dahjah/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-06-03 05:44:59 -06:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

openid scope

Jascha 2026-04-21 18:08:17 +02:00
parent 599e30a004
commit 686cb66d63
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Enabling-SSO-support-using-OpenId-Connect.md

@ -18,7 +18,7 @@ The following configurations are available
- The URL must not include the `/.well-known/openid-configuration`
- `${SSO_AUTHORITY}/.well-known/openid-configuration` must return a JSON document: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse (with an [HTTP status code 200 OK](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse:~:text=A%20successful%20response%20MUST%20use%20the%20200%20OK%20HTTP%20status%20code)!)
- `SSO_AUTHORITY` has to match the exact value of the `issuer` field that is returned by that JSON (so take the `issuer` value of the file if you are unsure whether to include a trailing slash or not).
- `SSO_SCOPES` : Optional, allow to override scopes if needed (default `profile email`)
- `SSO_SCOPES` : Optional, allow to override scopes if needed (default `profile email`, `openid` is implicit)
- `SSO_AUTHORIZE_EXTRA_PARAMS` : Optional, allow to add extra parameter to the authorize redirection (default `""`)
- `SSO_PKCE`: Activate PKCE for the Auth Code flow (default `true`).
- `SSO_AUDIENCE_TRUSTED`: Optional, Regex to trust additional audience for the IdToken (`client_id` is always trusted). Use single quote when writing the regex: `'^$'`.