# au rand() { # docker run --rm authelia/authelia:latest authelia crypto rand --length $1 --charset rfc3986 # } # au hash() { # docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length $1 --random.charset rfc3986 # } identity_providers: oidc: hmac_secret: '$(au rand 72)' jwks: - key: $(openssl genrsa -out - 2048) claims_policies: karakeep: id_token: ['email'] ## The other portions of the mandatory OpenID Connect 1.0 configuration go here. ## See: https://www.authelia.com/c/oidc clients: - client_name: 'Gitea' client_id: '$(au rand 72)' client_secret: '$(au hash 72)' public: false authorization_policy: 'two_factor' require_pkce: false pkce_challenge_method: '' redirect_uris: - 'https://gitea.loadingm.xyz/user/oauth2/authelia/callback' scopes: - 'openid' - 'email' - 'profile' response_types: - 'code' grant_types: - 'authorization_code' access_token_signed_response_alg: 'none' userinfo_signed_response_alg: 'none' token_endpoint_auth_method: 'client_secret_basic' - client_name: 'Memos' client_id: '$(au rand 72)' client_secret: '$(au hash 72)' public: false authorization_policy: 'two_factor' require_pkce: false pkce_challenge_method: '' redirect_uris: - 'https://memos.loadingm.xyz/auth/callback' scopes: - 'openid' - 'email' - 'profile' response_types: - 'code' grant_types: - 'authorization_code' access_token_signed_response_alg: 'none' userinfo_signed_response_alg: 'none' token_endpoint_auth_method: 'client_secret_basic' - client_name: 'Open WebUI' client_id: '$(au rand 72)' client_secret: '$(au hash 72)' public: false authorization_policy: 'two_factor' require_pkce: false pkce_challenge_method: '' redirect_uris: - 'https://ollama.loadingm.xyz/oauth/oidc/callback' scopes: - 'openid' - 'email' - 'groups' - 'profile' response_types: - 'code' grant_types: - 'authorization_code' access_token_signed_response_alg: 'none' userinfo_signed_response_alg: 'none' token_endpoint_auth_method: 'client_secret_basic' - client_name: 'Karakeep' client_id: '$(au rand 72)' client_secret: '$(au hash 72)' public: false authorization_policy: 'two_factor' require_pkce: false pkce_challenge_method: '' redirect_uris: - 'https://karakeep.loadingm.xyz/api/auth/callback/custom' scopes: - 'openid' - 'email' - 'profile' claims_policy: 'karakeep' response_types: - 'code' grant_types: - 'authorization_code' access_token_signed_response_alg: 'none' userinfo_signed_response_alg: 'none' token_endpoint_auth_method: 'client_secret_basic' # - client_name: 'Jellyseerr' # client_id: '$(au rand 72)' # client_secret: '$(au hash 72)' # public: false # authorization_policy: 'two_factor' # require_pkce: false # pkce_challenge_method: '' # redirect_uris: # - 'https://memos.loadingm.xyz/auth/callback' # scopes: # - 'openid' # - 'email' # - 'profile' # response_types: # - 'code' # grant_types: # - 'authorization_code' # access_token_signed_response_alg: 'none' # userinfo_signed_response_alg: 'none' # token_endpoint_auth_method: 'client_secret_basic' # - client_name: 'Jellyfin' # client_id: '$(au rand 72)' # client_secret: '$(au hash 72)' # public: false # authorization_policy: 'two_factor' # require_pkce: false # pkce_challenge_method: '' # redirect_uris: # - 'https://memos.loadingm.xyz/auth/callback' # scopes: # - 'openid' # - 'email' # - 'profile' # response_types: # - 'code' # grant_types: # - 'authorization_code' # access_token_signed_response_alg: 'none' # userinfo_signed_response_alg: 'none' # token_endpoint_auth_method: 'client_secret_basic'