2.6 KiB
2.6 KiB
title | description | lead | date | draft | images | menu | weight | toc | community | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Outline | Integrating Outline with the Authelia OpenID Connect Provider. | 2022-08-12T09:11:42+10:00 | false |
|
620 | true | true |
Tested Versions
Before You Begin
{{% oidc-common %}}
Assumptions
This example makes the following assumptions:
- Application Root URL:
https://outline.example.com
- Authelia Root URL:
https://auth.example.com
- Client ID:
outline
- Client Secret:
insecure_secret
Important Note: At the time of this writing Outline requires the offline_access
scope by default. Failure to include this scope will result
in an error as Outline will attempt to use a refresh token that is never issued.
Configuration
Application
To configure Outline to utilize Authelia as an OpenID Connect 1.0 Provider:
- Configure the following environment options:
URL=https://outline.example.com
FORCE_HTTPS=true
OIDC_CLIENT_ID=outline
OIDC_CLIENT_SECRET=insecure_secret
OIDC_AUTH_URI=https://auth.example.com/api/oidc/authorization
OIDC_TOKEN_URI=https://auth.example.com/api/oidc/token
OIDC_USERINFO_URI=https://auth.example.com/api/oidc/userinfo
OIDC_USERNAME_CLAIM=preferred_username
OIDC_DISPLAY_NAME=Authelia
OIDC_SCOPES="openid offline_access profile email"
Authelia
The following YAML configuration is an example Authelia client configuration for use with Outline which will operate with the above example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: outline
description: Outline
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://outline.example.com/auth/oidc.callback
scopes:
- openid
- offline_access
- profile
- email
userinfo_signing_algorithm: none