mirror of
https://github.com/thelounge/thelounge.git
synced 2024-06-15 20:15:11 +02:00
Add docs
This commit is contained in:
parent
fcec4585f8
commit
61eaa1eb7e
|
@ -470,15 +470,49 @@ module.exports = {
|
|||
},
|
||||
},
|
||||
|
||||
// ## OpenID Support
|
||||
|
||||
// These settings enable and configure OpenID authentication.
|
||||
//
|
||||
// They are only being used in private mode. To know more about private mode,
|
||||
// see the `public` setting above.
|
||||
|
||||
// The authentication process works as follows:
|
||||
//
|
||||
// 1. The Lounge generates a redirect URL based on the OpenID provider's information.
|
||||
// 2. When the client goes to the URL, it gets back tokens in the URL params.
|
||||
// 3. The client sends the tokens through the websocket and the server validates it.
|
||||
// 4. The server makes sure that the tokens have the correct permissions.
|
||||
// 5. The server continues with the normal authentication process.
|
||||
//
|
||||
// The available keys for the `openid` object are:
|
||||
openid: {
|
||||
// - `enable`: when set to `false`, LDAP support is disabled and all other
|
||||
// values are ignored.
|
||||
enable: false,
|
||||
|
||||
// - `issuerURL`: An OpenID provider URL. Must have a `.well-known/openid-configuration` endpoint available.
|
||||
issuerURL: "https://auth.example.com",
|
||||
|
||||
// - `baseURL`: Where The Lounge is running. This is required to create the redirect.
|
||||
baseURL: "https://thelounge.example.com",
|
||||
|
||||
// - `clientID`: OpenID client ID.
|
||||
clientID: "clientId",
|
||||
|
||||
// - `secret`: OpenID secret.
|
||||
secret: "secret",
|
||||
|
||||
// - `logout`: Enable front-channel logout (pressing log out will log you out of the app)
|
||||
logout: true,
|
||||
|
||||
// - `usernameClaim`: OpenID claim to take the username from.
|
||||
usernameClaim: "preferred_username",
|
||||
|
||||
// - `roleClaim`: OpenID claim that represents a list of roles that a user has. Set blank to disable role checking.
|
||||
roleClaim: "roles",
|
||||
|
||||
// - `requiredRoles`: what OpenID roles are required for logging in.
|
||||
requiredRoles: ["thelounge"],
|
||||
},
|
||||
|
||||
|
|
Loading…
Reference in a new issue