diff --git a/CloudronManifest.json b/CloudronManifest.json
index f3e9eb6..49f01bd 100644
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -10,7 +10,8 @@
   "addons": {
     "mysql": { },
     "sendmail": { },
-    "localstorage": { }
+    "localstorage": { },
+    "oauth": { }
   },
   "tcpPorts": {
     "SSH_PORT": {
diff --git a/app.ini.template b/app.ini.template
index e329f95..e8f8e99 100644
--- a/app.ini.template
+++ b/app.ini.template
@@ -42,3 +42,15 @@ SECRET_KEY = ##SECRET_KEY
 DISABLE_REGISTRATION = false
 SHOW_REGISTRATION_BUTTON = false
 
+[oauth]
+ENABLED = true
+
+[oauth.cloudron]
+ENABLED = true
+CLIENT_ID = ##OAUTH_CLIENT_ID
+CLIENT_SECRET = ##OAUTH_CLIENT_SECRET
+SCOPES = root,profile,apps,roleAdmin,user
+AUTH_URL = ##OAUTH_AUTH_URL
+TOKEN_URL = ##OAUTH_TOKEN_URL
+CLOUDRON_ORIGIN = ##OAUTH_CLOUDRON_ORIGIN
+
diff --git a/start.sh b/start.sh
index 62755ed..14e1aa0 100755
--- a/start.sh
+++ b/start.sh
@@ -55,6 +55,11 @@ sed -e "s/##HOSTNAME/${fqdn}/g" \
     -e "s/##MAIL_PORT/${MAIL_SMTP_PORT}/g" \
     -e "s/##MAIL_FROM/${MAIL_SMTP_USERNAME}@${MAIL_DOMAIN}/g" \
     -e "s/##SECRET_KEY/$(pwgen -1 -s)/g" \
+    -e "s/##OAUTH_CLIENT_ID/${OAUTH_CLIENT_ID}/g" \
+    -e "s/##OAUTH_CLIENT_SECRET/${OAUTH_CLIENT_SECRET}/g" \
+    -e "s,##OAUTH_AUTH_URL,${ADMIN_ORIGIN}/api/v1/oauth/dialog/authorize,g" \
+    -e "s,##OAUTH_TOKEN_URL,${ADMIN_ORIGIN}/api/v1/oauth/token,g" \
+    -e "s,##CLOUDRON_ORIGIN,${ADMIN_ORIGIN},g" \
     /home/cloudron/app.ini.template > "/home/cloudron/gogs/custom/conf/app.ini"
 
 supervisorctl restart gogs