Skip to content

Commit

Permalink
chore(config-docs): update docs for latest oidc defaults
Browse files Browse the repository at this point in the history
  • Loading branch information
adamcooke committed Mar 16, 2024
1 parent 6a1ff56 commit 364eba6
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
5 changes: 3 additions & 2 deletions doc/config/environment-variables.md
Original file line number Diff line number Diff line change
Expand Up @@ -98,13 +98,14 @@ This document contains all the environment variables which are available for thi
| `MIGRATION_WAITER_ATTEMPTS` | Integer | The number of attempts to try waiting for migrations to complete before start | 120 |
| `MIGRATION_WAITER_SLEEP_TIME` | Integer | The number of seconds to wait between each migration check | 2 |
| `OIDC_ENABLED` | Boolean | Enable OIDC authentication | false |
| `OIDC_LOCAL_AUTHENTICATION_ENABLED` | Boolean | When enabled, users with passwords will still be able to login locally. If disable, only OpenID Connect will be available. | true |
| `OIDC_NAME` | String | The name of the OIDC provider as shown in the UI | OIDC Provider |
| `OIDC_ISSUER` | String | The OIDC issuer URL | |
| `OIDC_IDENTIFIER` | String | The client ID for OIDC | |
| `OIDC_SECRET` | String | The client secret for OIDC | |
| `OIDC_SCOPES` | Array of strings | Scopes to request from the OIDC server. | openid |
| `OIDC_SCOPES` | Array of strings | Scopes to request from the OIDC server. | openid,email |
| `OIDC_UID_FIELD` | String | The field to use to determine the user's UID | sub |
| `OIDC_EMAIL_ADDRESS_FIELD` | String | The field to use to determine the user's email address | sub |
| `OIDC_EMAIL_ADDRESS_FIELD` | String | The field to use to determine the user's email address | email |
| `OIDC_NAME_FIELD` | String | The field to use to determine the user's name | name |
| `OIDC_DISCOVERY` | Boolean | Enable discovery to determine endpoints from .well-known/openid-configuration from the Issuer | true |
| `OIDC_AUTHORIZATION_ENDPOINT` | String | The authorize endpoint on the authorization server (only used when discovery is false) | |
Expand Down
6 changes: 4 additions & 2 deletions doc/config/yaml.yml
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,8 @@ migration_waiter:
oidc:
# Enable OIDC authentication
enabled: false
# When enabled, users with passwords will still be able to login locally. If disable, only OpenID Connect will be available.
local_authentication_enabled: true
# The name of the OIDC provider as shown in the UI
name: OIDC Provider
# The OIDC issuer URL
Expand All @@ -233,11 +235,11 @@ oidc:
secret:
# Scopes to request from the OIDC server.
scopes:
- openid
- openid,email
# The field to use to determine the user's UID
uid_field: sub
# The field to use to determine the user's email address
email_address_field: sub
email_address_field: email
# The field to use to determine the user's name
name_field: name
# Enable discovery to determine endpoints from .well-known/openid-configuration from the Issuer
Expand Down

0 comments on commit 364eba6

Please sign in to comment.