# https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#how-do-i-generate-client-secrets theme: auto log: level: debug format: json telemetry: metrics: enabled: true authentication_backend: file: path: /config/users_database.yml access_control: default_policy: deny rules: - domain: "*.chislan.family" policy: two_factor subject: - group:family - domain: "*.kejadlen.dev" policy: two_factor subject: - user:alpha identity_validation: reset_password: jwt_secret: {{ authelia.jwt_secret }} session: secret: {{ authelia.session_secret }} cookies: - domain: {{ domain }} authelia_url: https://auth.{{ domain }} # default_redirection_url: https://www.{{ domain }} - domain: chislan.family authelia_url: https://auth.chislan.family storage: encryption_key: {{ authelia.storage_encryption_key }} local: path: /config/db.sqlite3 notifier: smtp: username: apikey password: {{ authelia.smtp_password }} address: smtp://smtp.sendgrid.net:25 sender: authelia@kejadlen.dev identity_providers: oidc: jwks: - key: | {{ authelia.oidc_private_key | indent(10) }} clients: # https://www.authelia.com/reference/guides/generating-secure-values/#generating-a-random-password-hash - client_id: grafana client_name: Grafana client_secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ public: false redirect_uris: - https://grafana.{{ domain }}/login/generic_oauth scopes: - openid - profile - groups - email - client_id: tailscale client_name: Tailscale client_secret: $argon2id$v=19$m=65536,t=3,p=4$RivlSdV1WE/NLfd3Pzrubw$ljSvHj9sb0byolv7fk5G3nL415nS7Ze2RMASwPgfBX0 redirect_uris: - https://login.tailscale.com/a/oauth_response scopes: - openid - email - profile - client_id: gitea client_name: Gitea client_secret: $argon2id$v=19$m=65536,t=3,p=4$bMcI49gLNfk6ovxXbg9jFQ$qE/G5lDzkFebKopyGv1FOqkiA64HhRJ9kq+TJCR0HM0 public: false redirect_uris: - https://git.{{ domain }}/user/oauth2/authelia/callback scopes: - openid - email - profile - client_id: miniflux client_name: Miniflux client_secret: $argon2id$v=19$m=65536,t=3,p=4$tK5aBDAHOmNsEZzSYS88eg$z6tkZVIzB0x6RQjCM0v34lguS454lcQd/Sm0+xRfg7w public: false redirect_uris: - https://rss.{{ domain }}/oauth2/oidc/callback scopes: - openid - email - profile - client_id: gotosocial client_name: GoToSocial client_secret: $argon2id$v=19$m=65536,t=3,p=4$4fkP2O3FYs26yKH/3WLuvQ$JHkaAA+b752/v7rtyhEzGwGutpSZR+7PSmz8psFb8BM public: false redirect_uris: - https://hey.kejadlen.dev/auth/callback scopes: - openid - email - profile - groups # https://linkding.link/options/#ld_enable_oidc - client_id: linkding client_name: linkding client_secret: $argon2id$v=19$m=65536,t=3,p=4$dEQme8tnUUYArRvqSMEoUQ$nNygQmREKhzqf0OBLz0AY1th7mV0PZ1DS6M2GBdU+cE public: false token_endpoint_auth_method: client_secret_post redirect_uris: - https://links.kejadlen.dev/oidc/callback/ scopes: - openid - email - profile