authelia: oauth for hedgedoc and guard grafana

2025-04-04 12:52:29 -04:00 · 2025-04-04 12:52:29 -04:00 · 2c9d24f06a
commit 2c9d24f06a
parent 160f89b423
4 changed files with 24 additions and 10 deletions
--- a/modules/authelia.nix
+++ b/modules/authelia.nix
@ -77,6 +77,23 @@ in
            userinfo_signed_response_alg = "none";
            token_endpoint_auth_method = "client_secret_basic";
          }
+          {
+            client_id = "hedgedoc";
+            client_name = "HedgeDoc";
+            client_secret = "$argon2id$v=19$m=65536,t=3,p=4$MFSXW3gjIZf0M3e8s8RJCg$6KWwksJe2vdUebPEdYc0Zy88fzGcHPrbStcqkiXl+Hg";
+            public = false;
+            authorization_policy = "two_factor";
+            redirect_uris = [
+              "https://pad.cy7.sh/auth/oauth2/callback"
+            ];
+            scopes = [ "openid" "profile" "email" ];
+            userinfo_signed_response_alg = "none";
+            grant_types = [ "refresh_token" "authorization_code" ];
+            response_types = [ "code" ];
+            response_modes = [ "form_post" "query" "fragment" ];
+            audience = [];
+            token_endpoint_auth_method = "client_secret_post";
+          }
        ];
      };
      secrets = {
@ -101,4 +118,4 @@ in
      reverse_proxy localhost:9091
    '';
  };
-}
+}