mirrors/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2024-11-21 17:15:38 +03:00
Code Issues Projects Releases Packages Wiki Activity

deploy: 80e39fd834

Browse source
This commit is contained in:
MadLittleMods 2024-11-20 22:07:50 +00:00
parent 32fc4a1349
commit 2422e86b3a
4 changed files with 50 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
develop/openid.html
View file

@ -462,6 +462,30 @@ and &quot;App Secret&quot; for use below.</li>
but it has a <code>response_types_supported</code> which excludes &quot;code&quot; (which we rely on, and but it has a <code>response_types_supported</code> which excludes &quot;code&quot; (which we rely on, and
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>), is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
so we have to disable discovery and configure the URIs manually.</p> so we have to disable discovery and configure the URIs manually.</p>
<h3 id="forgejo"><a class="header" href="#forgejo">Forgejo</a></h3>
<p>Forgejo is a fork of Gitea that can act as an OAuth2 provider.</p>
<p>The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined <code>subject_claim</code> and <code>scopes</code>.</p>
<p>Synapse config:</p>
<pre><code class="language-yaml">oidc_providers:
- idp_id: forgejo
idp_name: Forgejo
discover: false
issuer: &quot;https://your-forgejo.com/&quot;
client_id: &quot;your-client-id&quot; # TO BE FILLED
client_secret: &quot;your-client-secret&quot; # TO BE FILLED
client_auth_method: client_secret_post
scopes: [&quot;openid&quot;, &quot;profile&quot;, &quot;email&quot;, &quot;groups&quot;]
authorization_endpoint: &quot;https://your-forgejo.com/login/oauth/authorize&quot;
token_endpoint: &quot;https://your-forgejo.com/login/oauth/access_token&quot;
userinfo_endpoint: &quot;https://your-forgejo.com/api/v1/user&quot;
user_mapping_provider:
config:
subject_claim: &quot;sub&quot;
picture_claim: &quot;picture&quot;
localpart_template: &quot;{{ user.preferred_username }}&quot;
display_name_template: &quot;{{ user.name }}&quot;
email_template: &quot;{{ user.email }}&quot;
</code></pre>
<h3 id="github"><a class="header" href="#github">GitHub</a></h3> <h3 id="github"><a class="header" href="#github">GitHub</a></h3>
<p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but <p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
just a regular OAuth2 provider.</p> just a regular OAuth2 provider.</p>

24
develop/print.html
View file

@ -8749,6 +8749,30 @@ and &quot;App Secret&quot; for use below.</li>
but it has a <code>response_types_supported</code> which excludes &quot;code&quot; (which we rely on, and but it has a <code>response_types_supported</code> which excludes &quot;code&quot; (which we rely on, and
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>), is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
so we have to disable discovery and configure the URIs manually.</p> so we have to disable discovery and configure the URIs manually.</p>
<h3 id="forgejo"><a class="header" href="#forgejo">Forgejo</a></h3>
<p>Forgejo is a fork of Gitea that can act as an OAuth2 provider.</p>
<p>The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined <code>subject_claim</code> and <code>scopes</code>.</p>
<p>Synapse config:</p>
<pre><code class="language-yaml">oidc_providers:
- idp_id: forgejo
idp_name: Forgejo
discover: false
issuer: &quot;https://your-forgejo.com/&quot;
client_id: &quot;your-client-id&quot; # TO BE FILLED
client_secret: &quot;your-client-secret&quot; # TO BE FILLED
client_auth_method: client_secret_post
scopes: [&quot;openid&quot;, &quot;profile&quot;, &quot;email&quot;, &quot;groups&quot;]
authorization_endpoint: &quot;https://your-forgejo.com/login/oauth/authorize&quot;
token_endpoint: &quot;https://your-forgejo.com/login/oauth/access_token&quot;
userinfo_endpoint: &quot;https://your-forgejo.com/api/v1/user&quot;
user_mapping_provider:
config:
subject_claim: &quot;sub&quot;
picture_claim: &quot;picture&quot;
localpart_template: &quot;{{ user.preferred_username }}&quot;
display_name_template: &quot;{{ user.name }}&quot;
email_template: &quot;{{ user.email }}&quot;
</code></pre>
<h3 id="github"><a class="header" href="#github">GitHub</a></h3> <h3 id="github"><a class="header" href="#github">GitHub</a></h3>
<p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but <p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
just a regular OAuth2 provider.</p> just a regular OAuth2 provider.</p>

2
develop/searchindex.js
View file

File diff suppressed because one or more lines are too long

2
develop/searchindex.json
View file

File diff suppressed because one or more lines are too long