Commit c6d708d5 authored by Lars Kruse's avatar Lars Kruse
Browse files

docs(oauth): describe OIDC configuration for matrix_chat

parent 5bd8d33f
Pipeline #3138 failed with stages
in 1 minute and 59 seconds
......@@ -89,3 +89,40 @@ in your grouprise settings file (e.g. `/etc/grouprise/settings.py`):
`select token from access_tokens where user_id='@USERNAME:MATRIX_DOMAIN';`.
* `ADMIN_API_URL`: An API URL of the Matrix instance, which accepts Synapse admin requests
(e.g. `/_synapse/admin`). Defaults to `http://localhost:8008`.
# OIDC setup
TODO
* `apt install python3-authlib`
* matrix-synapse requires this module, if OIDC is enabled
* `apt install python3-django-oauth-toolkit`
* TODO: sadly v1.5.0 (required for OIDC) is not part of Debian at the moment
* create an OAuth application via Django's admin interface (`/stadt/admin`):
* User: empty
* Redirect URL: `https://gestadten.org:8448/_synapse/client/oidc/callback`
* Client Type: *confidential*
* Authorization Type: Authorization Code
* Name: *matrix_chat*
* Skip Authorization: true
* Algorithm: RSA
* matrix-synapse configuration:
```yaml
oidc_providers:
- idp_id: example
idp_name: example.org
discover: true
issuer: "https://example.org/stadt/oauth/"
client_id: "SEE_GROUPRISE_OAUTH_APPLICATION"
client_secret: "SEE_GROUPRISE_OAUTH_APPLICATION"
client_auth_method: client_secret_post
scopes: ["openid"]
skip_verification: true
user_mapping_provider:
config:
subject_claim: "id"
localpart_template: "{{ user.id }}"
display_name_template: "{{ user.display_name }}"
email_template: "{{ user.email }}"
```
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment