homelab/docker-infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a483c2e7fc0c561f4410948d09e3f9665522dfd3
docker-infrastructure/authelia/config/configuration.yaml
T
poprhythm 0cd293e763 Fix ownCloud Desktop OIDC client config in Authelia 
- Change public: true → false (desktop app sends client_secret_basic)
- Add client_secret reference to secrets file
- Add token_endpoint_auth_method: client_secret_basic
- Add response_types: [code] (required for offline_access scope)
- Add grant_types: [authorization_code, refresh_token] (required to issue refresh_token)
2026-03-01 02:53:14 +00:00

158 lines
4.3 KiB
YAML
Raw Blame History

server:
address: 0.0.0.0:9091
log:
level: info
totp:
issuer: kolpacksoftware.com
webauthn:
disable: true
authentication_backend:
file:
path: /config/users_database.yaml
password:
algorithm: argon2id
access_control:
default_policy: deny
rules:
- domain: auth.kolpacksoftware.com
policy: bypass
- domain: ultralytics.kolpacksoftware.com
policy: one_factor
- domain: "*.kolpacksoftware.com"
policy: one_factor
subject: "group:admins"
session:
cookies:
- domain: kolpacksoftware.com
authelia_url: https://auth.kolpacksoftware.com
default_redirection_url: https://kolpacksoftware.com
name: authelia_session
expiration: 1h
inactivity: 5m
redis:
host: authelia-redis
port: 6379
storage:
local:
path: /config/db.sqlite3
notifier:
filesystem:
filename: /config/notifications.txt
regulation:
max_retries: 3
find_time: 2m
ban_time: 5m
identity_providers:
oidc:
hmac_secret: ${AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET}
cors:
endpoints:
- authorization
- token
- revocation
- introspection
- userinfo
allowed_origins_from_client_redirect_uris: true
jwks:
- key_id: main
algorithm: RS256
use: sig
# key is host-managed — never commit to git
# Host copy inlines the PEM content as a YAML block scalar (key: |)
# using Python to avoid shell $ interpolation of the PEM content.
# Generate with: openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out /srv/authelia/config/oidc.key
clients:
- client_id: open-webui
client_name: Open WebUI
client_secret: '{{ secret "/config/secrets/oidc_open_webui" }}'
public: false
authorization_policy: one_factor
token_endpoint_auth_method: client_secret_basic
redirect_uris:
- https://open-webui.kolpacksoftware.com/oauth/oidc/callback
scopes:
- openid
- profile
- email
userinfo_signed_response_alg: none
- client_id: immich
client_name: Immich
client_secret: '{{ secret "/config/secrets/oidc_immich" }}'
public: false
authorization_policy: one_factor
token_endpoint_auth_method: client_secret_post
redirect_uris:
- https://immich.kolpacksoftware.com/auth/login
- app.immich:///oauth-callback
scopes:
- openid
- profile
- email
userinfo_signed_response_alg: none
- client_id: linkding
client_name: Linkding
client_secret: '{{ secret "/config/secrets/oidc_linkding" }}'
public: false
authorization_policy: one_factor
token_endpoint_auth_method: client_secret_post
redirect_uris:
- https://linkding.kolpacksoftware.com/oidc/callback/
scopes:
- openid
- profile
- email
- groups
userinfo_signed_response_alg: none
- client_id: ocis
client_name: ownCloud Infinite Scale
public: true
require_pkce: true
pkce_challenge_method: S256
authorization_policy: one_factor
redirect_uris:
- https://cloud.kolpacksoftware.com/
- https://cloud.kolpacksoftware.com/oidc-callback.html
- https://cloud.kolpacksoftware.com/oidc-silent-redirect.html
- https://cloud.kolpacksoftware.com/apps/openidconnect/redirect
scopes:
- openid
- profile
- email
- groups
- offline_access
userinfo_signed_response_alg: none
- client_id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
client_name: ownCloud Desktop
client_secret: '{{ secret "/config/secrets/oidc_ocis_desktop" }}'
public: false
require_pkce: true
pkce_challenge_method: S256
token_endpoint_auth_method: client_secret_basic
authorization_policy: one_factor
response_types:
- code
grant_types:
- authorization_code
- refresh_token
redirect_uris:
- http://127.0.0.1
scopes:
- openid
- profile
- email
- offline_access
userinfo_signed_response_alg: none
Reference in New Issue View Git Blame Copy Permalink