mirror of
https://github.com/lennart-k/rustical.git
synced 2025-12-13 22:52:22 +00:00
52 lines
1.4 KiB
Markdown
52 lines
1.4 KiB
Markdown
# OpenID Connect
|
|
|
|
You can set up RustiCal with an OpenID Connect identity provider
|
|
|
|
## Example: Authelia
|
|
|
|
```toml title="RustiCal configuration"
|
|
[oidc]
|
|
name = "Authelia"
|
|
issuer = "https://auth.example.com"
|
|
client_id = "rustical"
|
|
client_secret = "secret..."
|
|
claim_userid = "preferred_username" # (1)!
|
|
scopes = ["openid", "profile", "groups"]
|
|
require_group = "app/rustical" # (2)!
|
|
allow_sign_up = true
|
|
|
|
[frontend]
|
|
allow_password_login = false # optional
|
|
```
|
|
|
|
1. Can be either `preferred_username` or `sub`
|
|
2. Optional: You can require a user to be in a certain group to use RustiCal
|
|
|
|
```yaml title="Authelia configuration"
|
|
identity_providers:
|
|
oidc:
|
|
clients:
|
|
- client_id: rustical
|
|
client_secret: secret...
|
|
public: false
|
|
consent_mode: implicit
|
|
scopes: [openid, profile, groups]
|
|
token_endpoint_auth_method: client_secret_basic
|
|
redirect_uris:
|
|
- https://rustical.example.com/frontend/login/oidc/callback
|
|
```
|
|
|
|
### With environment variables
|
|
|
|
```sh
|
|
RUSTICAL_OIDC__NAME: "Authelia"
|
|
RUSTICAL_OIDC__ISSUER: "https://auth.example.com"
|
|
RUSTICAL_OIDC__CLIENT_ID: "rustical"
|
|
RUSTICAL_OIDC__CLIENT_SECRET: "secret..."
|
|
RUSTICAL_OIDC__CLAIM_USERID: "preferred_username"
|
|
RUSTICAL_OIDC__SCOPES: '["openid", "profile", "groups"]'
|
|
RUSTICAL_OIDC__REQUIRE_GROUP: "app:rustical"
|
|
RUSTICAL_OIDC__ALLOW_SIGN_UP: "true"
|
|
RUSTICAL_FRONTEND__ALLOW_PASSWORD_LOGIN: "false"
|
|
```
|