summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorJoachim Mathes2020-11-21 20:26:12 +0100
committerJoachim Mathes2020-11-25 19:23:55 +0100
commit729b387536d2bcf43a20b2ddead4bffdfd342d2a (patch)
treea8b78acc279dc805d419ffb1f791dcd0493515ce /docs
parentc59d4c7c5c5c5ea07734c9a3f8676cb95d68aba4 (diff)
Add oauth2 authorization
Signed-off-by: Joachim Mathes <joachim_mathes@web.de>
Diffstat (limited to 'docs')
-rw-r--r--docs/configuration.md3
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/configuration.md b/docs/configuration.md
index 197a2ca0..25df7366 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -189,12 +189,15 @@ these are rarely used for various reasons.
| | `CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR` | **no default**, `name` | where to find the username in the JSON from the user profile URL. (no default value) |
| | `CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR` | **no default**, `display-name` | where to find the display-name in the JSON from the user profile URL. (no default value) |
| | `CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR` | **no default**, `email` | where to find the email address in the JSON from the user profile URL. (no default value) |
+| | `CMD_OAUTH2_USER_PROFILE_ID_ATTR` | **no default**, `user_uuid` | where to find the dedicated user ID (optional, overrides `CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR`) |
| | `CMD_OAUTH2_TOKEN_URL` | **no default**, `https://example.com` | sometimes called token endpoint, please refer to the documentation of your OAuth2 provider (no default value) |
| | `CMD_OAUTH2_AUTHORIZATION_URL` | **no default**, `https://example.com` | authorization URL of your provider, please refer to the documentation of your OAuth2 provider (no default value) |
| | `CMD_OAUTH2_CLIENT_ID` | **no default**, `afae02fckafd...` | you will get this from your OAuth2 provider when you register HedgeDoc as OAuth2-client, (no default value) |
| | `CMD_OAUTH2_CLIENT_SECRET` | **no default**, `afae02fckafd...` | you will get this from your OAuth2 provider when you register HedgeDoc as OAuth2-client, (no default value) |
| | `CMD_OAUTH2_PROVIDERNAME` | **no default**, `My institution` | Optional name to be displayed at login form indicating the oAuth2 provider |
| | `CMD_OAUTH2_SCOPE` | **no default**, `openid email profile` | Scope to request for OIDC (OpenID Connect) providers. |
+| | `CMD_OAUTH2_ROLES_CLAIM` | **no default**, `roles` | ID token claim, which is supposed to provide an array of strings of roles |
+| | `CMD_OAUTH2_ACCESS_ROLE` | **no default**, `role/hedgedoc` | The role which should be included in the ID token roles claim to grant access |
### SAML Login