From 6e52db76dcc020f4492731f1823bf7a94b4cb951 Mon Sep 17 00:00:00 2001 From: Daniel Herrmann Date: Sat, 9 Mar 2024 21:46:52 +0100 Subject: [PATCH] docs: clarify what to use for authurl --- docs/content/doc/setup/openid.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/content/doc/setup/openid.md b/docs/content/doc/setup/openid.md index 98ccbba5a..320c2a725 100644 --- a/docs/content/doc/setup/openid.md +++ b/docs/content/doc/setup/openid.md @@ -51,7 +51,7 @@ In general, this involves the following steps at a minimum: - Make sure the required scopes (`openid profile email` are the default scopes used by Vikunja) are supported - Optional: configure an additional scope for automatic team assignment, see below for details -More detailled instructions for various different identity providers can be [found here]({{< ref "openid-examples.md">}}) +More detailed instructions for various different identity providers can be [found here]({{< ref "openid-examples.md">}}) ### Step 2: Configure Vikunja @@ -64,13 +64,17 @@ auth: redirecturl: https://vikunja.mydomain.com/auth/openid/ <---- slash at the end is important providers: - name: - authurl: + authurl: <----- Used for OIDC Discovery, usually the issuer clientid: clientsecret: scope: openid profile email ``` -The values for `authurl` can be obtained from the Metadata of your provider, while `clientid` and `clientsecret` are obtained when configuring the client. +The value for `authurl` can be obtained from the metadata of your provider. +Note that the `authurl` is used for [OIDC Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html). +Typically, you'll want to use the `issuer` URL as found in the provider metadata. + +The values for `clientid` and `clientsecret` are typically obtained when configuring the client. The scope usually doesn't need to be specified or changed, unless you want to configure the automatic team assignment. Optionally it is possible to disable local authentication and therefore forcing users to login via OpenID connect: