Skip to content
Mia Winter edited this page Mar 14, 2024 · 1 revision

OpenID Connect

You can configure OIDC for users to be able to log in with a OAauth2 / OpenID provider of your choice.

Keep in mind that users will still need to provide and confirm an email address, as Wave requires it for account management, and users also have the option to set a local password as an alternative, as well as to remove that OpenID Service from their account after they did so.

Oidc:
  Authority: <authority base url>
  ClientId: <id>
  ClientSecret: <secret>

The Authority URL is usually the base url to the OpenID api, for example for Microsoft Azure/Entra/whatever they will call it next month it's https://login.microsoftonline.com/<tenant_id>/v2.0. If your providers response contains an "email" property, that email will be automatically filled in on registration, which is convenient when your users already use it to sign in. If your providers response contains a "roles" property, that one will be treated as one or more roles (comma separated) that that user should be assigned at signup. The available roles right now are Author, Reviewer, Moderator and Admin.

Your OIDC provider needs to redirect to the /signin-oidc endpoint of your Wave installation. The provider may call /signout-oidc to sign the user out.

Clone this wiki locally