MyFavMirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-12-09 00:56:28 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: add PKCE verifier for OIDC

Browse Source
This commit is contained in:
Rorical
2024-03-05 09:13:23 +01:00
parent 9313e5b058
commit 8f43c94693
6 changed files with 187 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/ref/oidc.md
View File

@@ -45,6 +45,17 @@ oidc:
allowed_users:
- alice@example.com
# Optional: PKCE (Proof Key for Code Exchange) configuration
# PKCE adds an additional layer of security to the OAuth 2.0 authorization code flow
# by preventing authorization code interception attacks
pkce:
# Enable or disable PKCE support (default: false)
enabled: false
# PKCE method to use:
# - plain: Use plain code verifier
# - S256: Use SHA256 hashed code verifier (default, recommended)
method: S256
# If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
# This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
# If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following