docs: implement requested doc changes

This commit is contained in:
Daniel Herrmann 2024-03-03 23:03:15 +01:00
parent fe262014d3
commit 6987ddae2a
2 changed files with 3 additions and 8 deletions

View File

@ -28,7 +28,6 @@ openid:
authurl: https://login.mydomain.com
clientid: <vikunja-id>
clientsecret: <vikunja secret>
scope: openid email profile
```
Authelia config:
@ -58,7 +57,6 @@ openid:
authurl: https://accounts.google.com
clientid: <google-oauth-client-id>
clientsecret: <google-oauth-client-secret>
scope: openid email profile
```
Google config:
@ -82,7 +80,6 @@ openid:
logouturl: https://keycloak.mydomain.com/realms/<relam-name>/protocol/openid-connect/logout
clientid: <vikunja-id>
clientsecret: <vikunja secret>
scope: openid email profile
```
Keycloak Config:
- Navigate to the keycloak instance
@ -112,11 +109,9 @@ auth:
logouturl: "https://authentik.mydomain.com/application/o/vikunja/end-session/"
clientid: "" # copy from Authetik
clientsecret: "" # copy from Authentik
scope: openid email profile
```
**Note:** The `authurl` that Vikunja requires is not the `Authorize URL` that you can see in the Provider.
Vikunja uses OpenID Discovery to find the correct endpoint to use.
Vikunja does this automatically by accessing the `OpenID Configuration URL` (usually `https://authentik.mydomain.com/application/o/vikunja/.well-known/openid-configuration`).
OpenID Discovery is used to find the correct endpoint to use automatically, by accessing the `OpenID Configuration URL` (usually `https://authentik.mydomain.com/application/o/vikunja/.well-known/openid-configuration`).
Use this URL without the `.well-known/openid-configuration` as the `authurl`.
Typically this URL can be found in the metadata section within your identity provider.

View File

@ -55,7 +55,7 @@ More detailled instructions for various different identity providers can be [fou
### Step 2: Configure Vikunja
Vikunja has to be configured to use the identity provider. The general configuration is structured as follows:
Vikunja has to be configured to use the identity provider. Please note that there is currently no option to configure these settings via environment variables, they have to be defined using the configuration file. The configuration schema is as follows:
```yaml
auth:
@ -73,7 +73,7 @@ auth:
The values for `authurl` can be obtained from the Metadata of your provider, while `clientid` and `clientsecret` are obtained when configuring the client.
The scope usually doesn't need to be specified or changed, unless you want to configure the automatic team assignment.
Once you're confident that the external authentication works and you want to disable local accounts, this can be done by configuring:
Optionally it is possible to disable local authentication and therefore forcing users to login via OpenID connect:
```yaml
auth: