is a service on that manages your user account.

See also:


On your user profile, you can set some aesthetic information, which will be shown publically. The bio supports Markdown.


On your security page you can manage two-factor authentication and view the audit log.

Two-factor authentication

Presently, only TOTP is supported for two-factor authentication. Our recommended token software is andOTP, but others like Google Authenticator will also work.

To enable TOTP, click "Enable TOTP" and scan the QR code with your TOTP app. Enter a valid code to enable TOTP. Note that once enabled, you will not be able to reset your account password without contacting support.

Audit Log

The audit log shows a log of activity on your account and the IP address associated with it. These logs are purged after 14 days.


On your keys page, you can manage public keys associated with your account, which may be utilized by various services throughout the site (such as your SSH keys being used to authorize pushes to


On the privacy page, you may choose to have emails from the network encrypted with your PGP public key. Add your key on the keys page, then on the privacy page you can select the key you wish to have emails encrypted with. You may also send a test email to confirm that it worked correctly.

All emails from will include a PGP signature using the key provided on the privacy page, regardless of your encryption preferences. You may use this key to verify the authenticity of our emails if you wish.


On the OAuth page, you can manage access to your account that you have authorized to third parties.

Authorized Clients

This is a list of OAuth keys issued to third parties and the resources they are permitted to access on your account. You may revoke the third party's access to your account with the "Revoke" button.

Registered Clients

Registering an OAuth client allows you to build applications that can authenticate users and access resources on their account. On this page you may register new clients and manage existing ones. For details on the API side of OAuth, visit the API reference.

On the "manage" pages, you will find:


You may edit your public client name here, as well as editing the URI will redirect to upon successful authorization by a user.


Should security issues come up with your OAuth application, you will find some mitigations here. "Reset client secret" will issue you a new client secret, and "Revoke all tokens" will revoke all tokens previously issued to your OAuth client, requiring you to re-authorize users.


If you wish to integrate more deeply with, you can have authorize access to your API. On the scopes page you may create new OAuth scopes that third parties can request permission for use on your API.


Here you may permenantely delete your OAuth client.

Personal Access Tokens

If you want to integrate with APIs for your personal scripts or tools, you can request a personal access token here. All personal access tokens expire in 1 year and have complete access to your account across the network and any third parties that delegate to for authentication to their APIs.


Note: This tab is not visible to the general public, and this information is only applicable to users running their own instances.

If you run a closed instance (i.e. []registration=no in your config), this page can be used to generate one-time registration links to invite users to create an account.

Password Reset

You can reset your password on this page.

About this wiki

commit 48012c22fb5241abb7736a2f9627b50234fa6510
Author: Taavi Väänänen <>
Date:   2024-05-31T15:35:19+02:00 Update my email address
Clone this wiki (read-only) (read/write)