diff --git a/.env.sample b/.env.sample index 4eca4ae..c984e03 100644 --- a/.env.sample +++ b/.env.sample @@ -17,12 +17,12 @@ SANDBOX_DOMAIN=sandbox.cryptpad.example.com #EXTRA_DOMAINS=', `www.cryptpad.example.com`' LETS_ENCRYPT_ENV=production -## SSO / OIDC (optional — requires SSO_ENABLED=true) -SSO_ENABLED=false -SSO_ENFORCED=false -SSO_PROVIDER_NAME=Authentik -SSO_OIDC_URL=https://authentik.example.com/application/o/cryptpad -SSO_CLIENT_ID=cryptpad -SSO_CLIENT_SECRET= -SSO_JWT_ALG=RS256 -SSO_PLUGIN_VERSION=0.4.0 +## SSO / OIDC (optional — defaults to false) +#SSO_ENABLED=true +#SSO_ENFORCED=false +#SSO_PROVIDER_NAME=Authentik +#SSO_OIDC_URL=https://authentik.example.com/application/o/cryptpad +#SSO_CLIENT_ID=cryptpad +#SSO_CLIENT_SECRET= +#SSO_JWT_ALG=RS256 +#SSO_PLUGIN_VERSION=0.4.0 diff --git a/abra.sh b/abra.sh index bf63893..136b414 100644 --- a/abra.sh +++ b/abra.sh @@ -1,5 +1,5 @@ export CONFIG_VERSION=v2 export CONFIG_JS_VERSION=v2 export NGINX_CONF_VERSION=v1 -export SSO_ENTRYPOINT_VERSION=v2 -export SSO_JS_VERSION=v1 +export SSO_ENTRYPOINT_VERSION=v4 +export SSO_JS_VERSION=v2 diff --git a/sso.js.tmpl b/sso.js.tmpl index 74d983d..5509aee 100644 --- a/sso.js.tmpl +++ b/sso.js.tmpl @@ -4,12 +4,18 @@ module.exports = { enabled: "{{ env "SSO_ENABLED" }}" === "true", enforced: "{{ env "SSO_ENFORCED" }}" === "true", - protocol: "oidc", - providerName: "{{ env "SSO_PROVIDER_NAME" }}", - oidcConfig: { - url: "{{ env "SSO_OIDC_URL" }}", - clientID: "{{ env "SSO_CLIENT_ID" }}", - clientSecret: "{{ env "SSO_CLIENT_SECRET" }}", - algorithm: "{{ env "SSO_JWT_ALG" }}" - } + cpPassword: true, + forceCpPassword: false, + list: [ + { + name: "{{ env "SSO_PROVIDER_NAME" }}", + type: "oidc", + url: "{{ env "SSO_OIDC_URL" }}", + client_id: "{{ env "SSO_CLIENT_ID" }}", + client_secret: "{{ env "SSO_CLIENT_SECRET" }}", + id_token_alg: "{{ env "SSO_JWT_ALG" }}", + use_pkce: true, + use_nonce: true + } + ] };