update oidc configuration

2020-12-11 10:38:54 +01:00 · 2020-12-11 10:38:54 +01:00 · 7aa2b42a23
commit 7aa2b42a23
parent 881f49852f
2 changed files with 12 additions and 8 deletions
--- a/4
+++ b/4
@ -29,6 +29,10 @@ RUN apk add --no-cache \
    zlib \
    jpeg

+RUN apk --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community add \
+    py3-authlib
+
+
 RUN mkdir /tmp/wheels
 COPY --from=builder /*.whl /tmp/wheels/

--- a/rootfs/etc/confd/templates/server.yaml.tmpl
+++ b/rootfs/etc/confd/templates/server.yaml.tmpl
@ -1673,19 +1673,19 @@ oidc_config:
  # Uncomment the following to enable authorization against an OpenID Connect
  # server. Defaults to false.
  #
-  enabled: "{{getenv "OIDC_ENABLED" "false"}}"
+  enabled: {{getenv "OIDC_ENABLED" "false"}}

  # Uncomment the following to disable use of the OIDC discovery mechanism to
  # discover endpoints. Defaults to true.
  #
-  discover: "{{getenv "OIDC_DISCOVER" "true"}}"
+  discover: {{getenv "OIDC_DISCOVER" "true"}}

  # the OIDC issuer. Used to validate tokens and (if discovery is enabled) to
  # discover the provider's endpoints.
  #
  # Required if 'enabled' is true.
  #
-  issuer: "{{getenv "OIDC_ISSUER" "true"}}"
+  issuer: "{{getenv "OIDC_ISSUER"}}"

  # oauth2 client id to use.
  #
@ -1747,7 +1747,7 @@ oidc_config:
  # Uncomment to allow a user logging in via OIDC to match a pre-existing account instead
  # of failing. This could be used if switching from password logins to OIDC. Defaults to false.
  #
-  allow_existing_users:  "{{getenv "OIDC_ALLOW_EXISTING_USER", "false"}}"
+  allow_existing_users:  "{{getenv "OIDC_ALLOW_EXISTING_USER" "false"}}"

  # An external module can be provided here as a custom solution to mapping
  # attributes returned from a OIDC provider onto a matrix user.
@ -1759,7 +1759,7 @@ oidc_config:
    # See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers
    # for information on implementing a custom mapping provider.
    #
-    module: "{{getenv "OIDC_MAPPING_PROVIDER", "synapse.handlers.oidc_handler.JinjaOidcMappingProvider"}}"
+    module: "{{getenv "OIDC_MAPPING_PROVIDER" "synapse.handlers.oidc_handler.JinjaOidcMappingProvider"}}"

    # Custom configuration values for the module. This section will be passed as
    # a Python dictionary to the user mapping provider module's `parse_config`
@ -1782,13 +1782,13 @@ oidc_config:
      #
      # This must be configured if using the default mapping provider.
      #
-      localpart_template: "{{ user.preferred_username }}"
+      localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}"

      # Jinja2 template for the display name to set on first login.
      #
      # If unset, no displayname will be set.
      #
-      #display_name_template: "{{ user.given_name }} {{ user.last_name }}"
+      #display_name_template: "{{"{{"}} user.given_name {{"}}"}} {{"{{"}} user.last_name {{"}}"}}"

      # Jinja2 templates for extra attributes to send back to the client during
      # login.
@ -1796,7 +1796,7 @@ oidc_config:
      # Note that these are non-standard and clients will ignore them without modifications.
      #
      #extra_attributes:
-        #birthdate: "{{ user.birthdate }}"
+        #birthdate: "{{"{{"}} user.birthdate {{"}}"}}"