forked from vikunja/vikunja
docs: clarify what to use for authurl
This commit is contained in:
parent
c5e8ff66fb
commit
6e52db76dc
|
@ -51,7 +51,7 @@ In general, this involves the following steps at a minimum:
|
||||||
- Make sure the required scopes (`openid profile email` are the default scopes used by Vikunja) are supported
|
- Make sure the required scopes (`openid profile email` are the default scopes used by Vikunja) are supported
|
||||||
- Optional: configure an additional scope for automatic team assignment, see below for details
|
- Optional: configure an additional scope for automatic team assignment, see below for details
|
||||||
|
|
||||||
More detailled instructions for various different identity providers can be [found here]({{< ref "openid-examples.md">}})
|
More detailed instructions for various different identity providers can be [found here]({{< ref "openid-examples.md">}})
|
||||||
|
|
||||||
### Step 2: Configure Vikunja
|
### Step 2: Configure Vikunja
|
||||||
|
|
||||||
|
@ -64,13 +64,17 @@ auth:
|
||||||
redirecturl: https://vikunja.mydomain.com/auth/openid/ <---- slash at the end is important
|
redirecturl: https://vikunja.mydomain.com/auth/openid/ <---- slash at the end is important
|
||||||
providers:
|
providers:
|
||||||
- name: <provider-name>
|
- name: <provider-name>
|
||||||
authurl: <auth-url>
|
authurl: <auth-url> <----- Used for OIDC Discovery, usually the issuer
|
||||||
clientid: <vikunja client-id>
|
clientid: <vikunja client-id>
|
||||||
clientsecret: <vikunja client-secret>
|
clientsecret: <vikunja client-secret>
|
||||||
scope: openid profile email
|
scope: openid profile email
|
||||||
```
|
```
|
||||||
|
|
||||||
The values for `authurl` can be obtained from the Metadata of your provider, while `clientid` and `clientsecret` are obtained when configuring the client.
|
The value for `authurl` can be obtained from the metadata of your provider.
|
||||||
|
Note that the `authurl` is used for [OIDC Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html).
|
||||||
|
Typically, you'll want to use the `issuer` URL as found in the provider metadata.
|
||||||
|
|
||||||
|
The values for `clientid` and `clientsecret` are typically obtained when configuring the client.
|
||||||
The scope usually doesn't need to be specified or changed, unless you want to configure the automatic team assignment.
|
The scope usually doesn't need to be specified or changed, unless you want to configure the automatic team assignment.
|
||||||
|
|
||||||
Optionally it is possible to disable local authentication and therefore forcing users to login via OpenID connect:
|
Optionally it is possible to disable local authentication and therefore forcing users to login via OpenID connect:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user