From d3fda4210ff710f9758495cff25e9f8e081b4bb2 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 3 Jun 2023 03:28:24 +0200 Subject: [PATCH] Document OpenID connect setup for Miniflux (#1683) This change adds documentation on how to set up OpenID connect with Miniflux, a feedreader application. Miniflux currently does not support PKCE, and I've therefore raised and upstream issue, that I reference in the book section. --- CONTRIBUTORS.md | 1 + book/src/integrations/oauth2.md | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 411af3c00..be677d614 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -28,6 +28,7 @@ - Sebastiano Tocci(Seba-T) - Minh Phan (MinhPhan8803) - Kenton Groombridge (0xC0ncord) +- Martin Weinelt (hexa) ## Acknowledgements diff --git a/book/src/integrations/oauth2.md b/book/src/integrations/oauth2.md index ece179e33..f69ba6ae0 100644 --- a/book/src/integrations/oauth2.md +++ b/book/src/integrations/oauth2.md @@ -262,6 +262,23 @@ In the virtual host, to protect a location: ``` +### Miniflux + +Miniflux is a feedreader that supports OAuth 2.0 and OpenID connect. It automatically appends +the `.well-known` parts to the discovery endpoint. The application name in the redirect URL +needs to match the `OAUTH2_PROVIDER` name. + +``` +OAUTH2_PROVIDER = "kanidm"; +OAUTH2_CLIENT_ID = "miniflux"; +OAUTH2_CLIENT_SECRET = ""; +OAUTH2_REDIRECT_URL = "https://feeds.example.com/oauth2/kanidm/callback"; +OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://idm.example.com/oauth2/openid/"; +```` + +Currently Miniflux [does not support PKCE](https://github.com/miniflux/v2/issues/1910) and Kanidm will +prevent logins until you [disable PKCE](#extended-options-for-legacy-clients) for the resource server. + ### Nextcloud Install the module [from the nextcloud market place](https://apps.nextcloud.com/apps/user_oidc) - it