mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-22 01:25:44 +03:00
deploy: 80e39fd834
This commit is contained in:
parent
32fc4a1349
commit
2422e86b3a
4 changed files with 50 additions and 2 deletions
|
@ -462,6 +462,30 @@ and "App Secret" for use below.</li>
|
||||||
but it has a <code>response_types_supported</code> which excludes "code" (which we rely on, and
|
but it has a <code>response_types_supported</code> which excludes "code" (which we rely on, and
|
||||||
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
|
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
|
||||||
so we have to disable discovery and configure the URIs manually.</p>
|
so we have to disable discovery and configure the URIs manually.</p>
|
||||||
|
<h3 id="forgejo"><a class="header" href="#forgejo">Forgejo</a></h3>
|
||||||
|
<p>Forgejo is a fork of Gitea that can act as an OAuth2 provider.</p>
|
||||||
|
<p>The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined <code>subject_claim</code> and <code>scopes</code>.</p>
|
||||||
|
<p>Synapse config:</p>
|
||||||
|
<pre><code class="language-yaml">oidc_providers:
|
||||||
|
- idp_id: forgejo
|
||||||
|
idp_name: Forgejo
|
||||||
|
discover: false
|
||||||
|
issuer: "https://your-forgejo.com/"
|
||||||
|
client_id: "your-client-id" # TO BE FILLED
|
||||||
|
client_secret: "your-client-secret" # TO BE FILLED
|
||||||
|
client_auth_method: client_secret_post
|
||||||
|
scopes: ["openid", "profile", "email", "groups"]
|
||||||
|
authorization_endpoint: "https://your-forgejo.com/login/oauth/authorize"
|
||||||
|
token_endpoint: "https://your-forgejo.com/login/oauth/access_token"
|
||||||
|
userinfo_endpoint: "https://your-forgejo.com/api/v1/user"
|
||||||
|
user_mapping_provider:
|
||||||
|
config:
|
||||||
|
subject_claim: "sub"
|
||||||
|
picture_claim: "picture"
|
||||||
|
localpart_template: "{{ user.preferred_username }}"
|
||||||
|
display_name_template: "{{ user.name }}"
|
||||||
|
email_template: "{{ user.email }}"
|
||||||
|
</code></pre>
|
||||||
<h3 id="github"><a class="header" href="#github">GitHub</a></h3>
|
<h3 id="github"><a class="header" href="#github">GitHub</a></h3>
|
||||||
<p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
|
<p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
|
||||||
just a regular OAuth2 provider.</p>
|
just a regular OAuth2 provider.</p>
|
||||||
|
|
|
@ -8749,6 +8749,30 @@ and "App Secret" for use below.</li>
|
||||||
but it has a <code>response_types_supported</code> which excludes "code" (which we rely on, and
|
but it has a <code>response_types_supported</code> which excludes "code" (which we rely on, and
|
||||||
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
|
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
|
||||||
so we have to disable discovery and configure the URIs manually.</p>
|
so we have to disable discovery and configure the URIs manually.</p>
|
||||||
|
<h3 id="forgejo"><a class="header" href="#forgejo">Forgejo</a></h3>
|
||||||
|
<p>Forgejo is a fork of Gitea that can act as an OAuth2 provider.</p>
|
||||||
|
<p>The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined <code>subject_claim</code> and <code>scopes</code>.</p>
|
||||||
|
<p>Synapse config:</p>
|
||||||
|
<pre><code class="language-yaml">oidc_providers:
|
||||||
|
- idp_id: forgejo
|
||||||
|
idp_name: Forgejo
|
||||||
|
discover: false
|
||||||
|
issuer: "https://your-forgejo.com/"
|
||||||
|
client_id: "your-client-id" # TO BE FILLED
|
||||||
|
client_secret: "your-client-secret" # TO BE FILLED
|
||||||
|
client_auth_method: client_secret_post
|
||||||
|
scopes: ["openid", "profile", "email", "groups"]
|
||||||
|
authorization_endpoint: "https://your-forgejo.com/login/oauth/authorize"
|
||||||
|
token_endpoint: "https://your-forgejo.com/login/oauth/access_token"
|
||||||
|
userinfo_endpoint: "https://your-forgejo.com/api/v1/user"
|
||||||
|
user_mapping_provider:
|
||||||
|
config:
|
||||||
|
subject_claim: "sub"
|
||||||
|
picture_claim: "picture"
|
||||||
|
localpart_template: "{{ user.preferred_username }}"
|
||||||
|
display_name_template: "{{ user.name }}"
|
||||||
|
email_template: "{{ user.email }}"
|
||||||
|
</code></pre>
|
||||||
<h3 id="github"><a class="header" href="#github">GitHub</a></h3>
|
<h3 id="github"><a class="header" href="#github">GitHub</a></h3>
|
||||||
<p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
|
<p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
|
||||||
just a regular OAuth2 provider.</p>
|
just a regular OAuth2 provider.</p>
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue