This commit is contained in:
anoadragon453 2024-12-11 19:25:31 +00:00
parent f91ab88bb5
commit 31d72b6987
6 changed files with 56 additions and 6 deletions

View file

@ -207,7 +207,8 @@ for a server admin: see <a href="../usage/administration/admin_api/">Admin API</
} }
], ],
&quot;user_type&quot;: null, &quot;user_type&quot;: null,
&quot;locked&quot;: false &quot;locked&quot;: false,
&quot;suspended&quot;: false
} }
</code></pre> </code></pre>
<p>URL parameters:</p> <p>URL parameters:</p>

View file

@ -462,6 +462,30 @@ and &quot;App Secret&quot; for use below.</li>
but it has a <code>response_types_supported</code> which excludes &quot;code&quot; (which we rely on, and but it has a <code>response_types_supported</code> which excludes &quot;code&quot; (which we rely on, and
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>), is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
so we have to disable discovery and configure the URIs manually.</p> so we have to disable discovery and configure the URIs manually.</p>
<h3 id="forgejo"><a class="header" href="#forgejo">Forgejo</a></h3>
<p>Forgejo is a fork of Gitea that can act as an OAuth2 provider.</p>
<p>The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined <code>subject_claim</code> and <code>scopes</code>.</p>
<p>Synapse config:</p>
<pre><code class="language-yaml">oidc_providers:
- idp_id: forgejo
idp_name: Forgejo
discover: false
issuer: &quot;https://your-forgejo.com/&quot;
client_id: &quot;your-client-id&quot; # TO BE FILLED
client_secret: &quot;your-client-secret&quot; # TO BE FILLED
client_auth_method: client_secret_post
scopes: [&quot;openid&quot;, &quot;profile&quot;, &quot;email&quot;, &quot;groups&quot;]
authorization_endpoint: &quot;https://your-forgejo.com/login/oauth/authorize&quot;
token_endpoint: &quot;https://your-forgejo.com/login/oauth/access_token&quot;
userinfo_endpoint: &quot;https://your-forgejo.com/api/v1/user&quot;
user_mapping_provider:
config:
subject_claim: &quot;sub&quot;
picture_claim: &quot;picture&quot;
localpart_template: &quot;{{ user.preferred_username }}&quot;
display_name_template: &quot;{{ user.name }}&quot;
email_template: &quot;{{ user.email }}&quot;
</code></pre>
<h3 id="github"><a class="header" href="#github">GitHub</a></h3> <h3 id="github"><a class="header" href="#github">GitHub</a></h3>
<p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but <p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
just a regular OAuth2 provider.</p> just a regular OAuth2 provider.</p>

View file

@ -1877,7 +1877,7 @@ v1.61.0.</p>
<tr><td>v1.85.0 v1.91.2</td><td>v1.83.0</td></tr> <tr><td>v1.85.0 v1.91.2</td><td>v1.83.0</td></tr>
<tr><td>v1.92.0 v1.97.0</td><td>v1.90.0</td></tr> <tr><td>v1.92.0 v1.97.0</td><td>v1.90.0</td></tr>
<tr><td>v1.98.0 v1.105.0</td><td>v1.96.0</td></tr> <tr><td>v1.98.0 v1.105.0</td><td>v1.96.0</td></tr>
<tr><td>v1.105.1 v1.120.2</td><td>v1.100.0</td></tr> <tr><td>v1.105.1 v1.121.1</td><td>v1.100.0</td></tr>
</tbody></table> </tbody></table>
<h2 id="upgrading-from-a-very-old-version"><a class="header" href="#upgrading-from-a-very-old-version">Upgrading from a very old version</a></h2> <h2 id="upgrading-from-a-very-old-version"><a class="header" href="#upgrading-from-a-very-old-version">Upgrading from a very old version</a></h2>
<p>You need to read all of the upgrade notes for each version between your current <p>You need to read all of the upgrade notes for each version between your current
@ -8749,6 +8749,30 @@ and &quot;App Secret&quot; for use below.</li>
but it has a <code>response_types_supported</code> which excludes &quot;code&quot; (which we rely on, and but it has a <code>response_types_supported</code> which excludes &quot;code&quot; (which we rely on, and
is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>), is even mentioned in their <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login">documentation</a>),
so we have to disable discovery and configure the URIs manually.</p> so we have to disable discovery and configure the URIs manually.</p>
<h3 id="forgejo"><a class="header" href="#forgejo">Forgejo</a></h3>
<p>Forgejo is a fork of Gitea that can act as an OAuth2 provider.</p>
<p>The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined <code>subject_claim</code> and <code>scopes</code>.</p>
<p>Synapse config:</p>
<pre><code class="language-yaml">oidc_providers:
- idp_id: forgejo
idp_name: Forgejo
discover: false
issuer: &quot;https://your-forgejo.com/&quot;
client_id: &quot;your-client-id&quot; # TO BE FILLED
client_secret: &quot;your-client-secret&quot; # TO BE FILLED
client_auth_method: client_secret_post
scopes: [&quot;openid&quot;, &quot;profile&quot;, &quot;email&quot;, &quot;groups&quot;]
authorization_endpoint: &quot;https://your-forgejo.com/login/oauth/authorize&quot;
token_endpoint: &quot;https://your-forgejo.com/login/oauth/access_token&quot;
userinfo_endpoint: &quot;https://your-forgejo.com/api/v1/user&quot;
user_mapping_provider:
config:
subject_claim: &quot;sub&quot;
picture_claim: &quot;picture&quot;
localpart_template: &quot;{{ user.preferred_username }}&quot;
display_name_template: &quot;{{ user.name }}&quot;
email_template: &quot;{{ user.email }}&quot;
</code></pre>
<h3 id="github"><a class="header" href="#github">GitHub</a></h3> <h3 id="github"><a class="header" href="#github">GitHub</a></h3>
<p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but <p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
just a regular OAuth2 provider.</p> just a regular OAuth2 provider.</p>
@ -14624,7 +14648,8 @@ for a server admin: see <a href="admin_api/../usage/administration/admin_api/">A
} }
], ],
&quot;user_type&quot;: null, &quot;user_type&quot;: null,
&quot;locked&quot;: false &quot;locked&quot;: false,
&quot;suspended&quot;: false
} }
</code></pre> </code></pre>
<p>URL parameters:</p> <p>URL parameters:</p>

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -267,7 +267,7 @@ v1.61.0.</p>
<tr><td>v1.85.0 v1.91.2</td><td>v1.83.0</td></tr> <tr><td>v1.85.0 v1.91.2</td><td>v1.83.0</td></tr>
<tr><td>v1.92.0 v1.97.0</td><td>v1.90.0</td></tr> <tr><td>v1.92.0 v1.97.0</td><td>v1.90.0</td></tr>
<tr><td>v1.98.0 v1.105.0</td><td>v1.96.0</td></tr> <tr><td>v1.98.0 v1.105.0</td><td>v1.96.0</td></tr>
<tr><td>v1.105.1 v1.120.2</td><td>v1.100.0</td></tr> <tr><td>v1.105.1 v1.121.1</td><td>v1.100.0</td></tr>
</tbody></table> </tbody></table>
<h2 id="upgrading-from-a-very-old-version"><a class="header" href="#upgrading-from-a-very-old-version">Upgrading from a very old version</a></h2> <h2 id="upgrading-from-a-very-old-version"><a class="header" href="#upgrading-from-a-very-old-version">Upgrading from a very old version</a></h2>
<p>You need to read all of the upgrade notes for each version between your current <p>You need to read all of the upgrade notes for each version between your current