4 changed files with 9 additions and 39 deletions
--- a/roles/authelia/templates/configuration.yml
+++ b/roles/authelia/templates/configuration.yml
@ -76,19 +76,9 @@ identity_providers:
      - key: |
          {{ authelia_secrets["jwks_key"] | indent(width=10) }}
    clients:
-      - client_id: '{{ authelia_secrets["hedgedoc_client_id"] }}'
+      - client_id: '{{ synapse_secrets["oidc_client_id"] }}'
        client_name: HedgeDoc
        client_secret: '{{ authelia_secrets["hedgedoc_client_secret_hash"] }}'
        redirect_uris: 'https://hedgedoc.{{ domain }}/auth/oauth2/callback'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
        token_endpoint_auth_method: client_secret_post
      - client_id: '{{ authelia_secrets["synapse_client_id"] }}'
        client_name: Synapse
-        client_secret: '{{ authelia_secrets["synapse_client_secret_hash"] }}'
+        client_secret: '{{ synapse_secrets["oidc_client_secret_hash"] }}'
        redirect_uris: 'https://matrix.{{ domain }}/_synapse/client/oidc/callback'
        scopes:
          - 'openid'
--- a/roles/hedgedoc/templates/.env
+++ b/roles/hedgedoc/templates/.env
@ -6,15 +6,3 @@ CMD_DB_PASSWORD='{{ hedgedoc_secrets["postgres_password"] }}'
 CMD_DOMAIN='hedgedoc.{{ domain }}'
 CMD_PROTOCOL_USESSL=true
 CMD_SESSION_SECRET='{{ hedgedoc_secrets["session_secret"] }}'
 CMD_ALLOW_EMAIL_REGISTER=false
 CMD_OAUTH2_PROVIDERNAME=Authelia
 CMD_OAUTH2_CLIENT_ID='{{ authelia_secrets["hedgedoc_client_id"] }}'
 CMD_OAUTH2_CLIENT_SECRET='{{ authelia_secrets["hedgedoc_client_secret"] }}'
 CMD_OAUTH2_AUTHORIZATION_URL=https://auth.{{ domain }}/api/oidc/authorization
 CMD_OAUTH2_TOKEN_URL=https://auth.{{ domain }}/api/oidc/token
 CMD_OAUTH2_USER_PROFILE_URL=https://auth.{{ domain }}/api/oidc/userinfo
 CMD_OAUTH2_SCOPE=openid email profile
 CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
 CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
 CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
--- a/roles/synapse/templates/homeserver.yaml
+++ b/roles/synapse/templates/homeserver.yaml
@ -113,8 +113,8 @@ oidc_providers:
    idp_icon: "mxc://authelia.com/cKlrTPsGvlpKxAYeHWJsdVHI"
    discover: false
    issuer: "https://auth.{{ domain }}"
-    client_id: '{{ authelia_secrets["synapse_client_id"] }}'
+    client_id: '{{ synapse_secrets["oidc_client_id"] }}'
-    client_secret: '{{ authelia_secrets["synapse_client_secret"] }}'
+    client_secret: '{{ synapse_secrets["oidc_client_secret"] }}'
    scopes: ["openid", "profile", "email"]
    authorization_endpoint: 'https://auth.{{ domain }}/api/oidc/authorization'
    token_endpoint: 'https://auth.{{ domain }}/api/oidc/token'
--- a/secrets.yml.example
+++ b/secrets.yml.example
@ -12,27 +12,14 @@ cifs_credentials:
 authelia_secrets:
  # Encryption key for the database, must be saved
  encryption_key:
  # Generate random client id : docker run --rm authelia/authelia:4 authelia crypto rand --length 72 --charset rfc3986
  # Generate random secret + hash : docker run --rm authelia/authelia:4 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
  hedgedoc_client_id:
  hedgedoc_client_secret:
  hedgedoc_client_secret_hash:
  synapse_client_id:
  synapse_client_secret:
  synapse_client_secret_hash:
  hmac_secret:
  jwks_key: | # openssl genrsa 4096
  jwt_secret:
  # LDAP bind dn
  ldap_user:
  ldap_password:
  postgres_user:
  postgres_password:
  smtp_user:
  smtp_password:
@ -64,6 +51,11 @@ searxng_secrets:
  searxng_secret:
 synapse_secrets:
  # docker run --rm authelia/authelia:4 authelia crypto rand --length 72 --charset rfc3986
  oidc_client_id:
  # Generate random secret + hash : docker run --rm authelia/authelia:4 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
  oidc_client_secret:
  oidc_client_secret_hash:
  smtp_user:
  smtp_pass:
  postgres_user: