From 199b685f430910910e43476caa9ccec6a441d020 Mon Sep 17 00:00:00 2001
From: Dominik Süß <dominik@suess.wtf>
Date: Tue, 6 Dec 2022 14:15:56 +0100
Subject: [feature] overhaul the oidc system (#961)

* [feature] overhaul the oidc system

this allows for more flexible username handling and prevents account
takeover using old email addresses

* [feature] add migration path for old OIDC users

* [feature] nicer error reporting for users

* [docs] document the new OIDC flow

* [fix] return early on oidc error

* [docs]: add comments on the finalization logic
---
 example/config.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'example')

diff --git a/example/config.yaml b/example/config.yaml
index cd5b0b274..a6294431e 100644
--- a/example/config.yaml
+++ b/example/config.yaml
@@ -490,6 +490,13 @@ oidc-scopes:
   - "profile"
   - "groups"
 
+# Bool. Link OIDC authenticated users to existing ones based on their email address.
+# This is mostly intended for migration purposes if you were running previous versions of GTS
+# which only correlated users with their email address. Should be set to false for most usecases.
+# Options: [true, false]
+# Default: false
+oidc-link-existing: false
+
 #######################
 ##### SMTP CONFIG #####
 #######################
-- 
cgit v1.3