deploy: ac429050bc
This commit is contained in:
parent
f91ab88bb5
commit
31d72b6987
|
@ -207,7 +207,8 @@ for a server admin: see <a href="../usage/administration/admin_api/">Admin API</
|
|||
}
|
||||
],
|
||||
"user_type": null,
|
||||
"locked": false
|
||||
"locked": false,
|
||||
"suspended": false
|
||||
}
|
||||
</code></pre>
|
||||
<p>URL parameters:</p>
|
||||
|
|
|
@ -462,6 +462,30 @@ and "App Secret" for use below.</li>
|
|||
but it has a <code>response_types_supported</code> which excludes "code" (which we rely on, and
|
||||
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
|
||||
so we have to disable discovery and configure the URIs manually.</p>
|
||||
<h3 id="forgejo"><a class="header" href="#forgejo">Forgejo</a></h3>
|
||||
<p>Forgejo is a fork of Gitea that can act as an OAuth2 provider.</p>
|
||||
<p>The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined <code>subject_claim</code> and <code>scopes</code>.</p>
|
||||
<p>Synapse config:</p>
|
||||
<pre><code class="language-yaml">oidc_providers:
|
||||
- idp_id: forgejo
|
||||
idp_name: Forgejo
|
||||
discover: false
|
||||
issuer: "https://your-forgejo.com/"
|
||||
client_id: "your-client-id" # TO BE FILLED
|
||||
client_secret: "your-client-secret" # TO BE FILLED
|
||||
client_auth_method: client_secret_post
|
||||
scopes: ["openid", "profile", "email", "groups"]
|
||||
authorization_endpoint: "https://your-forgejo.com/login/oauth/authorize"
|
||||
token_endpoint: "https://your-forgejo.com/login/oauth/access_token"
|
||||
userinfo_endpoint: "https://your-forgejo.com/api/v1/user"
|
||||
user_mapping_provider:
|
||||
config:
|
||||
subject_claim: "sub"
|
||||
picture_claim: "picture"
|
||||
localpart_template: "{{ user.preferred_username }}"
|
||||
display_name_template: "{{ user.name }}"
|
||||
email_template: "{{ user.email }}"
|
||||
</code></pre>
|
||||
<h3 id="github"><a class="header" href="#github">GitHub</a></h3>
|
||||
<p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
|
||||
just a regular OAuth2 provider.</p>
|
||||
|
|
|
@ -1877,7 +1877,7 @@ v1.61.0.</p>
|
|||
<tr><td>v1.85.0 – v1.91.2</td><td>v1.83.0</td></tr>
|
||||
<tr><td>v1.92.0 – v1.97.0</td><td>v1.90.0</td></tr>
|
||||
<tr><td>v1.98.0 – v1.105.0</td><td>v1.96.0</td></tr>
|
||||
<tr><td>v1.105.1 – v1.120.2</td><td>v1.100.0</td></tr>
|
||||
<tr><td>v1.105.1 – v1.121.1</td><td>v1.100.0</td></tr>
|
||||
</tbody></table>
|
||||
<h2 id="upgrading-from-a-very-old-version"><a class="header" href="#upgrading-from-a-very-old-version">Upgrading from a very old version</a></h2>
|
||||
<p>You need to read all of the upgrade notes for each version between your current
|
||||
|
@ -8749,6 +8749,30 @@ and "App Secret" for use below.</li>
|
|||
but it has a <code>response_types_supported</code> which excludes "code" (which we rely on, and
|
||||
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
|
||||
so we have to disable discovery and configure the URIs manually.</p>
|
||||
<h3 id="forgejo"><a class="header" href="#forgejo">Forgejo</a></h3>
|
||||
<p>Forgejo is a fork of Gitea that can act as an OAuth2 provider.</p>
|
||||
<p>The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined <code>subject_claim</code> and <code>scopes</code>.</p>
|
||||
<p>Synapse config:</p>
|
||||
<pre><code class="language-yaml">oidc_providers:
|
||||
- idp_id: forgejo
|
||||
idp_name: Forgejo
|
||||
discover: false
|
||||
issuer: "https://your-forgejo.com/"
|
||||
client_id: "your-client-id" # TO BE FILLED
|
||||
client_secret: "your-client-secret" # TO BE FILLED
|
||||
client_auth_method: client_secret_post
|
||||
scopes: ["openid", "profile", "email", "groups"]
|
||||
authorization_endpoint: "https://your-forgejo.com/login/oauth/authorize"
|
||||
token_endpoint: "https://your-forgejo.com/login/oauth/access_token"
|
||||
userinfo_endpoint: "https://your-forgejo.com/api/v1/user"
|
||||
user_mapping_provider:
|
||||
config:
|
||||
subject_claim: "sub"
|
||||
picture_claim: "picture"
|
||||
localpart_template: "{{ user.preferred_username }}"
|
||||
display_name_template: "{{ user.name }}"
|
||||
email_template: "{{ user.email }}"
|
||||
</code></pre>
|
||||
<h3 id="github"><a class="header" href="#github">GitHub</a></h3>
|
||||
<p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
|
||||
just a regular OAuth2 provider.</p>
|
||||
|
@ -14624,7 +14648,8 @@ for a server admin: see <a href="admin_api/../usage/administration/admin_api/">A
|
|||
}
|
||||
],
|
||||
"user_type": null,
|
||||
"locked": false
|
||||
"locked": false,
|
||||
"suspended": false
|
||||
}
|
||||
</code></pre>
|
||||
<p>URL parameters:</p>
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -267,7 +267,7 @@ v1.61.0.</p>
|
|||
<tr><td>v1.85.0 – v1.91.2</td><td>v1.83.0</td></tr>
|
||||
<tr><td>v1.92.0 – v1.97.0</td><td>v1.90.0</td></tr>
|
||||
<tr><td>v1.98.0 – v1.105.0</td><td>v1.96.0</td></tr>
|
||||
<tr><td>v1.105.1 – v1.120.2</td><td>v1.100.0</td></tr>
|
||||
<tr><td>v1.105.1 – v1.121.1</td><td>v1.100.0</td></tr>
|
||||
</tbody></table>
|
||||
<h2 id="upgrading-from-a-very-old-version"><a class="header" href="#upgrading-from-a-very-old-version">Upgrading from a very old version</a></h2>
|
||||
<p>You need to read all of the upgrade notes for each version between your current
|
||||
|
|
Loading…
Reference in New Issue