deploy: b0352f9c08
This commit is contained in:
parent
e58a7087c6
commit
2f8c31c0f6
|
@ -533,8 +533,6 @@ https://developers.google.com/identity/protocols/oauth2/openid-connect#appsetup)
|
||||||
display_name_template: '{{ user.name }}'
|
display_name_template: '{{ user.name }}'
|
||||||
</code></pre>
|
</code></pre>
|
||||||
<h3 id="facebook"><a class="header" href="#facebook">Facebook</a></h3>
|
<h3 id="facebook"><a class="header" href="#facebook">Facebook</a></h3>
|
||||||
<p>Like Github, Facebook provide a custom OAuth2 API rather than an OIDC-compliant
|
|
||||||
one so requires a little more configuration.</p>
|
|
||||||
<ol start="0">
|
<ol start="0">
|
||||||
<li>You will need a Facebook developer account. You can register for one
|
<li>You will need a Facebook developer account. You can register for one
|
||||||
<a href="https://developers.facebook.com/async/registration/">here</a>.</li>
|
<a href="https://developers.facebook.com/async/registration/">here</a>.</li>
|
||||||
|
@ -556,25 +554,28 @@ and "App Secret" for use below.</li>
|
||||||
idp_name: Facebook
|
idp_name: Facebook
|
||||||
idp_brand: "facebook" # optional: styling hint for clients
|
idp_brand: "facebook" # optional: styling hint for clients
|
||||||
discover: false
|
discover: false
|
||||||
issuer: "https://facebook.com"
|
issuer: "https://www.facebook.com"
|
||||||
client_id: "your-client-id" # TO BE FILLED
|
client_id: "your-client-id" # TO BE FILLED
|
||||||
client_secret: "your-client-secret" # TO BE FILLED
|
client_secret: "your-client-secret" # TO BE FILLED
|
||||||
scopes: ["openid", "email"]
|
scopes: ["openid", "email"]
|
||||||
authorization_endpoint: https://facebook.com/dialog/oauth
|
authorization_endpoint: "https://facebook.com/dialog/oauth"
|
||||||
token_endpoint: https://graph.facebook.com/v9.0/oauth/access_token
|
token_endpoint: "https://graph.facebook.com/v9.0/oauth/access_token"
|
||||||
user_profile_method: "userinfo_endpoint"
|
jwks_uri: "https://www.facebook.com/.well-known/oauth/openid/jwks/"
|
||||||
userinfo_endpoint: "https://graph.facebook.com/v9.0/me?fields=id,name,email,picture"
|
|
||||||
user_mapping_provider:
|
user_mapping_provider:
|
||||||
config:
|
config:
|
||||||
subject_claim: "id"
|
|
||||||
display_name_template: "{{ user.name }}"
|
display_name_template: "{{ user.name }}"
|
||||||
|
email_template: "{{ '{{ user.email }}' }}"
|
||||||
</code></pre>
|
</code></pre>
|
||||||
<p>Relevant documents:</p>
|
<p>Relevant documents:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow</li>
|
<li><a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow">Manually Build a Login Flow</a></li>
|
||||||
<li>Using Facebook's Graph API: https://developers.facebook.com/docs/graph-api/using-graph-api/</li>
|
<li><a href="https://developers.facebook.com/docs/graph-api/using-graph-api/">Using Facebook's Graph API</a></li>
|
||||||
<li>Reference to the User endpoint: https://developers.facebook.com/docs/graph-api/reference/user</li>
|
<li><a href="https://developers.facebook.com/docs/graph-api/reference/user">Reference to the User endpoint</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
|
<p>Facebook do have an <a href="https://www.facebook.com/.well-known/openid-configuration">OIDC discovery endpoint</a>,
|
||||||
|
but it has a <code>response_types_supported</code> which excludes "code" (which we rely on, and
|
||||||
|
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
|
||||||
|
so we have to disable discovery and configure the URIs manually.</p>
|
||||||
<h3 id="gitea"><a class="header" href="#gitea">Gitea</a></h3>
|
<h3 id="gitea"><a class="header" href="#gitea">Gitea</a></h3>
|
||||||
<p>Gitea is, like Github, not an OpenID provider, but just an OAuth2 provider.</p>
|
<p>Gitea is, like Github, not an OpenID provider, but just an OAuth2 provider.</p>
|
||||||
<p>The <a href="https://try.gitea.io/api/swagger#/user/userGetCurrent"><code>/user</code> API endpoint</a>
|
<p>The <a href="https://try.gitea.io/api/swagger#/user/userGetCurrent"><code>/user</code> API endpoint</a>
|
||||||
|
|
|
@ -4991,10 +4991,13 @@ saml2_config:
|
||||||
# Defaults to false. Avoid this in production.
|
# Defaults to false. Avoid this in production.
|
||||||
#
|
#
|
||||||
# user_profile_method: Whether to fetch the user profile from the userinfo
|
# user_profile_method: Whether to fetch the user profile from the userinfo
|
||||||
# endpoint. Valid values are: 'auto' or 'userinfo_endpoint'.
|
# endpoint, or to rely on the data returned in the id_token from the
|
||||||
|
# token_endpoint.
|
||||||
#
|
#
|
||||||
# Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is
|
# Valid values are: 'auto' or 'userinfo_endpoint'.
|
||||||
# included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the
|
#
|
||||||
|
# Defaults to 'auto', which uses the userinfo endpoint if 'openid' is
|
||||||
|
# not included in 'scopes'. Set to 'userinfo_endpoint' to always use the
|
||||||
# userinfo endpoint.
|
# userinfo endpoint.
|
||||||
#
|
#
|
||||||
# allow_existing_users: set to 'true' to allow a user logging in via OIDC to
|
# allow_existing_users: set to 'true' to allow a user logging in via OIDC to
|
||||||
|
@ -6681,8 +6684,6 @@ https://developers.google.com/identity/protocols/oauth2/openid-connect#appsetup)
|
||||||
display_name_template: '{{ user.name }}'
|
display_name_template: '{{ user.name }}'
|
||||||
</code></pre>
|
</code></pre>
|
||||||
<h3 id="facebook"><a class="header" href="#facebook">Facebook</a></h3>
|
<h3 id="facebook"><a class="header" href="#facebook">Facebook</a></h3>
|
||||||
<p>Like Github, Facebook provide a custom OAuth2 API rather than an OIDC-compliant
|
|
||||||
one so requires a little more configuration.</p>
|
|
||||||
<ol start="0">
|
<ol start="0">
|
||||||
<li>You will need a Facebook developer account. You can register for one
|
<li>You will need a Facebook developer account. You can register for one
|
||||||
<a href="https://developers.facebook.com/async/registration/">here</a>.</li>
|
<a href="https://developers.facebook.com/async/registration/">here</a>.</li>
|
||||||
|
@ -6704,25 +6705,28 @@ and "App Secret" for use below.</li>
|
||||||
idp_name: Facebook
|
idp_name: Facebook
|
||||||
idp_brand: "facebook" # optional: styling hint for clients
|
idp_brand: "facebook" # optional: styling hint for clients
|
||||||
discover: false
|
discover: false
|
||||||
issuer: "https://facebook.com"
|
issuer: "https://www.facebook.com"
|
||||||
client_id: "your-client-id" # TO BE FILLED
|
client_id: "your-client-id" # TO BE FILLED
|
||||||
client_secret: "your-client-secret" # TO BE FILLED
|
client_secret: "your-client-secret" # TO BE FILLED
|
||||||
scopes: ["openid", "email"]
|
scopes: ["openid", "email"]
|
||||||
authorization_endpoint: https://facebook.com/dialog/oauth
|
authorization_endpoint: "https://facebook.com/dialog/oauth"
|
||||||
token_endpoint: https://graph.facebook.com/v9.0/oauth/access_token
|
token_endpoint: "https://graph.facebook.com/v9.0/oauth/access_token"
|
||||||
user_profile_method: "userinfo_endpoint"
|
jwks_uri: "https://www.facebook.com/.well-known/oauth/openid/jwks/"
|
||||||
userinfo_endpoint: "https://graph.facebook.com/v9.0/me?fields=id,name,email,picture"
|
|
||||||
user_mapping_provider:
|
user_mapping_provider:
|
||||||
config:
|
config:
|
||||||
subject_claim: "id"
|
|
||||||
display_name_template: "{{ user.name }}"
|
display_name_template: "{{ user.name }}"
|
||||||
|
email_template: "{{ '{{ user.email }}' }}"
|
||||||
</code></pre>
|
</code></pre>
|
||||||
<p>Relevant documents:</p>
|
<p>Relevant documents:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow</li>
|
<li><a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow">Manually Build a Login Flow</a></li>
|
||||||
<li>Using Facebook's Graph API: https://developers.facebook.com/docs/graph-api/using-graph-api/</li>
|
<li><a href="https://developers.facebook.com/docs/graph-api/using-graph-api/">Using Facebook's Graph API</a></li>
|
||||||
<li>Reference to the User endpoint: https://developers.facebook.com/docs/graph-api/reference/user</li>
|
<li><a href="https://developers.facebook.com/docs/graph-api/reference/user">Reference to the User endpoint</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
|
<p>Facebook do have an <a href="https://www.facebook.com/.well-known/openid-configuration">OIDC discovery endpoint</a>,
|
||||||
|
but it has a <code>response_types_supported</code> which excludes "code" (which we rely on, and
|
||||||
|
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
|
||||||
|
so we have to disable discovery and configure the URIs manually.</p>
|
||||||
<h3 id="gitea"><a class="header" href="#gitea">Gitea</a></h3>
|
<h3 id="gitea"><a class="header" href="#gitea">Gitea</a></h3>
|
||||||
<p>Gitea is, like Github, not an OpenID provider, but just an OAuth2 provider.</p>
|
<p>Gitea is, like Github, not an OpenID provider, but just an OAuth2 provider.</p>
|
||||||
<p>The <a href="https://try.gitea.io/api/swagger#/user/userGetCurrent"><code>/user</code> API endpoint</a>
|
<p>The <a href="https://try.gitea.io/api/swagger#/user/userGetCurrent"><code>/user</code> API endpoint</a>
|
||||||
|
|
|
@ -1877,10 +1877,13 @@ saml2_config:
|
||||||
# Defaults to false. Avoid this in production.
|
# Defaults to false. Avoid this in production.
|
||||||
#
|
#
|
||||||
# user_profile_method: Whether to fetch the user profile from the userinfo
|
# user_profile_method: Whether to fetch the user profile from the userinfo
|
||||||
# endpoint. Valid values are: 'auto' or 'userinfo_endpoint'.
|
# endpoint, or to rely on the data returned in the id_token from the
|
||||||
|
# token_endpoint.
|
||||||
#
|
#
|
||||||
# Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is
|
# Valid values are: 'auto' or 'userinfo_endpoint'.
|
||||||
# included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the
|
#
|
||||||
|
# Defaults to 'auto', which uses the userinfo endpoint if 'openid' is
|
||||||
|
# not included in 'scopes'. Set to 'userinfo_endpoint' to always use the
|
||||||
# userinfo endpoint.
|
# userinfo endpoint.
|
||||||
#
|
#
|
||||||
# allow_existing_users: set to 'true' to allow a user logging in via OIDC to
|
# allow_existing_users: set to 'true' to allow a user logging in via OIDC to
|
||||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -2069,10 +2069,13 @@ saml2_config:
|
||||||
# Defaults to false. Avoid this in production.
|
# Defaults to false. Avoid this in production.
|
||||||
#
|
#
|
||||||
# user_profile_method: Whether to fetch the user profile from the userinfo
|
# user_profile_method: Whether to fetch the user profile from the userinfo
|
||||||
# endpoint. Valid values are: 'auto' or 'userinfo_endpoint'.
|
# endpoint, or to rely on the data returned in the id_token from the
|
||||||
|
# token_endpoint.
|
||||||
#
|
#
|
||||||
# Defaults to 'auto', which fetches the userinfo endpoint if 'openid' is
|
# Valid values are: 'auto' or 'userinfo_endpoint'.
|
||||||
# included in 'scopes'. Set to 'userinfo_endpoint' to always fetch the
|
#
|
||||||
|
# Defaults to 'auto', which uses the userinfo endpoint if 'openid' is
|
||||||
|
# not included in 'scopes'. Set to 'userinfo_endpoint' to always use the
|
||||||
# userinfo endpoint.
|
# userinfo endpoint.
|
||||||
#
|
#
|
||||||
# allow_existing_users: set to 'true' to allow a user logging in via OIDC to
|
# allow_existing_users: set to 'true' to allow a user logging in via OIDC to
|
||||||
|
|
Loading…
Reference in New Issue