authelia/docs/content/en/integration/openid-connect/outline/index.md

2.6 KiB

title description lead date draft images menu weight toc community
Outline Integrating Outline with the Authelia OpenID Connect Provider. 2022-08-12T09:11:42+10:00 false
integration
parent
openid-connect
620 true true

Tested Versions

Before You Begin

{{% oidc-common %}}

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://outline.example.com
  • Authelia Root URL: https://auth.example.com
  • Client ID: outline
  • Client Secret: insecure_secret

Important Note: At the time of this writing Outline requires the offline_access scope by default. Failure to include this scope will result in an error as Outline will attempt to use a refresh token that is never issued.

Configuration

Application

To configure Outline to utilize Authelia as an OpenID Connect 1.0 Provider:

  1. Configure the following environment options:
URL=https://outline.example.com
FORCE_HTTPS=true

OIDC_CLIENT_ID=outline
OIDC_CLIENT_SECRET=insecure_secret
OIDC_AUTH_URI=https://auth.example.com/api/oidc/authorization
OIDC_TOKEN_URI=https://auth.example.com/api/oidc/token
OIDC_USERINFO_URI=https://auth.example.com/api/oidc/userinfo
OIDC_USERNAME_CLAIM=preferred_username
OIDC_DISPLAY_NAME=Authelia
OIDC_SCOPES="openid offline_access profile email"

Authelia

The following YAML configuration is an example Authelia client configuration for use with Outline which will operate with the above example:

identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
    - id: 'outline'
      description: 'Outline'
      secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
      public: false
      authorization_policy: 'two_factor'
      redirect_uris:
        - 'https://outline.example.com/auth/oidc.callback'
      scopes:
        - 'openid'
        - 'offline_access'
        - 'profile'
        - 'email'
      userinfo_signing_algorithm: 'none'

See Also