blob: dacaaa00aab4b1f9b23040c019e1e5c899a4531d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
# OIDC authentication plugin
This is a system plugin, it has to be enabled globally through `TTRSS_PLUGINS`.
If everything is configured correctly, another login button will appear on the login form, which
you can use to log in through OpenID.
## Examples
### Authentik
Setup provider & application in the Authentik admin UI as usual. Example uses `tt-rss` slug.
Plugin settings (`.env`):
```properties
TTRSS_AUTH_OIDC_NAME: Authentik
TTRSS_AUTH_OIDC_URL: https://auth.example.com/application/o/tt-rss/
TTRSS_AUTH_OIDC_CLIENT_ID: client-id
TTRSS_AUTH_OIDC_CLIENT_SECRET: client-secret
```
### Authelia
```yml
identity_providers:
...
- id: test-ttrss
secret: your-secret-token
public: false
scopes:
- openid
- email
- profile
redirect_uris:
- "https://example.com/tt-rss"
userinfo_signing_algorithm: none
```
Plugin settings (`.env`):
```properties
TTRSS_AUTH_OIDC_NAME=Authelia
TTRSS_AUTH_OIDC_URL=https://auth.example.com/
TTRSS_AUTH_OIDC_CLIENT_ID=test-ttrss
TTRSS_AUTH_OIDC_CLIENT_SECRET=your-secret-token
```
### Keycloak
When using Keycloak, set `TTRSS_AUTH_OIDC_URL` to base realm URL:
```properties
TTRSS_AUTH_OIDC_URL=https://keycloak.example.com/realms/YourRealm
```
|