mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-01-03 05:48:42 +00:00
[#3286] Documentation on configuring Pleroma as OAuth 2.0 provider.
This commit is contained in:
parent
60b4654038
commit
239057155f
2 changed files with 17 additions and 8 deletions
1
docs/configuration/auth.md
Normal file
1
docs/configuration/auth.md
Normal file
|
@ -0,0 +1 @@
|
||||||
|
See `Authentication` section of [the configuration cheatsheet](../configuration/cheatsheet.md#authentication).
|
|
@ -893,6 +893,22 @@ Pleroma account will be created with the same name as the LDAP user name.
|
||||||
Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an
|
Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an
|
||||||
OpenLDAP server the value may be `uid: "uid"`.
|
OpenLDAP server the value may be `uid: "uid"`.
|
||||||
|
|
||||||
|
### :oauth2 (Pleroma as OAuth 2.0 provider settings)
|
||||||
|
|
||||||
|
OAuth 2.0 provider settings:
|
||||||
|
|
||||||
|
* `token_expires_in` - The lifetime in seconds of the access token.
|
||||||
|
* `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
|
||||||
|
* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
|
||||||
|
|
||||||
|
OAuth 2.0 provider and related endpoints:
|
||||||
|
|
||||||
|
* `POST /api/v1/apps` creates client app basing on provided params.
|
||||||
|
* `GET/POST /oauth/authorize` renders/submits authorization form.
|
||||||
|
* `POST /oauth/token` creates/renews OAuth token.
|
||||||
|
* `POST /oauth/revoke` revokes provided OAuth token.
|
||||||
|
* `GET /api/v1/accounts/verify_credentials` (with proper `Authorization` header or `access_token` URI param) returns user info on requester (with `acct` field containing local nickname and `fqn` field containing fully-qualified nickname which could generally be used as email stub for OAuth software that demands email field in identity endpoint response, like Peertube).
|
||||||
|
|
||||||
### OAuth consumer mode
|
### OAuth consumer mode
|
||||||
|
|
||||||
OAuth consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.).
|
OAuth consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.).
|
||||||
|
@ -965,14 +981,6 @@ config :ueberauth, Ueberauth,
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
### OAuth 2.0 provider - :oauth2
|
|
||||||
|
|
||||||
Configure OAuth 2 provider capabilities:
|
|
||||||
|
|
||||||
* `token_expires_in` - The lifetime in seconds of the access token.
|
|
||||||
* `issue_new_refresh_token` - Keeps old refresh token or generate new refresh token when to obtain an access token.
|
|
||||||
* `clean_expired_tokens` - Enable a background job to clean expired oauth tokens. Defaults to `false`.
|
|
||||||
|
|
||||||
## Link parsing
|
## Link parsing
|
||||||
|
|
||||||
### :uri_schemes
|
### :uri_schemes
|
||||||
|
|
Loading…
Reference in a new issue