Merge branch 'sso-oidc' into 'next'

Single Sign-On via OIDC/OAuth2 (attempt #2) Closes #134 See merge request famedly/conduit!676
2025-08-11 17:50:59 +00:00 · 2024-11-04 01:22:43 +00:00 · 2024-11-04 01:22:43 +00:00 · da543a726e
commit da543a726e
parent e952522a39 67c23d6dd4
21 changed files with 1104 additions and 46 deletions
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -13,6 +13,7 @@ Conduit's configuration file is divided into the following sections:
 - [Global](#global)
    - [TLS](#tls)
    - [Proxy](#proxy)
+    - [SSO (Single Sign-On)](#sso)


 ## Global
@ -111,3 +112,20 @@ exclude = ["*.clearnet.onion"]
 [global]
 {{#include ../conduit-example.toml:22:}}
 ```
+
+### SSO (Single Sign-On)
+
+Authentication through SSO instead of a password can be enabled by configuring OIDC (OpenID Connect) identity providers.
+Identity providers using OAuth such as Github are not supported yet.
+
+> **Note:** The `*` symbol indicates that the field is required, and the values in **parentheses** are the possible values
+
+| Field | Type | Description | Default |
+| --- | --- | --- | --- |
+| `issuer`* | `Url` | The issuer URL. | N/A |
+| `name` | `string` | The name displayed on fallback pages. | `issuer` |
+| `icon` | `Url` OR `MxcUri` | The icon displayed on fallback pages. | N/A |
+| `scopes` | `array` | The scopes used to obtain extra claims which can be used for templates. | `["openid"]` |
+| `client_id`* | `string` | The provider-supplied, unique ID for the client. | N/A |
+| `client_secret`* | `string` | The provider-supplied, unique ID for the client. | N/A |
+| `authentication_method`* | `"basic" OR "post"` | The method used for client authentication. | N/A |