feat: freshrss sso

2025-10-03 09:09:01 +02:00 · 2024-06-14 11:09:58 +02:00
parent c0af3863e7
commit daf03459c5
3 changed files with 30 additions and 31 deletions
--- a/kubernetes/apps/default/authelia/app/config/configuration.yaml
+++ b/kubernetes/apps/default/authelia/app/config/configuration.yaml
@@ -39,28 +39,26 @@ access_control:
 identity_providers:
  oidc:
    cors:
-      endpoints: ["authorization", "token", "revocation", "introspection"]
+      endpoints: [authorization, token, revocation, introspection]
      allowed_origins_from_client_redirect_uris: true
    clients:
-      - id: gitea
-        secret: "${GITEA_OAUTH_CLIENT_SECRET}"
+      - client_id: freshrss
+        client_name: freshrss
+        client_secret:
        public: false
        authorization_policy: two_factor
-        scopes: ["openid", "profile", "groups", "email"]
-        redirect_uris:
-          [
-            "https://gitea.${SECRET_PUBLIC_DOMAIN}/user/oauth2/authelia/callback",
-          ]
-        userinfo_signing_algorithm: none
-      - id: grafana
-        description: Grafana
-        secret: "${GRAFANA_OAUTH_CLIENT_SECRET}"
+        redirect_uris: ["https://freshrss.${SECRET_PUBLIC_DOMAIN}/i/oidc/"]
+        scopes: [openid, profile, groups, email]
+        userinfo_signed_response_alg: none
+        token_endpoint_auth_method: client_secret_basic
+      - client_name: grafana
+        client_id: grafana
+        client_secret: "${GRAFANA_OAUTH_CLIENT_SECRET}"
        public: false
        authorization_policy: two_factor
        pre_configured_consent_duration: 1y
-        scopes: ["openid", "profile", "groups", "email"]
-        redirect_uris:
-          ["https://grafana.${SECRET_PUBLIC_DOMAIN}/login/generic_oauth"]
+        scopes: [openid, profile, groups, email]
+        redirect_uris: ["https://grafana.${SECRET_PUBLIC_DOMAIN}/login/generic_oauth"]
        userinfo_signing_algorithm: none
      - id: outline
        description: Outline
@@ -68,24 +66,14 @@ identity_providers:
        public: false
        authorization_policy: two_factor
        pre_configured_consent_duration: 1y
-        scopes: ["openid", "profile", "email", "offline_access"]
-        redirect_uris:
-          ["https://docs.${SECRET_PUBLIC_DOMAIN}/auth/oidc.callback"]
+        scopes: [openid, profile, email, offline_access]
+        redirect_uris: ["https://docs.${SECRET_PUBLIC_DOMAIN}/auth/oidc.callback"]
        userinfo_signing_algorithm: none
-      - id: immich
-        description: Immich
-        secret: "${IMMICH_OAUTH_CLIENT_SECRET}"
+      - client_name: jellyfin
+        client_id: jellyfin
+        client_secret: "${JELLYFIN_OAUTH_CLIENT_SECRET}"
        public: false
-        authorization_policy: one_factor
-        pre_configured_consent_duration: 1y
-        scopes: ["openid", "profile", "email"]
-        redirect_uris: ["https://photos.${SECRET_PUBLIC_DOMAIN}/auth/login", "app.immich:/"]
-        userinfo_signing_algorithm: none
-      - id: jellyfin
-        description: jellyfin
-        public: false
-        secret: "${JELLYFIN_OAUTH_CLIENT_SECRET}"
        authorization_policy: two_factor
        pre_configured_consent_duration: 1y
-        scopes: ["openid", "profile", "groups", "email"]
+        scopes: [openid, profile, groups, email]
        redirect_uris: [ "https://jellyfin.${SECRET_PUBLIC_DOMAIN}/sso/OID/redirect/authelia" ]