Merge pull request #31 from ad3m3r5/main

update docs for oauth2 certificate changes and group name
OliveTin · Nov 25, 2024 · c6e80f7 · c6e80f7
2 parents 37fabeb + 43ccd45
commit c6e80f7
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 4 deletions.
diff --git a/modules/ROOT/pages/security/oauth2.adoc b/modules/ROOT/pages/security/oauth2.adoc
@@ -17,16 +17,19 @@ authOAuth2Providers:
 
 ==== Provider configuration
 
-* `name` - a "simple name" for the provider, used in the login redirect and internally in OliveTin, eg `github`
-* `title` - the human-readable name of the provider, eg `GitHub`
+* `name` - a "simple name" for the provider, used in the login redirect and internally in OliveTin, e.g. `github`
+* `title` - the human-readable name of the provider, e.g. `GitHub`
 * `clientId` - the client ID provided by the OAuth2 provider
 * `clientSecret` - the client secret provided by the OAuth2 provider
-* `icon` - the icon to use for the provider, eg an Iconify icon - accepts any HTML.
+* `icon` - the icon to use for the provider. Accepts any HTML, e.g. `<iconify-icon icon="simple-icons:authentik"></iconify-icon>`
 * `scopes` - a list of scopes to request.
 * `authUrl` - the URL to redirect to for authentication
 * `tokenUrl` - the URL to exchange the code for a token
 * `whoamiUrl` - the URL to fetch user information from
 * `usernameField` - the field in the user information response to use as the username
-
+* `userGroupField` - the field in the user information response to use as the group. This is a string containing one group name, e.g. `olivetin_group`
+* `certBundlePath` - the path to a certificate to add to the truststore for authentication requests, e.g. `/certs/internal.crt`
+* `insecureSkipVerify` - a boolean to disable certificate verfication
+* `connectTimeout` - an integer for seconds until the request will timeout, e.g. `10`
 
 
diff --git a/modules/ROOT/pages/security/oauth2_authentik.adoc b/modules/ROOT/pages/security/oauth2_authentik.adoc
@@ -42,6 +42,17 @@ authOAuth2Providers:
     icon: <iconify-icon icon="simple-icons:authentik"></iconify-icon>
 ```
 
+Optional configuration values to consider are:
+```yaml
+
+authOAuth2Providers:
+  authentik:
+    userGroupField: "your_mapped_group_name"
+    certBundlePath: "/path/to/mounted/certificate.pem"
+    insecureSkipVerify: true
+    connectTimeout: 15
+```
+
 You will need to restart OliveTin for the changes to take effect.
 
 ==== Testing