add comment about single quotes, edit values-local.yaml.example

16e6fc15 · Maarten de Waard · Arie Peterson · 76137c58 · 16e6fc15 · 16e6fc15
Commit 16e6fc15 authored 3 years ago by Maarten de Waard Committed by Arie Peterson 3 years ago
--- a/values-local.yaml.example
+++ b/values-local.yaml.example
@@ -49,21 +49,31 @@ apps:

 # sociallogin enables login via oAuth/Open-ID Connect
 sociallogin:
-  # sociallogin.server_name is the FQDN of you oAuth server. The oAuth server needs to
-  # provide the endpoints `/userinfo`, `/oauth2/token` and `/oauth2/auth` and according
-  # to the oauth2 standard it needs to be accessible via https with valid certificates
-  server_name: sso.oas.example.net
-  # sociallogin.client_id is the client name nextcloud will use to communicate with the
-  # oAuth server
-  client_id: nextcloud
-
-  ## sociallogin.client_secret is the password that nextcloud uses when communicating with
-  ## the oauth server
-  # client_secret: "YouReallyNeedToChangeThis"
-
-  # sociallogin.groups_claim is the name of a claim that the nextcloud server can retrieve
-  # by querying the `/userinfo` enfpoint of the openID Connect server. For every value in
-  # the groups_claim a corresponding group with a `oas_` prefix will be created if they don't
-  # exist yet. The user will then be added to those groups.
-  # If the claim contains the value `admin` the user will be added granted admin privileges.
-  groups_claim: "openappstack_roles"
+  # Because of how we import these settings, single quotes (') are not allowed
+  # in any of the values below
+  custom_oidc:
+    name: oas
+    title: OpenAppStack
+    # The oAuth server needs to provide the endpoints `/userinfo`,
+    # `/oauth2/token` and `/oauth2/auth` and according to the oauth2 standard it
+    # needs to be accessible via https with valid certificates
+    authorizeUrl: sso.oas.example.net/oauth2/auth
+    tokenUrl: sso.oas.example.net/oauth2/token
+    userInfoUrl: sso.oas.example.net/userinfo
+    logoutUrl: ""
+    # The client name nextcloud will use to communicate with the oAuth server
+    clientId: nextcloud
+    # The password that nextcloud uses when communicating with the oauth server
+    # clientSecret: YouReallyNeedToChangeThis
+    scope: "openid profile email openappstack_roles"
+    # The name of a claim that the nextcloud server can retrieve by querying the
+    # userInfoUrl of the openID Connect server. For every value in the
+    # groups_claim a corresponding group with an `oas_` prefix will be created
+    # if they don't exist yet. The user will then be added to those groups.  If
+    # the claim contains the value `admin` the user will be granted admin
+    # privileges.
+    groupsClaim: "openappstack_roles"
+    style: ""
+    defaultGroup: ""
+    groupMapping:
+      admin: admin
--- a/values.yaml
+++ b/values.yaml
@@ -175,6 +175,8 @@ rabbitmq:
    erlangCookie: stub

 sociallogin:
+  # Because of how we import these settings, single quotes (') are not allowed
+  # in any of the values below
  custom_oidc:
    name: oas
    title: OpenAppStack