|
@@ -293,7 +293,7 @@ can be used to retrieve information on the authenticated user. As the Synapse
|
|
|
login mechanism needs an attribute to uniquely identify users, and that endpoint
|
|
login mechanism needs an attribute to uniquely identify users, and that endpoint
|
|
|
does not return a `sub` property, an alternative `subject_claim` has to be set.
|
|
does not return a `sub` property, an alternative `subject_claim` has to be set.
|
|
|
|
|
|
|
|
-1. Create a new OAuth application: https://github.com/settings/applications/new.
|
|
|
|
|
|
|
+1. Create a new OAuth application: [https://github.com/settings/applications/new](https://github.com/settings/applications/new).
|
|
|
2. Set the callback URL to `[synapse public baseurl]/_synapse/client/oidc/callback`.
|
|
2. Set the callback URL to `[synapse public baseurl]/_synapse/client/oidc/callback`.
|
|
|
|
|
|
|
|
Synapse config:
|
|
Synapse config:
|
|
@@ -322,10 +322,10 @@ oidc_providers:
|
|
|
|
|
|
|
|
[Google][google-idp] is an OpenID certified authentication and authorisation provider.
|
|
[Google][google-idp] is an OpenID certified authentication and authorisation provider.
|
|
|
|
|
|
|
|
-1. Set up a project in the Google API Console (see
|
|
|
|
|
- https://developers.google.com/identity/protocols/oauth2/openid-connect#appsetup).
|
|
|
|
|
-2. Add an "OAuth Client ID" for a Web Application under "Credentials".
|
|
|
|
|
-3. Copy the Client ID and Client Secret, and add the following to your synapse config:
|
|
|
|
|
|
|
+1. Set up a project in the Google API Console (see
|
|
|
|
|
+ [documentation](https://developers.google.com/identity/protocols/oauth2/openid-connect#appsetup)).
|
|
|
|
|
+3. Add an "OAuth Client ID" for a Web Application under "Credentials".
|
|
|
|
|
+4. Copy the Client ID and Client Secret, and add the following to your synapse config:
|
|
|
```yaml
|
|
```yaml
|
|
|
oidc_providers:
|
|
oidc_providers:
|
|
|
- idp_id: google
|
|
- idp_id: google
|
|
@@ -501,8 +501,8 @@ As well as the private key file, you will need:
|
|
|
* Team ID: a 10-character ID associated with your developer account.
|
|
* Team ID: a 10-character ID associated with your developer account.
|
|
|
* Key ID: the 10-character identifier for the key.
|
|
* Key ID: the 10-character identifier for the key.
|
|
|
|
|
|
|
|
-https://help.apple.com/developer-account/?lang=en#/dev77c875b7e has more
|
|
|
|
|
-documentation on setting up SiWA.
|
|
|
|
|
|
|
+[Apple's developer documentation](https://help.apple.com/developer-account/?lang=en#/dev77c875b7e)
|
|
|
|
|
+has more information on setting up SiWA.
|
|
|
|
|
|
|
|
The synapse config will look like this:
|
|
The synapse config will look like this:
|
|
|
|
|
|
|
@@ -535,8 +535,8 @@ needed to add OAuth2 capabilities to your Django projects. It supports
|
|
|
|
|
|
|
|
Configuration on Django's side:
|
|
Configuration on Django's side:
|
|
|
|
|
|
|
|
-1. Add an application: https://example.com/admin/oauth2_provider/application/add/ and choose parameters like this:
|
|
|
|
|
-* `Redirect uris`: https://synapse.example.com/_synapse/client/oidc/callback
|
|
|
|
|
|
|
+1. Add an application: `https://example.com/admin/oauth2_provider/application/add/` and choose parameters like this:
|
|
|
|
|
+* `Redirect uris`: `https://synapse.example.com/_synapse/client/oidc/callback`
|
|
|
* `Client type`: `Confidential`
|
|
* `Client type`: `Confidential`
|
|
|
* `Authorization grant type`: `Authorization code`
|
|
* `Authorization grant type`: `Authorization code`
|
|
|
* `Algorithm`: `HMAC with SHA-2 256`
|
|
* `Algorithm`: `HMAC with SHA-2 256`
|
Richard van der Hoff