From b7af076ab524c018992a05b031cd8e3533ab59d4 Mon Sep 17 00:00:00 2001
From: Mathieu Velten <mathieu.velten@beta.gouv.fr>
Date: Fri, 22 Mar 2024 11:35:11 +0100
Subject: Add OIDC config to add extra parameters to the authorize URL (#16971)

---
 docs/usage/configuration/config_documentation.md | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'docs')

diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md
index 638a459ed5..985f90c8a1 100644
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
@@ -3349,6 +3349,9 @@ Options for each entry include:
    not included in `scopes`. Set to `userinfo_endpoint` to always use the
    userinfo endpoint.
 
+* `additional_authorization_parameters`: String to string dictionary that will be passed as
+   additional parameters to the authorization grant URL.
+
 * `allow_existing_users`: set to true to allow a user logging in via OIDC to
    match a pre-existing account instead of failing. This could be used if
    switching from password logins to OIDC. Defaults to false.
@@ -3473,6 +3476,8 @@ oidc_providers:
     token_endpoint: "https://accounts.example.com/oauth2/token"
     userinfo_endpoint: "https://accounts.example.com/userinfo"
     jwks_uri: "https://accounts.example.com/.well-known/jwks.json"
+    additional_authorization_parameters:
+      acr_values: 2fa
     skip_verification: true
     enable_registration: true
     user_mapping_provider:
-- 
cgit 1.4.1