From e417287103ec958eaea0d6ae0d59b9cbbc093302 Mon Sep 17 00:00:00 2001
From: Matthew Pomes <matthew.pomes@pm.me>
Date: Sun, 23 Nov 2025 00:18:19 -0600
Subject: [PATCH] Add template auth secrets

---
 authelia/secret-template.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 authelia/secret-template.yml

diff --git a/authelia/secret-template.yml b/authelia/secret-template.yml
new file mode 100644
index 0000000..ab9d4ec
--- /dev/null
+++ b/authelia/secret-template.yml
@@ -0,0 +1,31 @@
+# rand() {
+#   docker run --rm authelia/authelia:latest authelia crypto rand --length $1 --charset rfc3986
+# }
+# hash() {
+#   docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length $1 --random.charset rfc3986
+# }
+identity_providers:
+  oidc:
+    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
+    ## See: https://www.authelia.com/c/oidc
+    clients:
+      - client_name: 'Gitea'
+        client_id: '$(rand 72)'
+        client_secret: '$(hash 72)'
+        public: false
+        authorization_policy: 'two_factor'
+        require_pkce: false
+        pkce_challenge_method: ''
+        redirect_uris:
+          - 'https://gitea.loadingm.xyz/user/oauth2/authelia/callback'
+        scopes:
+          - 'openid'
+          - 'email'
+          - 'profile'
+        response_types:
+          - 'code'
+        grant_types:
+          - 'authorization_code'
+        access_token_signed_response_alg: 'none'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_basic'