Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable state key on generic oauth2 #6104

Merged
merged 1 commit into from
Jan 29, 2023
Merged

Enable state key on generic oauth2 #6104

merged 1 commit into from
Jan 29, 2023

Conversation

Sleuth56
Copy link
Contributor

This PR enables the state key on the generic oauth2 requests. The state key is more secure and is required by a lot of oauth2 providers such as Authelia. https://www.rfc-editor.org/rfc/rfc6819#section-4.4.1.8

A working config for Authelia. (What I used to test this patch)

- id: Wikijs # this should be changed to something more secure
  description: Wikijs SSO
  secret: '' # Long randomly generated string
  public: false
  authorization_policy: one_factor
  audience: []
  scopes:
    - openid
    - profile
    - email
  redirect_uris:
    - https://wiki.example.com/login/{UNIQUE_ID}/callback # Copy this from the bottom of the oauth2 setup in wikijs
  userinfo_signing_algorithm: none
  grant_types:
    - authorization_code

Screenshot_20230129_161432-1

If you are using Authelia's file database

user:
  disabled: false
  displayname: "User"
  display_name: "User"
  password: ""
  email: [email protected]
  groups:
    - owner
    - user

@NGPixel NGPixel merged commit 12233c4 into requarks:main Jan 29, 2023
davidflypei pushed a commit to davidflypei/wiki that referenced this pull request Jun 13, 2023
jionggyu pushed a commit to jionggyu/wiki-2.5.302-patch that referenced this pull request Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants