forked from vikunja/vikunja
adding authentik setup to openid-examples, some work in documentation
This commit is contained in:
parent
5d5ea971c7
commit
03fd257138
|
@ -326,7 +326,7 @@ auth:
|
||||||
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
|
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
|
||||||
clientsecret:
|
clientsecret:
|
||||||
# The scope necessary to use oidc.
|
# The scope necessary to use oidc.
|
||||||
# If you want to use the Feature to create and assign to vikunja teams via oidc, you have to add the custom "vikunja_scope" and check [openid.md](https://vikunja.io/docs/openid/)
|
# If you want to use the Feature to create and assign to vikunja teams via oidc, you have to add the custom "vikunja_scope" and check [openid.md](https://vikunja.io/docs/openid/).
|
||||||
# e.g. scope: openid email profile vikunja_scope
|
# e.g. scope: openid email profile vikunja_scope
|
||||||
scope: openid email profile
|
scope: openid email profile
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Teams which exist only because they were created from oidc attributes are not ed
|
||||||
|
|
||||||
To distinguish between teams created in Vikunja and teams generated automatically via oidc, generated teams have an `oidcID` assigned internally.
|
To distinguish between teams created in Vikunja and teams generated automatically via oidc, generated teams have an `oidcID` assigned internally.
|
||||||
|
|
||||||
You need to make sure the OpenID provider has the `vikunja_groups` scope via your custom scope since this is the key Vikunja is looking for to start the procedure.
|
You need to make sure the OpenID provider has the `vikunja_groups` scope via your custom scope since this is the key, which is looked up by Vikunja to start the procedure.
|
||||||
|
|
||||||
Additionally, make sure to deliver an `oidcID` and a `name` attribute in the oidc token.
|
Additionally, make sure to deliver an `oidcID` and a `name` attribute in the oidc token.
|
||||||
|
|
||||||
|
@ -26,7 +26,7 @@ To use Authentik's group assignment feature, follow these steps:
|
||||||
|
|
||||||
1. Edit [your config]({{< ref "config.md">}}) to include the following scopes: `openid profile email vikunja_scope`
|
1. Edit [your config]({{< ref "config.md">}}) to include the following scopes: `openid profile email vikunja_scope`
|
||||||
2. Open `<your authentik url>/if/admin/#/core/property-mappings`
|
2. Open `<your authentik url>/if/admin/#/core/property-mappings`
|
||||||
3. Create a new mapping called `vikunja_scope`. There is a field to enter python expressions that will be delivered with the oidc token.
|
3. Create a new property mapping called `vikunja_scope` as scope mapping. There is a field `expression` to enter python expressions that will be delivered with the oidc token.
|
||||||
4. Write a small script like the following to add group information to `vikunja_scope`:
|
4. Write a small script like the following to add group information to `vikunja_scope`:
|
||||||
|
|
||||||
```python
|
```python
|
||||||
|
|
Loading…
Reference in New Issue
Block a user