mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add instructions on how to enable PKCE in Nextcloud (#2647)

Browse source
This commit is contained in:
Martin Wurm 2024-03-12 03:42:04 +01:00 committed by GitHub
parent 285f4362b2
commit a0357ad227
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
book/src/integrations/oauth2.md
View file

@ -378,10 +378,14 @@ OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://idm.example.com/oauth2/openid/<oauth2_
Install the module [from the nextcloud market place](https://apps.nextcloud.com/apps/user_oidc) - it
can also be found in the Apps section of your deployment as "OpenID Connect user backend".
In Nextcloud's config.php you need to allow connection to remote servers:
In Nextcloud's config.php you need to allow connection to remote servers and enable PKCE:
```php
'allow_local_remote_servers' => true,
'user_oidc' => [
'use_pkce' => true,
],
```
You may optionally choose to add:
@ -397,13 +401,6 @@ If you forget this, you may see the following error in logs:
Host 172.24.11.129 was not connected to because it violates local access rules
```
This module does not support PKCE or ES256. You will need to run:
```bash
kanidm system oauth2 warning-insecure-client-disable-pkce <resource server name>
kanidm system oauth2 warning-enable-legacy-crypto <resource server name>
```
In the settings menu, configure the discovery URL and client ID and secret.
You can choose to disable other login methods with: