mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-29 15:39:00 +03:00
deploy: d69bf3b24c
This commit is contained in:
parent
3a67f11e2b
commit
ded15356f7
4 changed files with 64 additions and 2 deletions
|
@ -676,6 +676,37 @@ needed to add OAuth2 capabilities to your Django projects. It supports
|
||||||
display_name_template: "{{ user.first_name }} {{ user.last_name }}"
|
display_name_template: "{{ user.first_name }} {{ user.last_name }}"
|
||||||
email_template: "{{ user.email }}"
|
email_template: "{{ user.email }}"
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
<h3 id="mastodon"><a class="header" href="#mastodon">Mastodon</a></h3>
|
||||||
|
<p><a href="https://docs.joinmastodon.org/">Mastodon</a> instances provide an <a href="https://docs.joinmastodon.org/spec/oauth/">OAuth API</a>, allowing those instances to be used as a single sign-on provider for Synapse.</p>
|
||||||
|
<p>The first step is to register Synapse as an application with your Mastodon instance, using the <a href="https://docs.joinmastodon.org/methods/apps/#create">Create an application API</a> (see also <a href="https://docs.joinmastodon.org/client/token/">here</a>). There are several ways to do this, but in the example below we are using CURL.</p>
|
||||||
|
<p>This example assumes that:</p>
|
||||||
|
<ul>
|
||||||
|
<li>the Mastodon instance website URL is <code>https://your.mastodon.instance.url</code>, and</li>
|
||||||
|
<li>Synapse will be registered as an app named <code>my_synapse_app</code>.</li>
|
||||||
|
</ul>
|
||||||
|
<p>Send the following request, substituting the value of <code>synapse_public_baseurl</code> from your Synapse installation.</p>
|
||||||
|
<pre><code class="language-sh">curl -d "client_name=my_synapse_app&redirect_uris=https://[synapse_public_baseurl]/_synapse/client/oidc/callback" -X POST https://your.mastodon.instance.url/api/v1/apps
|
||||||
|
</code></pre>
|
||||||
|
<p>You should receive a response similar to the following. Make sure to save it.</p>
|
||||||
|
<pre><code class="language-json">{"client_id":"someclientid_123","client_secret":"someclientsecret_123","id":"12345","name":"my_synapse_app","redirect_uri":"https://[synapse_public_baseurl]/_synapse/client/oidc/callback","website":null,"vapid_key":"somerandomvapidkey_123"}
|
||||||
|
</code></pre>
|
||||||
|
<p>As the Synapse login mechanism needs an attribute to uniquely identify users, and Mastodon's endpoint does not return a <code>sub</code> property, an alternative <code>subject_claim</code> has to be set. Your Synapse configuration should include the following:</p>
|
||||||
|
<pre><code class="language-yaml">oidc_providers:
|
||||||
|
- idp_id: my_mastodon
|
||||||
|
idp_name: "Mastodon Instance Example"
|
||||||
|
discover: false
|
||||||
|
issuer: "https://your.mastodon.instance.url/@admin"
|
||||||
|
client_id: "someclientid_123"
|
||||||
|
client_secret: "someclientsecret_123"
|
||||||
|
authorization_endpoint: "https://your.mastodon.instance.url/oauth/authorize"
|
||||||
|
token_endpoint: "https://your.mastodon.instance.url/oauth/token"
|
||||||
|
userinfo_endpoint: "https://your.mastodon.instance.url/api/v1/accounts/verify_credentials"
|
||||||
|
scopes: ["read"]
|
||||||
|
user_mapping_provider:
|
||||||
|
config:
|
||||||
|
subject_claim: "id"
|
||||||
|
</code></pre>
|
||||||
|
<p>Note that the fields <code>client_id</code> and <code>client_secret</code> are taken from the CURL response above.</p>
|
||||||
|
|
||||||
</main>
|
</main>
|
||||||
|
|
||||||
|
|
|
@ -7915,6 +7915,37 @@ needed to add OAuth2 capabilities to your Django projects. It supports
|
||||||
display_name_template: "{{ user.first_name }} {{ user.last_name }}"
|
display_name_template: "{{ user.first_name }} {{ user.last_name }}"
|
||||||
email_template: "{{ user.email }}"
|
email_template: "{{ user.email }}"
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
<h3 id="mastodon"><a class="header" href="#mastodon">Mastodon</a></h3>
|
||||||
|
<p><a href="https://docs.joinmastodon.org/">Mastodon</a> instances provide an <a href="https://docs.joinmastodon.org/spec/oauth/">OAuth API</a>, allowing those instances to be used as a single sign-on provider for Synapse.</p>
|
||||||
|
<p>The first step is to register Synapse as an application with your Mastodon instance, using the <a href="https://docs.joinmastodon.org/methods/apps/#create">Create an application API</a> (see also <a href="https://docs.joinmastodon.org/client/token/">here</a>). There are several ways to do this, but in the example below we are using CURL.</p>
|
||||||
|
<p>This example assumes that:</p>
|
||||||
|
<ul>
|
||||||
|
<li>the Mastodon instance website URL is <code>https://your.mastodon.instance.url</code>, and</li>
|
||||||
|
<li>Synapse will be registered as an app named <code>my_synapse_app</code>.</li>
|
||||||
|
</ul>
|
||||||
|
<p>Send the following request, substituting the value of <code>synapse_public_baseurl</code> from your Synapse installation.</p>
|
||||||
|
<pre><code class="language-sh">curl -d "client_name=my_synapse_app&redirect_uris=https://[synapse_public_baseurl]/_synapse/client/oidc/callback" -X POST https://your.mastodon.instance.url/api/v1/apps
|
||||||
|
</code></pre>
|
||||||
|
<p>You should receive a response similar to the following. Make sure to save it.</p>
|
||||||
|
<pre><code class="language-json">{"client_id":"someclientid_123","client_secret":"someclientsecret_123","id":"12345","name":"my_synapse_app","redirect_uri":"https://[synapse_public_baseurl]/_synapse/client/oidc/callback","website":null,"vapid_key":"somerandomvapidkey_123"}
|
||||||
|
</code></pre>
|
||||||
|
<p>As the Synapse login mechanism needs an attribute to uniquely identify users, and Mastodon's endpoint does not return a <code>sub</code> property, an alternative <code>subject_claim</code> has to be set. Your Synapse configuration should include the following:</p>
|
||||||
|
<pre><code class="language-yaml">oidc_providers:
|
||||||
|
- idp_id: my_mastodon
|
||||||
|
idp_name: "Mastodon Instance Example"
|
||||||
|
discover: false
|
||||||
|
issuer: "https://your.mastodon.instance.url/@admin"
|
||||||
|
client_id: "someclientid_123"
|
||||||
|
client_secret: "someclientsecret_123"
|
||||||
|
authorization_endpoint: "https://your.mastodon.instance.url/oauth/authorize"
|
||||||
|
token_endpoint: "https://your.mastodon.instance.url/oauth/token"
|
||||||
|
userinfo_endpoint: "https://your.mastodon.instance.url/api/v1/accounts/verify_credentials"
|
||||||
|
scopes: ["read"]
|
||||||
|
user_mapping_provider:
|
||||||
|
config:
|
||||||
|
subject_claim: "id"
|
||||||
|
</code></pre>
|
||||||
|
<p>Note that the fields <code>client_id</code> and <code>client_secret</code> are taken from the CURL response above.</p>
|
||||||
<div style="break-before: page; page-break-before: always;"></div><h1 id="saml"><a class="header" href="#saml">SAML</a></h1>
|
<div style="break-before: page; page-break-before: always;"></div><h1 id="saml"><a class="header" href="#saml">SAML</a></h1>
|
||||||
<p>Synapse supports authenticating users via the <a href="https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language">Security Assertion
|
<p>Synapse supports authenticating users via the <a href="https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language">Security Assertion
|
||||||
Markup Language</a>
|
Markup Language</a>
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue