diff --git a/docs/content/doc/setup/openid-examples.md b/docs/content/doc/setup/openid-examples.md index 1b9f215c9..a6349de1c 100644 --- a/docs/content/doc/setup/openid-examples.md +++ b/docs/content/doc/setup/openid-examples.md @@ -28,7 +28,6 @@ openid: authurl: https://login.mydomain.com clientid: clientsecret: - scope: openid email profile ``` Authelia config: @@ -58,7 +57,6 @@ openid: authurl: https://accounts.google.com clientid: clientsecret: - scope: openid email profile ``` Google config: @@ -82,7 +80,6 @@ openid: logouturl: https://keycloak.mydomain.com/realms//protocol/openid-connect/logout clientid: clientsecret: - scope: openid email profile ``` Keycloak Config: - Navigate to the keycloak instance @@ -112,11 +109,9 @@ auth: logouturl: "https://authentik.mydomain.com/application/o/vikunja/end-session/" clientid: "" # copy from Authetik clientsecret: "" # copy from Authentik - scope: openid email profile ``` **Note:** The `authurl` that Vikunja requires is not the `Authorize URL` that you can see in the Provider. -Vikunja uses OpenID Discovery to find the correct endpoint to use. -Vikunja does this automatically by accessing the `OpenID Configuration URL` (usually `https://authentik.mydomain.com/application/o/vikunja/.well-known/openid-configuration`). +OpenID Discovery is used to find the correct endpoint to use automatically, by accessing the `OpenID Configuration URL` (usually `https://authentik.mydomain.com/application/o/vikunja/.well-known/openid-configuration`). Use this URL without the `.well-known/openid-configuration` as the `authurl`. Typically this URL can be found in the metadata section within your identity provider. diff --git a/docs/content/doc/setup/openid.md b/docs/content/doc/setup/openid.md index 18fefd7a8..98ccbba5a 100644 --- a/docs/content/doc/setup/openid.md +++ b/docs/content/doc/setup/openid.md @@ -55,7 +55,7 @@ More detailled instructions for various different identity providers can be [fou ### Step 2: Configure Vikunja -Vikunja has to be configured to use the identity provider. The general configuration is structured as follows: +Vikunja has to be configured to use the identity provider. Please note that there is currently no option to configure these settings via environment variables, they have to be defined using the configuration file. The configuration schema is as follows: ```yaml auth: @@ -73,7 +73,7 @@ auth: The values for `authurl` can be obtained from the Metadata of your provider, while `clientid` and `clientsecret` are obtained when configuring the client. The scope usually doesn't need to be specified or changed, unless you want to configure the automatic team assignment. -Once you're confident that the external authentication works and you want to disable local accounts, this can be done by configuring: +Optionally it is possible to disable local authentication and therefore forcing users to login via OpenID connect: ```yaml auth: