diff options
author | BBBSnowball <bbbsnowball@gmail.com> | 2020-10-01 19:54:35 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-10-01 13:54:35 -0400 |
commit | 05ee048f2c9ce0bb8a7d2430b21ca3682ef5858b (patch) | |
tree | 87485cf6c0e87b270db93ff00e6eeda9c2b3236c /synapse/config/oidc_config.py | |
parent | Merge tag 'v1.21.0rc1' into develop (diff) | |
download | synapse-05ee048f2c9ce0bb8a7d2430b21ca3682ef5858b.tar.xz |
Add config option for always using "userinfo endpoint" for OIDC (#7658)
This allows for connecting to certain IdPs, e.g. GitLab.
Diffstat (limited to 'synapse/config/oidc_config.py')
-rw-r--r-- | synapse/config/oidc_config.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/synapse/config/oidc_config.py b/synapse/config/oidc_config.py index f924116819..7597fbc864 100644 --- a/synapse/config/oidc_config.py +++ b/synapse/config/oidc_config.py @@ -56,6 +56,7 @@ class OIDCConfig(Config): self.oidc_userinfo_endpoint = oidc_config.get("userinfo_endpoint") self.oidc_jwks_uri = oidc_config.get("jwks_uri") self.oidc_skip_verification = oidc_config.get("skip_verification", False) + self.oidc_user_profile_method = oidc_config.get("user_profile_method", "auto") self.oidc_allow_existing_users = oidc_config.get("allow_existing_users", False) ump_config = oidc_config.get("user_mapping_provider", {}) @@ -159,6 +160,14 @@ class OIDCConfig(Config): # #skip_verification: true + # Whether to fetch the user profile from the userinfo endpoint. Valid + # values are: "auto" or "userinfo_endpoint". + # + # Defaults to "auto", which fetches the userinfo endpoint if "openid" is included + # in `scopes`. Uncomment the following to always fetch the userinfo endpoint. + # + #user_profile_method: "userinfo_endpoint" + # Uncomment to allow a user logging in via OIDC to match a pre-existing account instead # of failing. This could be used if switching from password logins to OIDC. Defaults to false. # |