2021-10-07 00:12:01 +08:00
|
|
|
<?php
|
|
|
|
|
|
|
|
return [
|
|
|
|
|
|
|
|
// Display name, shown to users, for OpenId option
|
|
|
|
'name' => env('OIDC_NAME', 'SSO'),
|
|
|
|
|
|
|
|
// Dump user details after a login request for debugging purposes
|
|
|
|
'dump_user_details' => env('OIDC_DUMP_USER_DETAILS', false),
|
|
|
|
|
2023-01-27 00:43:15 +08:00
|
|
|
// Claim, within an OpenId token, to find the user's display name
|
2023-09-11 18:50:58 +08:00
|
|
|
'display_name_claims' => env('OIDC_DISPLAY_NAME_CLAIMS', 'name'),
|
2021-10-07 00:12:01 +08:00
|
|
|
|
2023-01-27 00:43:15 +08:00
|
|
|
// Claim, within an OpenID token, to use to connect a BookStack user to the OIDC user.
|
|
|
|
'external_id_claim' => env('OIDC_EXTERNAL_ID_CLAIM', 'sub'),
|
|
|
|
|
2021-10-07 00:12:01 +08:00
|
|
|
// OAuth2/OpenId client id, as configured in your Authorization server.
|
|
|
|
'client_id' => env('OIDC_CLIENT_ID', null),
|
|
|
|
|
|
|
|
// OAuth2/OpenId client secret, as configured in your Authorization server.
|
|
|
|
'client_secret' => env('OIDC_CLIENT_SECRET', null),
|
|
|
|
|
2021-10-13 06:00:52 +08:00
|
|
|
// The issuer of the identity token (id_token) this will be compared with
|
|
|
|
// what is returned in the token.
|
2021-10-07 00:12:01 +08:00
|
|
|
'issuer' => env('OIDC_ISSUER', null),
|
|
|
|
|
2021-10-13 06:00:52 +08:00
|
|
|
// Auto-discover the relevant endpoints and keys from the issuer.
|
|
|
|
// Fetched details are cached for 15 minutes.
|
|
|
|
'discover' => env('OIDC_ISSUER_DISCOVER', false),
|
|
|
|
|
2021-10-07 00:12:01 +08:00
|
|
|
// Public key that's used to verify the JWT token with.
|
|
|
|
// Can be the key value itself or a local 'file://public.key' reference.
|
|
|
|
'jwt_public_key' => env('OIDC_PUBLIC_KEY', null),
|
|
|
|
|
|
|
|
// OAuth2 endpoints.
|
|
|
|
'authorization_endpoint' => env('OIDC_AUTH_ENDPOINT', null),
|
2021-10-16 23:01:59 +08:00
|
|
|
'token_endpoint' => env('OIDC_TOKEN_ENDPOINT', null),
|
2022-08-02 23:56:56 +08:00
|
|
|
|
2023-12-06 21:49:53 +08:00
|
|
|
// OIDC RP-Initiated Logout endpoint
|
|
|
|
// A null value gets the URL from discovery, if active.
|
|
|
|
// A false value force-disables RP-Initiated Logout.
|
|
|
|
// A string value forces the given URL to be used.
|
|
|
|
'end_session_endpoint' => env('OIDC_END_SESSION_ENDPOINT', null),
|
|
|
|
|
2022-08-02 23:56:56 +08:00
|
|
|
// Add extra scopes, upon those required, to the OIDC authentication request
|
|
|
|
// Multiple values can be provided comma seperated.
|
|
|
|
'additional_scopes' => env('OIDC_ADDITIONAL_SCOPES', null),
|
|
|
|
|
|
|
|
// Group sync options
|
|
|
|
// Enable syncing, upon login, of OIDC groups to BookStack roles
|
|
|
|
'user_to_groups' => env('OIDC_USER_TO_GROUPS', false),
|
|
|
|
// Attribute, within a OIDC ID token, to find group names within
|
2022-09-06 23:32:42 +08:00
|
|
|
'groups_claim' => env('OIDC_GROUPS_CLAIM', 'groups'),
|
2023-12-06 21:49:53 +08:00
|
|
|
// When syncing groups, remove any groups that no longer match. Otherwise, sync only adds new groups.
|
2022-08-02 23:56:56 +08:00
|
|
|
'remove_from_groups' => env('OIDC_REMOVE_FROM_GROUPS', false),
|
2021-10-07 00:12:01 +08:00
|
|
|
];
|