enabled = $this->is_dns_validation_enabled;
             $this->settings->custom_dns_servers = $this->custom_dns_servers;

diff --git a/app/Models/InstanceSettings.php b/app/Models/InstanceSettings.php
@@ -18,6 +18,7 @@ class InstanceSettings extends Model
         'do_not_track',
         'is_auto_update_enabled',
         'is_registration_enabled',
+        'is_oauth_registration_enabled',
         'next_channel',
         'smtp_enabled',
         'smtp_from_address',
@@ -63,6 +64,7 @@ class InstanceSettings extends Model
 
         'allowed_ip_ranges' => 'array',
         'is_auto_update_enabled' => 'boolean',
+        'is_oauth_registration_enabled' => 'boolean',
         'auto_update_frequency' => 'string',
         'update_check_frequency' => 'string',
         'sentinel_token' => 'encrypted',

diff --git a/database/migrations/2026_04_16_000000_add_oauth_registration_to_instance_settings.php b/database/migrations/2026_04_16_000000_add_oauth_registration_to_instance_settings.php
@@ -0,0 +1,22 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    public function up(): void
+    {
+        Schema::table('instance_settings', function (Blueprint $table) {
+            $table->boolean('is_oauth_registration_enabled')->default(false)->after('is_registration_enabled');
+        });
+    }
+
+    public function down(): void
+    {
+        Schema::table('instance_settings', function (Blueprint $table) {
+            $table->dropColumn('is_oauth_registration_enabled');
+        });
+    }
+};
diff --git a/resources/views/livewire/settings/advanced.blade.php b/resources/views/livewire/settings/advanced.blade.php
@@ -40,7 +40,13 @@ class="flex flex-col h-full gap-8 sm:flex-row">
                                 confirmationLabel="Please type the confirmation text to enable registration."
                                 shortConfirmationLabel="Confirmation text" />
                         </div>
+                        <div class="md:w-96" wire:key="oauth-registration">
+                            <x-forms.checkbox instantSave id="is_oauth_registration_enabled"
+                                helper="Allow users to self-register via OAuth providers (e.g. GitHub, Google) even when general registration is disabled. Existing OAuth logins are always allowed — this only controls new account creation via OAuth."
+                                label="Allow OAuth Registration" />
+                        </div>
                     @endif
+
                     <div class="md:w-96">
                         <x-forms.checkbox instantSave id="do_not_track"
                             helper="Opt out of anonymous usage tracking. When enabled, this instance will not report to coolify.io's installation count and will not send error reports to help improve Coolify."