diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2021-12-07 13:31:39 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-12-07 13:31:39 +0100 |
| commit | 0884f89431cd26bcc9674b3b7ab628b090f5881e (patch) | |
| tree | cdd3b3f77f780a8b59d075dbcc3d4d013811e405 /docs/configuration/oidc.md | |
| parent | Update dependencies (#333) (diff) | |
| download | gotosocial-0884f89431cd26bcc9674b3b7ab628b090f5881e.tar.xz | |
Implement Cobra CLI tooling, Viper config tooling (#336)
* start pulling out + replacing urfave and config
* replace many many instances of config
* move more stuff => viper
* properly remove urfave
* move some flags to root command
* add testrig commands to root
* alias config file keys
* start adding cli parsing tests
* reorder viper init
* remove config path alias
* fmt
* change config file keys to non-nested
* we're more or less in business now
* tidy up the common func
* go fmt
* get tests passing again
* add note about the cliparsing tests
* reorganize
* update docs with changes
* structure cmd dir better
* rename + move some files around
* fix dangling comma
Diffstat (limited to 'docs/configuration/oidc.md')
| -rw-r--r-- | docs/configuration/oidc.md | 95 |
1 files changed, 47 insertions, 48 deletions
diff --git a/docs/configuration/oidc.md b/docs/configuration/oidc.md index 6c6bbe94b..e373e48d9 100644 --- a/docs/configuration/oidc.md +++ b/docs/configuration/oidc.md @@ -20,55 +20,54 @@ GoToSocial exposes the following configuration settings for OIDC, shown below wi ####################### # Config for authentication with an external OIDC provider (Dex, Google, Auth0, etc). -oidc: - - # Bool. Enable authentication with external OIDC provider. If set to true, then - # the other OIDC options must be set as well. If this is set to false, then the standard - # internal oauth flow will be used, where users sign in to GtS with username/password. - # Options: [true, false] - # Default: false - enabled: false - - # String. Name of the oidc idp (identity provider). This will be shown to users when - # they log in. - # Examples: ["Google", "Dex", "Auth0"] - # Default: "" - idpName: "" - - # Bool. Skip the normal verification flow of tokens returned from the OIDC provider, ie., - # don't check the expiry or signature. This should only be used in debugging or testing, - # never ever in a production environment as it's extremely unsafe! - # Options: [true, false] - # Default: false - skipVerification: false - # String. The OIDC issuer URI. This is where GtS will redirect users to for login. - # Typically this will look like a standard web URL. - # Examples: ["https://auth.example.org", "https://example.org/auth"] - # Default: "" - issuer: "" - - # String. The ID for this client as registered with the OIDC provider. - # Examples: ["some-client-id", "fda3772a-ad35-41c9-9a59-f1943ad18f54"] - # Default: "" - clientID: "" - - # String. The secret for this client as registered with the OIDC provider. - # Examples: ["super-secret-business", "79379cf5-8057-426d-bb83-af504d98a7b0"] - # Default: "" - clientSecret: "" - - # Array of string. Scopes to request from the OIDC provider. The returned values will be used to - # populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required. - # 'profile' is used to extract a username for the newly created user. - # 'groups' is optional and can be used to determine if a user is an admin (if they're in the group 'admin' or 'admins'). - # Examples: See eg., https://auth0.com/docs/scopes/openid-connect-scopes - # Default: ["openid", "email", "profile", "groups"] - scopes: - - "openid" - - "email" - - "profile" - - "groups" +# Bool. Enable authentication with external OIDC provider. If set to true, then +# the other OIDC options must be set as well. If this is set to false, then the standard +# internal oauth flow will be used, where users sign in to GtS with username/password. +# Options: [true, false] +# Default: false +oidc-enabled: false + +# String. Name of the oidc idp (identity provider). This will be shown to users when +# they log in. +# Examples: ["Google", "Dex", "Auth0"] +# Default: "" +oidc-idp-name: "" + +# Bool. Skip the normal verification flow of tokens returned from the OIDC provider, ie., +# don't check the expiry or signature. This should only be used in debugging or testing, +# never ever in a production environment as it's extremely unsafe! +# Options: [true, false] +# Default: false +oidc-skip-verification: false + +# String. The OIDC issuer URI. This is where GtS will redirect users to for login. +# Typically this will look like a standard web URL. +# Examples: ["https://auth.example.org", "https://example.org/auth"] +# Default: "" +oidc-issuer: "" + +# String. The ID for this client as registered with the OIDC provider. +# Examples: ["some-client-id", "fda3772a-ad35-41c9-9a59-f1943ad18f54"] +# Default: "" +oidc-client-id: "" + +# String. The secret for this client as registered with the OIDC provider. +# Examples: ["super-secret-business", "79379cf5-8057-426d-bb83-af504d98a7b0"] +# Default: "" +oidc-client-secret: "" + +# Array of string. Scopes to request from the OIDC provider. The returned values will be used to +# populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required. +# 'profile' is used to extract a username for the newly created user. +# 'groups' is optional and can be used to determine if a user is an admin (if they're in the group 'admin' or 'admins'). +# Examples: See eg., https://auth0.com/docs/scopes/openid-connect-scopes +# Default: ["openid", "email", "profile", "groups"] +oidc-scopes: + - "openid" + - "email" + - "profile" + - "groups" ``` ## Behavior |