Add Forgejo oidc provider config example (#17872)

2024-12-14 11:57:44 +00:00 · 2024-11-20 23:06:08 +01:00 · 2024-11-20 23:06:08 +01:00 · 80e39fd834
commit 80e39fd834
parent 573bdbc824
2 changed files with 31 additions and 0 deletions
--- a/changelog.d/17872.doc
+++ b/changelog.d/17872.doc
@ -0,0 +1 @@
+Add OIDC example configuration for Forgejo (fork of Gitea).
--- a/docs/openid.md
+++ b/docs/openid.md
@ -336,6 +336,36 @@ but it has a `response_types_supported` which excludes "code" (which we rely on,
 is even mentioned in their [documentation](https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login)),
 so we have to disable discovery and configure the URIs manually.

+### Forgejo
+
+Forgejo is a fork of Gitea that can act as an OAuth2 provider.
+
+The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined `subject_claim` and `scopes`.
+
+Synapse config:
+
+```yaml
+oidc_providers:
+  - idp_id: forgejo
+    idp_name: Forgejo
+    discover: false
+    issuer: "https://your-forgejo.com/"
+    client_id: "your-client-id" # TO BE FILLED
+    client_secret: "your-client-secret" # TO BE FILLED
+    client_auth_method: client_secret_post
+    scopes: ["openid", "profile", "email", "groups"]
+    authorization_endpoint: "https://your-forgejo.com/login/oauth/authorize"
+    token_endpoint: "https://your-forgejo.com/login/oauth/access_token"
+    userinfo_endpoint: "https://your-forgejo.com/api/v1/user"
+    user_mapping_provider:
+      config:
+        subject_claim: "sub"
+        picture_claim: "picture"
+        localpart_template: "{{ user.preferred_username }}"
+        display_name_template: "{{ user.name }}"
+        email_template: "{{ user.email }}"
+```
+
 ### GitHub

 [GitHub][github-idp] is a bit special as it is not an OpenID Connect compliant provider, but
				`@ -0,0 +1 @@`
				`Add OIDC example configuration for Forgejo (fork of Gitea).`