chore(config-docs): update docs for latest oidc defaults

postalserver · Mar 16, 2024 · 364eba6 · 364eba6
1 parent 6a1ff56
commit 364eba6
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/doc/config/environment-variables.md b/doc/config/environment-variables.md
@@ -98,13 +98,14 @@ This document contains all the environment variables which are available for thi
 | `MIGRATION_WAITER_ATTEMPTS` | Integer | The number of attempts to try waiting for migrations to complete before start | 120 |
 | `MIGRATION_WAITER_SLEEP_TIME` | Integer | The number of seconds to wait between each migration check | 2 |
 | `OIDC_ENABLED` | Boolean | Enable OIDC authentication | false |
+| `OIDC_LOCAL_AUTHENTICATION_ENABLED` | Boolean | When enabled, users with passwords will still be able to login locally. If disable, only OpenID Connect will be available. | true |
 | `OIDC_NAME` | String | The name of the OIDC provider as shown in the UI | OIDC Provider |
 | `OIDC_ISSUER` | String | The OIDC issuer URL |  |
 | `OIDC_IDENTIFIER` | String | The client ID for OIDC |  |
 | `OIDC_SECRET` | String | The client secret for OIDC |  |
-| `OIDC_SCOPES` | Array of strings | Scopes to request from the OIDC server. | openid |
+| `OIDC_SCOPES` | Array of strings | Scopes to request from the OIDC server. | openid,email |
 | `OIDC_UID_FIELD` | String | The field to use to determine the user's UID | sub |
-| `OIDC_EMAIL_ADDRESS_FIELD` | String | The field to use to determine the user's email address | sub |
+| `OIDC_EMAIL_ADDRESS_FIELD` | String | The field to use to determine the user's email address | email |
 | `OIDC_NAME_FIELD` | String | The field to use to determine the user's name | name |
 | `OIDC_DISCOVERY` | Boolean | Enable discovery to determine endpoints from .well-known/openid-configuration from the Issuer | true |
 | `OIDC_AUTHORIZATION_ENDPOINT` | String | The authorize endpoint on the authorization server (only used when discovery is false) |  |

diff --git a/doc/config/yaml.yml b/doc/config/yaml.yml
@@ -223,6 +223,8 @@ migration_waiter:
 oidc:
   # Enable OIDC authentication
   enabled: false
+  # When enabled, users with passwords will still be able to login locally. If disable, only OpenID Connect will be available.
+  local_authentication_enabled: true
   # The name of the OIDC provider as shown in the UI
   name: OIDC Provider
   # The OIDC issuer URL
@@ -233,11 +235,11 @@ oidc:
   secret: 
   # Scopes to request from the OIDC server.
   scopes:
-    - openid
+    - openid,email
   # The field to use to determine the user's UID
   uid_field: sub
   # The field to use to determine the user's email address
-  email_address_field: sub
+  email_address_field: email
   # The field to use to determine the user's name
   name_field: name
   # Enable discovery to determine endpoints from .well-known/openid-configuration from the Issuer