diff --git a/sharry/rootfs/etc/sharry/sharry.conf b/sharry/rootfs/etc/sharry/sharry.conf index d4fd951..cdfbcc0 100755 --- a/sharry/rootfs/etc/sharry/sharry.conf +++ b/sharry/rootfs/etc/sharry/sharry.conf @@ -109,10 +109,11 @@ sharry.restserver { # The inital ui theme to use. Can be either 'light' or 'dark'. initial-theme = "light" - # When only OAuth is configured and only a single provider, then - # the weapp automatically redirects to its authentication page - # skipping the sharry login page. This will also disable the - # logout button, since sharry is not in charge anyways. + # When only OAuth (or only Proxy Auth) is configured and only a + # single provider, then the weapp automatically redirects to its + # authentication page skipping the sharry login page. This will + # also disable the logout button, since sharry is not in charge + # anyways. oauth-auto-redirect = true # A custom html snippet that is rendered into the html head @@ -275,8 +276,8 @@ sharry.restserver { id = "aad" name = "Azure AD" icon = "fab fa-microsoft" - scope = "" - authorize-url = "https://login.microsoftonline.com//oauth2/v2.0/authorize?scope=openid" + scope = "openid" + authorize-url = "https://login.microsoftonline.com//oauth2/v2.0/authorize" token-url = "https://login.microsoftonline.com//oauth2/v2.0/token" user-url = "https://graph.microsoft.com/oidc/userinfo" user-id-key = "email" @@ -285,6 +286,16 @@ sharry.restserver { client-secret = "" } ] + + # Allows to inspect the request headers for finding already + # authorized user name/email. If enabled and during login the + # request contains these headers, they will be used to + # automatically create accounts. + proxy { + enabled = false + user-header = "X-Valid-User" + email-header = "X-User-Email" + } } # The database connection.