OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity

Update Mastodon SSO instructions (#15587)

madlittlemods/15603-fix-literal-type
villepeh 2023-05-15 12:17:24 +03:00 committed by GitHub
parent 3690d5bd89
commit aa5c0592e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/15587.doc Normal file
View File

@ -0,0 +1 @@
Update and improve Mastodon Single Sign-On documentation.

6
docs/openid.md
View File

@ -569,7 +569,7 @@ You should receive a response similar to the following. Make sure to save it.
{"client_id":"someclientid_123","client_secret":"someclientsecret_123","id":"12345","name":"my_synapse_app","redirect_uri":"https://[synapse_public_baseurl]/_synapse/client/oidc/callback","website":null,"vapid_key":"somerandomvapidkey_123"} {"client_id":"someclientid_123","client_secret":"someclientsecret_123","id":"12345","name":"my_synapse_app","redirect_uri":"https://[synapse_public_baseurl]/_synapse/client/oidc/callback","website":null,"vapid_key":"somerandomvapidkey_123"}
``` ```
As the Synapse login mechanism needs an attribute to uniquely identify users, and Mastodon's endpoint does not return a `sub` property, an alternative `subject_claim` has to be set. Your Synapse configuration should include the following: As the Synapse login mechanism needs an attribute to uniquely identify users, and Mastodon's endpoint does not return a `sub` property, an alternative `subject_template` has to be set. Your Synapse configuration should include the following:
```yaml ```yaml
oidc_providers: oidc_providers:
@ -585,7 +585,9 @@ oidc_providers:
scopes: ["read"] scopes: ["read"]
user_mapping_provider: user_mapping_provider:
config: config:
subject_claim: "id" subject_template: "{{ user.id }}"
localpart_template: "{{ user.username }}"
display_name_template: "{{ user.display_name }}"
``` ```
Note that the fields `client_id` and `client_secret` are taken from the CURL response above. Note that the fields `client_id` and `client_secret` are taken from the CURL response above.