Enable state key on generic oauth2 #6104

Sleuth56 · 2023-01-29T21:20:08Z

This PR enables the state key on the generic oauth2 requests. The state key is more secure and is required by a lot of oauth2 providers such as Authelia. https://www.rfc-editor.org/rfc/rfc6819#section-4.4.1.8

A working config for Authelia. (What I used to test this patch)

- id: Wikijs # this should be changed to something more secure
  description: Wikijs SSO
  secret: '' # Long randomly generated string
  public: false
  authorization_policy: one_factor
  audience: []
  scopes:
    - openid
    - profile
    - email
  redirect_uris:
    - https://wiki.example.com/login/{UNIQUE_ID}/callback # Copy this from the bottom of the oauth2 setup in wikijs
  userinfo_signing_algorithm: none
  grant_types:
    - authorization_code

If you are using Authelia's file database

user:
  disabled: false
  displayname: "User"
  display_name: "User"
  password: ""
  email: user@example.com
  groups:
    - owner
    - user

Enable state key on generic oauth2

2fd7d3b

auto-assign bot requested a review from NGPixel January 29, 2023 21:20

auto-assign bot assigned NGPixel Jan 29, 2023

NGPixel approved these changes Jan 29, 2023

View reviewed changes

NGPixel merged commit 12233c4 into requarks:main Jan 29, 2023

davidflypei pushed a commit to davidflypei/wiki that referenced this pull request Jun 13, 2023

feat: enable state key on generic oauth2 (requarks#6104)

2a3778c

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable state key on generic oauth2 #6104

Enable state key on generic oauth2 #6104

Sleuth56 commented Jan 29, 2023

Enable state key on generic oauth2 #6104

Enable state key on generic oauth2 #6104

Conversation

Sleuth56 commented Jan 29, 2023