Changes

Add a new “OAuth Registration Allowed” toggle in Settings > Advanced that allows new users to register via OAuth providers even when general (password-based) registration is disabled.

This addresses the use case where admins want to control access via an identity provider (e.g., Authentik) without opening up password-based self-registration.

Files changed:

• database/migrations/... — adds is_oauth_registration_enabled boolean column to instance_settings (default: false)
• app/Http/Controllers/OauthController.php — checks the new setting in the OAuth callback; allows user creation if either is_registration_enabled or is_oauth_registration_enabled is true
• app/Livewire/Settings/Advanced.php — wires up the new setting in the Advanced settings component
• resources/views/livewire/settings/advanced.blade.php — adds the checkbox toggle in the UI
• app/Providers/FortifyServiceProvider.php — passes the new flag to the login view
• resources/views/auth/login.blade.php — shows a hint when OAuth registration is available but general registration is disabled
• lang/en.json — adds the auth.oauth_registration_hint translation string

Issues

• fixes: #8042

Category

• New feature

Screenshots or Video (if applicable)

I do not have a running Coolify dev environment to record a screen recording at this time. Happy to provide one if needed before merge.

AI Usage

• AI is used in the process of creating this PR

Steps to Test

• Step 1 – Run php artisan migrate to add the new is_oauth_registration_enabled column
• Step 2 – Go to Settings > Advanced. Verify the new “OAuth Registration Allowed” checkbox appears below “Registration Allowed”
• Step 3 – Disable “Registration Allowed” and enable “OAuth Registration Allowed”. Save
• Step 4 – Open the login page in an incognito window. Verify the message says registration is disabled but you can register via OAuth
• Step 5 – Click an OAuth provider button (e.g., GitHub). Complete the OAuth flow with a new email not yet in the system. Verify the user is created and logged in
• Step 6 – Visit /register directly. Verify it redirects to login (password registration is still blocked)
• Step 7 – Disable both toggles. Repeat step 5 with another new OAuth email. Verify it returns a 403

Contributor Agreement

[!IMPORTANT]

• I have read and understood the contributor guidelines. If I have failed to follow any guideline, I understand that this PR may be closed without review.
• I have tested the changes thoroughly and am confident that they will work as expected without issues when the maintainer tests them

/claim #8042