mirror of
https://github.com/superseriousbusiness/gotosocial
synced 2025-06-05 21:59:39 +02:00
Oidc (#109)
* add oidc config * inching forward with oidc idp * lil webfingy fix * bit more progress * further oidc * oidc now working * document dex config * replace broken images * add additional credits * tiny doc update * update * add oidc config * inching forward with oidc idp * bit more progress * further oidc * oidc now working * document dex config * replace broken images * add additional credits * tiny doc update * update * document * docs + comments
This commit is contained in:
@@ -17,6 +17,7 @@
|
||||
###########################
|
||||
##### GENERAL CONFIG ######
|
||||
###########################
|
||||
|
||||
# String. Log level to use throughout the application. Must be lower-case.
|
||||
# Options: ["trace","debug","info","warn","error","fatal"]
|
||||
# Default: "info"
|
||||
@@ -54,8 +55,10 @@ protocol: "https"
|
||||
############################
|
||||
##### DATABASE CONFIG ######
|
||||
############################
|
||||
|
||||
# Config pertaining to the Gotosocial database connection
|
||||
db:
|
||||
|
||||
# String. Database type.
|
||||
# Options: ["postgres"]
|
||||
# Default: "postgres"
|
||||
@@ -105,8 +108,10 @@ db:
|
||||
###############################
|
||||
##### WEB TEMPLATE CONFIG #####
|
||||
###############################
|
||||
|
||||
# Config pertaining to templating of web pages/email notifications and the like
|
||||
template:
|
||||
|
||||
# String. Directory from which gotosocial will attempt to load html templates (.tmpl files).
|
||||
# Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
|
||||
# Default: "./web/template/"
|
||||
@@ -120,8 +125,10 @@ template:
|
||||
###########################
|
||||
##### ACCOUNTS CONFIG #####
|
||||
###########################
|
||||
|
||||
# Config pertaining to creation and maintenance of accounts on the server, as well as defaults for new accounts.
|
||||
accounts:
|
||||
|
||||
# Bool. Do we want people to be able to just submit sign up requests, or do we want invite only?
|
||||
# Options: [true, false]
|
||||
# Default: true
|
||||
@@ -140,8 +147,10 @@ accounts:
|
||||
########################
|
||||
##### MEDIA CONFIG #####
|
||||
########################
|
||||
|
||||
# Config pertaining to user media uploads (videos, image, image descriptions).
|
||||
media:
|
||||
|
||||
# Int. Maximum allowed image upload size in bytes.
|
||||
# Examples: [2097152, 10485760]
|
||||
# Default: 2097152 -- aka 2MB
|
||||
@@ -165,8 +174,10 @@ media:
|
||||
##########################
|
||||
##### STORAGE CONFIG #####
|
||||
##########################
|
||||
|
||||
# Config pertaining to storage of user-created uploads (videos, images, etc).
|
||||
storage:
|
||||
|
||||
# String. Type of storage backend to use.
|
||||
# Examples: ["local", "s3"]
|
||||
# Default: "local" (storage on local disk)
|
||||
@@ -203,8 +214,10 @@ storage:
|
||||
###########################
|
||||
##### STATUSES CONFIG #####
|
||||
###########################
|
||||
|
||||
# Config pertaining to the creation of statuses/posts, and permitted limits.
|
||||
statuses:
|
||||
|
||||
# Int. Maximum amount of characters permitted for a new status.
|
||||
# Note that going way higher than the default might break federation.
|
||||
# Examples: [140, 500, 5000]
|
||||
@@ -238,8 +251,10 @@ statuses:
|
||||
##############################
|
||||
##### LETSENCRYPT CONFIG #####
|
||||
##############################
|
||||
|
||||
# Config pertaining to the automatic acquisition and use of LetsEncrypt HTTPS certificates.
|
||||
letsEncrypt:
|
||||
|
||||
# Bool. Whether or not letsencrypt should be enabled for the server.
|
||||
# If true, the server will serve on port 443 (https) and obtain letsencrypt
|
||||
# certificates automatically.
|
||||
@@ -248,7 +263,7 @@ letsEncrypt:
|
||||
# You should only change this if you want to serve GoToSocial behind a reverse proxy
|
||||
# like Traefik, HAProxy, or Nginx.
|
||||
# Options: [true, false]
|
||||
# Default: true
|
||||
# Default: true
|
||||
enabled: true
|
||||
|
||||
# String. Directory in which to store LetsEncrypt certificates.
|
||||
@@ -265,3 +280,58 @@ letsEncrypt:
|
||||
# Examples: ["admin@example.org"]
|
||||
# Default: ""
|
||||
emailAddress: ""
|
||||
|
||||
#######################
|
||||
##### OIDC CONFIG #####
|
||||
#######################
|
||||
|
||||
# Config for authentication with an external OIDC provider (Dex, Google, Auth0, etc).
|
||||
oidc:
|
||||
|
||||
# Bool. Enable authentication with external OIDC provider. If set to true, then
|
||||
# the other OIDC options must be set as well. If this is set to false, then the standard
|
||||
# internal oauth flow will be used, where users sign in to GtS with username/password.
|
||||
# Options: [true, false]
|
||||
# Default: false
|
||||
enabled: false
|
||||
|
||||
# String. Name of the oidc idp (identity provider). This will be shown to users when
|
||||
# they log in.
|
||||
# Examples: ["Google", "Dex", "Auth0"]
|
||||
# Default: ""
|
||||
idpName: ""
|
||||
|
||||
# Bool. Skip the normal verification flow of tokens returned from the OIDC provider, ie.,
|
||||
# don't check the expiry or signature. This should only be used in debugging or testing,
|
||||
# never ever in a production environment as it's extremely unsafe!
|
||||
# Options: [true, false]
|
||||
# Default: false
|
||||
skipVerification: false
|
||||
|
||||
# String. The OIDC issuer URI. This is where GtS will redirect users to for login.
|
||||
# Typically this will look like a standard web URL.
|
||||
# Examples: ["https://auth.example.org", "https://example.org/auth"]
|
||||
# Default: ""
|
||||
issuer: ""
|
||||
|
||||
# String. The ID for this client as registered with the OIDC provider.
|
||||
# Examples: ["some-client-id", "fda3772a-ad35-41c9-9a59-f1943ad18f54"]
|
||||
# Default: ""
|
||||
clientID: ""
|
||||
|
||||
# String. The secret for this client as registered with the OIDC provider.
|
||||
# Examples: ["super-secret-business", "79379cf5-8057-426d-bb83-af504d98a7b0"]
|
||||
# Default: ""
|
||||
clientSecret: ""
|
||||
|
||||
# Array of string. Scopes to request from the OIDC provider. The returned values will be used to
|
||||
# populate users created in GtS as a result of the authentication flow. 'openid' and 'email' are required.
|
||||
# 'profile' is used to extract a username for the newly created user.
|
||||
# 'groups' is optional and can be used to determine if a user is an admin (if they're in the group 'admin' or 'admins').
|
||||
# Examples: See eg., https://auth0.com/docs/scopes/openid-connect-scopes
|
||||
# Default: ["openid", "email", "profile", "groups"]
|
||||
scopes:
|
||||
- "openid"
|
||||
- "email"
|
||||
- "profile"
|
||||
- "groups"
|
||||
|
Reference in New Issue
Block a user