From 19d1b1bbcbc1e3f35aabb0b92855907ba0051e96 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Sun, 2 Apr 2023 13:12:01 +1000 Subject: [PATCH] docs: fix gitea example (#5156) Fixes the gitea example and a few other minor issues. Signed-off-by: James Elliott --- .../openid-connect/apache-guacamole/index.md | 39 +++++++------ .../openid-connect/argocd/index.md | 57 ++++++++++--------- .../openid-connect/bookstack/index.md | 29 ++++++---- .../cloudflare-zerotrust/index.md | 29 ++++++---- .../openid-connect/firezone/index.md | 33 ++++++----- .../integration/openid-connect/gitea/index.md | 35 +++++++----- .../openid-connect/gitlab/index.md | 31 +++++----- .../openid-connect/grafana/index.md | 31 +++++----- .../openid-connect/harbor/index.md | 31 +++++----- .../openid-connect/hashicorp-vault/index.md | 33 ++++++----- .../integration/openid-connect/komga/index.md | 33 ++++++----- .../integration/openid-connect/minio/index.md | 33 ++++++----- .../openid-connect/misago/index.md | 46 ++++++++------- .../openid-connect/nextcloud/index.md | 31 +++++----- .../openid-connect/outline/index.md | 31 +++++----- .../openid-connect/portainer/index.md | 31 +++++----- .../openid-connect/proxmox/index.md | 38 ++++++------- .../openid-connect/seafile/index.md | 29 ++++++---- .../openid-connect/specific-information.md | 8 ++- .../openid-connect/synapse/index.md | 29 ++++++---- .../openid-connect/synology-dsm/index.md | 31 +++++----- 21 files changed, 392 insertions(+), 296 deletions(-) diff --git a/docs/content/en/integration/openid-connect/apache-guacamole/index.md b/docs/content/en/integration/openid-connect/apache-guacamole/index.md index d66c84523..856ed202f 100644 --- a/docs/content/en/integration/openid-connect/apache-guacamole/index.md +++ b/docs/content/en/integration/openid-connect/apache-guacamole/index.md @@ -57,23 +57,28 @@ The following YAML configuration is an example __Authelia__ [Apache Guacamole] which will operate with the above example: ```yaml -- id: guacamole - description: Apache Guacamole - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://guacamole.example.com - scopes: - - openid - - profile - - groups - - email - response_types: - - id_token - grant_types: - - implicit - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: guacamole + description: Apache Guacamole + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://guacamole.example.com + scopes: + - openid + - profile + - groups + - email + response_types: + - id_token + grant_types: + - implicit + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/argocd/index.md b/docs/content/en/integration/openid-connect/argocd/index.md index 081a76b10..b37fd2e1d 100644 --- a/docs/content/en/integration/openid-connect/argocd/index.md +++ b/docs/content/en/integration/openid-connect/argocd/index.md @@ -60,32 +60,37 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: argocd - description: Argo CD - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://argocd.example.com/auth/callback - scopes: - - openid - - groups - - email - - profile - userinfo_signing_algorithm: none -- id: argocd-cli - description: Argo CD (CLI) - public: true - authorization_policy: two_factor - redirect_uris: - - http://localhost:8085/auth/callback - scopes: - - openid - - groups - - email - - profile - - offline_access - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: argocd + description: Argo CD + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://argocd.example.com/auth/callback + scopes: + - openid + - groups + - email + - profile + userinfo_signing_algorithm: none + - id: argocd-cli + description: Argo CD (CLI) + public: true + authorization_policy: two_factor + redirect_uris: + - http://localhost:8085/auth/callback + scopes: + - openid + - groups + - email + - profile + - offline_access + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/bookstack/index.md b/docs/content/en/integration/openid-connect/bookstack/index.md index adb61041f..73e8214a2 100644 --- a/docs/content/en/integration/openid-connect/bookstack/index.md +++ b/docs/content/en/integration/openid-connect/bookstack/index.md @@ -62,18 +62,23 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: bookstack - description: BookStack - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://bookstack.example.com/oidc/callback - scopes: - - openid - - profile - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: bookstack + description: BookStack + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://bookstack.example.com/oidc/callback + scopes: + - openid + - profile + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/cloudflare-zerotrust/index.md b/docs/content/en/integration/openid-connect/cloudflare-zerotrust/index.md index 9a24e40a5..eecf2c9fc 100644 --- a/docs/content/en/integration/openid-connect/cloudflare-zerotrust/index.md +++ b/docs/content/en/integration/openid-connect/cloudflare-zerotrust/index.md @@ -70,18 +70,23 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: cloudflare - description: Cloudflare ZeroTrust - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://example-team.cloudflareaccess.com/cdn-cgi/access/callback - scopes: - - openid - - profile - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: cloudflare + description: Cloudflare ZeroTrust + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://example-team.cloudflareaccess.com/cdn-cgi/access/callback + scopes: + - openid + - profile + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/firezone/index.md b/docs/content/en/integration/openid-connect/firezone/index.md index 823cb75ad..96e7d55a9 100644 --- a/docs/content/en/integration/openid-connect/firezone/index.md +++ b/docs/content/en/integration/openid-connect/firezone/index.md @@ -71,20 +71,25 @@ The following YAML configuration is an example __Authelia__ will operate with the above example: ```yaml -- id: firezone - description: Firezone - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - enforce_pkce: true - pkce_challenge_method: S256 - redirect_uris: - - https://firezone.example.com/auth/oidc/authelia/callback - scopes: - - openid - - email - - profile - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: firezone + description: Firezone + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + enforce_pkce: true + pkce_challenge_method: S256 + redirect_uris: + - https://firezone.example.com/auth/oidc/authelia/callback + scopes: + - openid + - email + - profile + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/gitea/index.md b/docs/content/en/integration/openid-connect/gitea/index.md index b7e7fffff..c51fdc238 100644 --- a/docs/content/en/integration/openid-connect/gitea/index.md +++ b/docs/content/en/integration/openid-connect/gitea/index.md @@ -81,25 +81,30 @@ The following YAML configuration is an example __Authelia__ will operate with the above example: ```yaml -- id: gitea - description: Gitea - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://gitea.example.com/user/oauth2/authelia/callback - scopes: - - openid - - email - - profile - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: gitea + description: Gitea + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://gitea.example.com/user/oauth2/authelia/callback + scopes: + - openid + - email + - profile + userinfo_signing_algorithm: none ``` ## See Also -- [Gitea] app.ini [Config Cheat Sheet - OpenID](https://docs.gitea.io/en-us/config-cheat-sheet/#openid-openid) -- [Gitea] app.ini [Config Cheat Sheet - Service](https://docs.gitea.io/en-us/config-cheat-sheet/#service-service) +- [Gitea] app.ini [Config Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet): + - [OpenID](https://docs.gitea.io/en-us/config-cheat-sheet/#openid-openid) + - [Service](https://docs.gitea.io/en-us/config-cheat-sheet/#service-service) -- [Authelia]: https://www.authelia.com [Gitea]: https://gitea.io/ [OpenID Connect 1.0]: ../../openid-connect/introduction.md diff --git a/docs/content/en/integration/openid-connect/gitlab/index.md b/docs/content/en/integration/openid-connect/gitlab/index.md index 1620d95e3..72bc826bd 100644 --- a/docs/content/en/integration/openid-connect/gitlab/index.md +++ b/docs/content/en/integration/openid-connect/gitlab/index.md @@ -73,19 +73,24 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: gitlab - description: GitLab - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://gitlab.example.com/users/auth/openid_connect/callback - scopes: - - openid - - profile - - groups - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: gitlab + description: GitLab + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://gitlab.example.com/users/auth/openid_connect/callback + scopes: + - openid + - profile + - groups + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/grafana/index.md b/docs/content/en/integration/openid-connect/grafana/index.md index 916dd4f2a..45fc15f79 100644 --- a/docs/content/en/integration/openid-connect/grafana/index.md +++ b/docs/content/en/integration/openid-connect/grafana/index.md @@ -91,19 +91,24 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: grafana - description: Grafana - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://grafana.example.com/login/generic_oauth - scopes: - - openid - - profile - - groups - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: grafana + description: Grafana + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://grafana.example.com/login/generic_oauth + scopes: + - openid + - profile + - groups + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/harbor/index.md b/docs/content/en/integration/openid-connect/harbor/index.md index ebd832b69..42d42909b 100644 --- a/docs/content/en/integration/openid-connect/harbor/index.md +++ b/docs/content/en/integration/openid-connect/harbor/index.md @@ -64,19 +64,24 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: harbor - description: Harbor - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://harbor.example.com/c/oidc/callback - scopes: - - openid - - profile - - groups - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: harbor + description: Harbor + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://harbor.example.com/c/oidc/callback + scopes: + - openid + - profile + - groups + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/hashicorp-vault/index.md b/docs/content/en/integration/openid-connect/hashicorp-vault/index.md index 80f93009b..2f14beb74 100644 --- a/docs/content/en/integration/openid-connect/hashicorp-vault/index.md +++ b/docs/content/en/integration/openid-connect/hashicorp-vault/index.md @@ -47,20 +47,25 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: vault - description: HashiCorp Vault - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://vault.example.com/oidc/callback - - https://vault.example.com/ui/vault/auth/oidc/oidc/callback - scopes: - - openid - - profile - - groups - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: vault + description: HashiCorp Vault + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://vault.example.com/oidc/callback + - https://vault.example.com/ui/vault/auth/oidc/oidc/callback + scopes: + - openid + - profile + - groups + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/komga/index.md b/docs/content/en/integration/openid-connect/komga/index.md index 15cea6ded..d07272e71 100644 --- a/docs/content/en/integration/openid-connect/komga/index.md +++ b/docs/content/en/integration/openid-connect/komga/index.md @@ -69,20 +69,25 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: komga - description: Komga - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://komga.example.com/login/oauth2/code/authelia - scopes: - - openid - - profile - - email - grant_types: - - authorization_code - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: komga + description: Komga + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://komga.example.com/login/oauth2/code/authelia + scopes: + - openid + - profile + - email + grant_types: + - authorization_code + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/minio/index.md b/docs/content/en/integration/openid-connect/minio/index.md index 5a405503e..ba0f725d8 100644 --- a/docs/content/en/integration/openid-connect/minio/index.md +++ b/docs/content/en/integration/openid-connect/minio/index.md @@ -67,19 +67,24 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: minio - description: MinIO - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://minio.example.com/apps/oidc_login/oidc - scopes: - - openid - - profile - - email - - groups - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: minio + description: MinIO + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://minio.example.com/apps/oidc_login/oidc + scopes: + - openid + - profile + - email + - groups + userinfo_signing_algorithm: none ``` ## See Also @@ -88,4 +93,4 @@ which will operate with the above example: [MinIO]: https://minio.com/ [Authelia]: https://www.authelia.com -[OpenID Connect 1.0]: ../../openid-connect/introduction.md +[OpenID Connect 1.0]: ../../openid-connect/introduction.md diff --git a/docs/content/en/integration/openid-connect/misago/index.md b/docs/content/en/integration/openid-connect/misago/index.md index 01978bbc3..88fe2192f 100644 --- a/docs/content/en/integration/openid-connect/misago/index.md +++ b/docs/content/en/integration/openid-connect/misago/index.md @@ -15,10 +15,10 @@ community: true ## Tested Versions -- [Authelia](https://www.authelia.com) - - [v4.37.5](https://github.com/authelia/authelia/releases/tag/v4.37.5) -- [Misago](https://github.com/rafalp/Misago) - - [misago-image v0.29.1](https://github.com/tetricky/misago-image/releases/tag/v0.29.1) +* [Authelia](https://www.authelia.com) + * [v4.37.5](https://github.com/authelia/authelia/releases/tag/v4.37.5) +* [Misago](https://github.com/rafalp/Misago) + * [misago-image v0.29.1](https://github.com/tetricky/misago-image/releases/tag/v0.29.1) ## Before You Begin @@ -82,24 +82,28 @@ To configure [Misago] to utilize Authelia as an [OpenID Connect 1.0](https://www The following YAML configuration is an example **Authelia** [client configuration](https://www.authelia.com/configuration/identity-providers/open-id-connect/#clients) for use with [Misago] which will operate with the above example: ```yaml +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc clients: - - id: misago - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - scopes: - - openid - - profile - - email - redirect_uris: - - https://misago.example.com/oauth2/complete/ - grant_types: - - authorization_code - response_types: - - code - response_modes: - - query - userinfo_signing_algorithm: none + - id: misago + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + scopes: + - openid + - profile + - email + redirect_uris: + - https://misago.example.com/oauth2/complete/ + grant_types: + - authorization_code + response_types: + - code + response_modes: + - query + userinfo_signing_algorithm: none ``` --- diff --git a/docs/content/en/integration/openid-connect/nextcloud/index.md b/docs/content/en/integration/openid-connect/nextcloud/index.md index f21e0d1b6..d144b71dd 100644 --- a/docs/content/en/integration/openid-connect/nextcloud/index.md +++ b/docs/content/en/integration/openid-connect/nextcloud/index.md @@ -85,19 +85,24 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: nextcloud - description: NextCloud - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://nextcloud.example.com/apps/oidc_login/oidc - scopes: - - openid - - profile - - email - - groups - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: nextcloud + description: NextCloud + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://nextcloud.example.com/apps/oidc_login/oidc + scopes: + - openid + - profile + - email + - groups + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/outline/index.md b/docs/content/en/integration/openid-connect/outline/index.md index 17e0b1cfb..c01c7720a 100644 --- a/docs/content/en/integration/openid-connect/outline/index.md +++ b/docs/content/en/integration/openid-connect/outline/index.md @@ -64,19 +64,24 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: outline - description: Outline - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://outline.example.com/auth/oidc.callback - scopes: - - openid - - offline_access - - profile - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: outline + description: Outline + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://outline.example.com/auth/oidc.callback + scopes: + - openid + - offline_access + - profile + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/portainer/index.md b/docs/content/en/integration/openid-connect/portainer/index.md index 94e26b368..511461cdc 100644 --- a/docs/content/en/integration/openid-connect/portainer/index.md +++ b/docs/content/en/integration/openid-connect/portainer/index.md @@ -65,19 +65,24 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: portainer - description: Portainer - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://portainer.example.com - scopes: - - openid - - profile - - groups - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: portainer + description: Portainer + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://portainer.example.com + scopes: + - openid + - profile + - groups + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/proxmox/index.md b/docs/content/en/integration/openid-connect/proxmox/index.md index 9e6c608c6..f7ba35255 100644 --- a/docs/content/en/integration/openid-connect/proxmox/index.md +++ b/docs/content/en/integration/openid-connect/proxmox/index.md @@ -22,14 +22,9 @@ aliases: * [Proxmox] * 7.1-10 -### Common Notes +## Before You Begin -1. You are *__required__* to utilize a unique client id for every client. -2. The client id on this page is merely an example and you can theoretically use any alphanumeric string. -3. You *__should not__* use the client secret in this example, We *__strongly recommend__* reading the - [Generating Client Secrets] guide instead. - -[Generating Client Secrets]: ../specific-information.md#generating-client-secrets +{{% oidc-common %}} ### Specific Notes @@ -74,18 +69,23 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: proxmox - description: Proxmox - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://proxmox.example.com - scopes: - - openid - - profile - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: proxmox + description: Proxmox + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://proxmox.example.com + scopes: + - openid + - profile + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/seafile/index.md b/docs/content/en/integration/openid-connect/seafile/index.md index d2d77cdba..0a1d5d021 100644 --- a/docs/content/en/integration/openid-connect/seafile/index.md +++ b/docs/content/en/integration/openid-connect/seafile/index.md @@ -73,18 +73,23 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: seafile - description: Seafile - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://seafile.example.com/oauth/callback/ - scopes: - - openid - - profile - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: seafile + description: Seafile + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://seafile.example.com/oauth/callback/ + scopes: + - openid + - profile + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/specific-information.md b/docs/content/en/integration/openid-connect/specific-information.md index b13069cb2..648d81924 100644 --- a/docs/content/en/integration/openid-connect/specific-information.md +++ b/docs/content/en/integration/openid-connect/specific-information.md @@ -46,9 +46,11 @@ which case the secret should be encrypted and not be stored in plaintext. The mo client configurations will be stored in the database with the secret both salted and peppered. Authelia currently does not implement any of the specifications or protocols which require secrets being accessible in -the clear and currently has no plans to implement any of these. As such it's *__strongly discouraged and heavily -deprecated__* and we instead recommended that users remove this from their configuration entirely and use the -[Generating Client Secrets](#generating-client-secrets) guide. +the clear such as most notibly the `client_secret_jwt` grant and currently we no plans to implement any of these. As +such it's *__strongly discouraged and heavily deprecated__* and we instead recommended that users remove this from their +configuration entirely and use the [Generating Client Secrets](#generating-client-secrets) guide. At such a time as we +support one of these protocols we will very likely only allow plaintext for clients configured expressly for this +purpose i.e. a client that only allows `client_secret_jwt` and no other grants. Plaintext is either denoted by the `$plaintext$` prefix where everything after the prefix is the secret. In addition if the secret does not start with the `$` character it's considered as a plaintext secret for the time being but is diff --git a/docs/content/en/integration/openid-connect/synapse/index.md b/docs/content/en/integration/openid-connect/synapse/index.md index 1e4b737c4..13428e28f 100644 --- a/docs/content/en/integration/openid-connect/synapse/index.md +++ b/docs/content/en/integration/openid-connect/synapse/index.md @@ -67,18 +67,23 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: synapse - description: Synapse - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://synapse.example.com/_synapse/client/oidc/callback - scopes: - - openid - - profile - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: synapse + description: Synapse + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://synapse.example.com/_synapse/client/oidc/callback + scopes: + - openid + - profile + - email + userinfo_signing_algorithm: none ``` ## See Also diff --git a/docs/content/en/integration/openid-connect/synology-dsm/index.md b/docs/content/en/integration/openid-connect/synology-dsm/index.md index a740af86e..e6de3acec 100644 --- a/docs/content/en/integration/openid-connect/synology-dsm/index.md +++ b/docs/content/en/integration/openid-connect/synology-dsm/index.md @@ -69,19 +69,24 @@ The following YAML configuration is an example __Authelia__ which will operate with the above example: ```yaml -- id: synology-dsm - description: Synology DSM - secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. - public: false - authorization_policy: two_factor - redirect_uris: - - https://dsm.example.com - scopes: - - openid - - profile - - groups - - email - userinfo_signing_algorithm: none +identity_providers: + oidc: + ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. + ## See: https://www.authelia.com/c/oidc + clients: + - id: synology-dsm + description: Synology DSM + secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. + public: false + authorization_policy: two_factor + redirect_uris: + - https://dsm.example.com + scopes: + - openid + - profile + - groups + - email + userinfo_signing_algorithm: none ``` ## See Also