docs: improve OpenID documentation #2151
No reviewers
Labels
No Label
dependencies
duplicate
help wanted
invalid
kind/bug
kind/feature
needs reproduction
question
security
wontfix
No Milestone
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: vikunja/vikunja#2151
Loading…
Reference in New Issue
No description provided.
Delete Branch "waza-ari/vikunja:main"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR stems from issue #2150, in turn following up on PR #1393
It adds additional details around the OIDC authentication feature, as well as details about how the team assignment works.
Hi waza-ari!
Thank you for creating a PR!
I've deployed the frontend changes of this PR on a preview environment under this URL: https://2151-main--vikunja-frontend-preview.netlify.app
You can use this url to view the changes live and test them out.
You will need to manually connect this to an api running somewhere. The easiest to use is https://try.vikunja.io/.
This preview does not contain any changes made to the api, only the frontend.
Have a nice day!
@ -28,6 +28,7 @@ openid:
authurl: https://login.mydomain.com
clientid: <vikunja-id>
clientsecret: <vikunja secret>
scope: openid email profile
This is the default, so it's not necessary to provide it. Hence, it was not included already in the docs.
Added the scope parameter at the beginning because it was not mentioned anywhere else, before later adding the general schema in
openid.md
. Removed them again for all examples as its not needed.@ -114,1 +118,3 @@
**Note:** The `authurl` that Vikunja requires is not the `Authorize URL` that you can see in the Provider. Vikunja uses Open ID Discovery to find the correct endpoint to use. Vikunja does this by automatically accessing the `OpenID Configuration URL` (usually `https://authentik.mydomain.com/application/o/vikunja/.well-known/openid-configuration`). Use this URL without the `.well-known/openid-configuration` as the `authurl`.
**Note:** The `authurl` that Vikunja requires is not the `Authorize URL` that you can see in the Provider.
Vikunja uses OpenID Discovery to find the correct endpoint to use.
Vikunja does this automatically by accessing the `OpenID Configuration URL` (usually `https://authentik.mydomain.com/application/o/vikunja/.well-known/openid-configuration`).
Nitpick: Use
It
instead ofVikunja
here (I know you didn't change this, but still something worth changing now IMHO)@ -19,0 +55,4 @@
### Step 2: Configure Vikunja
Vikunja has to be configured to use the identity provider. The general configuration is structured as follows:
Please mention here that this cannot be done using environment variables and requires a config file.
@ -19,0 +73,4 @@
The values for `authurl` can be obtained from the Metadata of your provider, while `clientid` and `clientsecret` are obtained when configuring the client.
The scope usually doesn't need to be specified or changed, unless you want to configure the automatic team assignment.
Once you're confident that the external authentication works and you want to disable local accounts, this can be done by configuring:
Please clarify this is optional and Vikunja is able to work with openid and local authentication enabled at the same time.