diff --git a/.env.sample b/.env.sample
index a1bd2ae..3e84dc5 100644
--- a/.env.sample
+++ b/.env.sample
@@ -93,6 +93,14 @@ DEFAULT_QUOTA="10 GB"
 #SECRET_TALK_TURN_SECRET_VERSION=v1 # length=64 charset=default
 #SECRET_TALK_SIGNALING_SECRET_VERSION=v1 # length=64 charset=default
 
+# COMPOSE_FILE="$COMPOSE_FILE:compose.user_oidc.yml"
+# APPS="$APPS user_oidc"
+# USER_OIDC_PROVIDER=
+# USER_OIDC_ID=
+# USER_OIDC_DISCOVERY_URI=
+# USER_OIDC_END_SESSION_URI=
+# USER_OIDC_LOGIN_ONLY=false
+# SECRET_USER_OIDC_SECRET_VERSION=v1
 
 # HSTS Options
 # Uncomment this line to enable HSTS: https://docs.nextcloud.com/server/30/admin_manual/installation/harden_server.html
diff --git a/compose.user_oidc.yml b/compose.user_oidc.yml
new file mode 100644
index 0000000..5ba64ca
--- /dev/null
+++ b/compose.user_oidc.yml
@@ -0,0 +1,10 @@
+version: "3.8"
+services:
+  app:
+    secrets:
+      - user_oidc_secret
+
+secrets:
+  user_oidc_secret:
+    external: true
+    name: ${STACK_NAME}_user_oidc_secret_${SECRET_USER_OIDC_SECRET_VERSION}