update oidc configuration

Dockerfile

@@ -29,6 +29,10 @@ RUN apk add --no-cache \
     zlib \
     jpeg
 
+RUN apk --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community add \
+    py3-authlib
+
+
 RUN mkdir /tmp/wheels
 COPY --from=builder /*.whl /tmp/wheels/
 

rootfs/etc/confd/templates/server.yaml.tmpl

@@ -1673,19 +1673,19 @@ oidc_config:
   # Uncomment the following to enable authorization against an OpenID Connect
   # server. Defaults to false.
   #
-  enabled: "{{getenv "OIDC_ENABLED" "false"}}"
+  enabled: {{getenv "OIDC_ENABLED" "false"}}
 
   # Uncomment the following to disable use of the OIDC discovery mechanism to
   # discover endpoints. Defaults to true.
   #
-  discover: "{{getenv "OIDC_DISCOVER" "true"}}"
+  discover: {{getenv "OIDC_DISCOVER" "true"}}
 
   # the OIDC issuer. Used to validate tokens and (if discovery is enabled) to
   # discover the provider's endpoints.
   #
   # Required if 'enabled' is true.
   #
-  issuer: "{{getenv "OIDC_ISSUER" "true"}}"
+  issuer: "{{getenv "OIDC_ISSUER"}}"
 
   # oauth2 client id to use.
   #
@@ -1747,7 +1747,7 @@ oidc_config:
   # Uncomment to allow a user logging in via OIDC to match a pre-existing account instead
   # of failing. This could be used if switching from password logins to OIDC. Defaults to false.
   #
-  allow_existing_users:  "{{getenv "OIDC_ALLOW_EXISTING_USER", "false"}}"
+  allow_existing_users:  "{{getenv "OIDC_ALLOW_EXISTING_USER" "false"}}"
 
   # An external module can be provided here as a custom solution to mapping
   # attributes returned from a OIDC provider onto a matrix user.
@@ -1759,7 +1759,7 @@ oidc_config:
     # See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers
     # for information on implementing a custom mapping provider.
     #
-    module: "{{getenv "OIDC_MAPPING_PROVIDER", "synapse.handlers.oidc_handler.JinjaOidcMappingProvider"}}"
+    module: "{{getenv "OIDC_MAPPING_PROVIDER" "synapse.handlers.oidc_handler.JinjaOidcMappingProvider"}}"
 
     # Custom configuration values for the module. This section will be passed as
     # a Python dictionary to the user mapping provider module's `parse_config`
@@ -1782,13 +1782,13 @@ oidc_config:
       #
       # This must be configured if using the default mapping provider.
       #
-      localpart_template: "{{ user.preferred_username }}"
+      localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}"
 
       # Jinja2 template for the display name to set on first login.
       #
       # If unset, no displayname will be set.
       #
-      #display_name_template: "{{ user.given_name }} {{ user.last_name }}"
+      #display_name_template: "{{"{{"}} user.given_name {{"}}"}} {{"{{"}} user.last_name {{"}}"}}"
 
       # Jinja2 templates for extra attributes to send back to the client during
       # login.
@@ -1796,7 +1796,7 @@ oidc_config:
       # Note that these are non-standard and clients will ignore them without modifications.
       #
       #extra_attributes:
-        #birthdate: "{{ user.birthdate }}"
+        #birthdate: "{{"{{"}} user.birthdate {{"}}"}}"