diff --git a/CHANGELOG.md b/CHANGELOG.md
index ffffa795..c97de4b7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,15 +7,16 @@ TODO: https://github.com/JohnXLivingston/peertube-plugin-livechat/issues/48
**Breaking changes**:
-* if you were adding custom CSS to livechat iframe, it could be broken, as the livechat is no more included in an iframe. Your custom styles are now added on a `div` element.
+* If you were adding custom CSS to livechat iframe, it could be broken, as the livechat is no more included in an iframe. Your custom styles are now added on a `div` element.
### New features
+* For anonymous users: new "log in using an external account" dialog, with following options:
+ * remote Peertube account,
+ * #128: possibility to configure an OpenID Connect provider on the instance level.
* #143: User colors: implementing [XEP-0392](https://xmpp.org/extensions/xep-0392.html) to have random colors on users nicknames
* #330: Chat does no more use an iframe to display the chat besides the videos.
* #330: Fullscreen chat: now uses a custom page (in other words: when opening the chat in a new tab, you will have the Peertube menu).
-* For anonymous users: new "log in using an external account" dialog, with following options:
- * remote Peertube account
* #355: ConverseJS dropdown menu available everywhere, inclusing when chat is besides the video.
### Minor changes and fixes
diff --git a/client/admin-plugin-client-plugin.ts b/client/admin-plugin-client-plugin.ts
index 8232dc51..9ae4667b 100644
--- a/client/admin-plugin-client-plugin.ts
+++ b/client/admin-plugin-client-plugin.ts
@@ -236,6 +236,10 @@ function register (clientOptions: RegisterClientOptions): void {
return options.formValues['chat-no-anonymous'] !== false
}
+ if (name?.startsWith('external-auth-custom-oidc-')) {
+ return options.formValues['external-auth-custom-oidc'] !== true
+ }
+
return false
}
})
diff --git a/languages/en.yml b/languages/en.yml
index 4bcbeaca..59989015 100644
--- a/languages/en.yml
+++ b/languages/en.yml
@@ -67,6 +67,22 @@ federation_dont_publish_remotely_description: |
Please note: this setting only affects the publication of information via the ActivityPub protocol.
It will not prevent a remote application from otherwise detecting the presence of chats, and trying to connect to it.
+external_auth_description: |
+ External authentication
+ For users that have no Peertube account, you can enable various authentication modes based on remote authentication providers.
+
+external_auth_custom_oidc_label: "Use a custom OpenID Connect provider"
+external_auth_custom_oidc_description: |
+ You can configure an external OpenID Connect provider that could be used to log in to the chat.
+ Please refer to the documentation:
+ Settings.
+
+external_auth_custom_oidc_button_label_label: "Label for the connection button"
+external_auth_custom_oidc_button_label_description: "This label will be displayed to users, as the button label to authenticate with this OIDC provider."
+
+external_auth_custom_oidc_discovery_url_label: "Discovery URL"
+external_auth_custom_oidc_client_id_label: "Client ID"
+external_auth_custom_oidc_client_secret_label: "Client secret"
chat_behaviour_description: "Chat behaviour
"
diff --git a/package-lock.json b/package-lock.json
index c3a2ab8b..d3858938 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,6 +15,7 @@
"got": "^11.8.2",
"http-proxy": "^1.18.1",
"log-rotate": "^0.2.8",
+ "openid-client": "^5.6.5",
"validate-color": "^2.2.1",
"xmppjs-chat-bot": "^0.3.0"
},
@@ -8493,6 +8494,14 @@
"node": ">=0.10.0"
}
},
+ "node_modules/jose": {
+ "version": "4.15.5",
+ "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.5.tgz",
+ "integrity": "sha512-jc7BFxgKPKi94uOvEmzlSWFFe2+vASyXaKUpdQKatWAESU2MWjDfFf0fdfc83CDKcA5QecabZeNLyfhe3yKNkg==",
+ "funding": {
+ "url": "https://github.com/sponsors/panva"
+ }
+ },
"node_modules/js-tokens": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
@@ -8708,7 +8717,6 @@
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
"integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
- "dev": true,
"dependencies": {
"yallist": "^4.0.0"
},
@@ -9489,6 +9497,14 @@
"node": ">=0.10.0"
}
},
+ "node_modules/object-hash": {
+ "version": "2.2.0",
+ "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz",
+ "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==",
+ "engines": {
+ "node": ">= 6"
+ }
+ },
"node_modules/object-inspect": {
"version": "1.12.3",
"resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz",
@@ -9557,6 +9573,14 @@
"url": "https://github.com/sponsors/ljharb"
}
},
+ "node_modules/oidc-token-hash": {
+ "version": "5.0.3",
+ "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz",
+ "integrity": "sha512-IF4PcGgzAr6XXSff26Sk/+P4KZFJVuHAJZj3wgO3vX2bMdNVp/QXTP3P7CEm9V1IdG8lDLY3HhiqpsE/nOwpPw==",
+ "engines": {
+ "node": "^10.13.0 || >=12.0.0"
+ }
+ },
"node_modules/on-finished": {
"version": "2.4.1",
"resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
@@ -9601,6 +9625,20 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
+ "node_modules/openid-client": {
+ "version": "5.6.5",
+ "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.6.5.tgz",
+ "integrity": "sha512-5P4qO9nGJzB5PI0LFlhj4Dzg3m4odt0qsJTfyEtZyOlkgpILwEioOhVVJOrS1iVH494S4Ee5OCjjg6Bf5WOj3w==",
+ "dependencies": {
+ "jose": "^4.15.5",
+ "lru-cache": "^6.0.0",
+ "object-hash": "^2.2.0",
+ "oidc-token-hash": "^5.0.3"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/panva"
+ }
+ },
"node_modules/optionator": {
"version": "0.9.3",
"resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz",
@@ -12299,8 +12337,7 @@
"node_modules/yallist": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
- "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
- "dev": true
+ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
},
"node_modules/yaml": {
"version": "2.3.1",
@@ -18721,6 +18758,11 @@
"resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz",
"integrity": "sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg=="
},
+ "jose": {
+ "version": "4.15.5",
+ "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.5.tgz",
+ "integrity": "sha512-jc7BFxgKPKi94uOvEmzlSWFFe2+vASyXaKUpdQKatWAESU2MWjDfFf0fdfc83CDKcA5QecabZeNLyfhe3yKNkg=="
+ },
"js-tokens": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
@@ -18909,7 +18951,6 @@
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
"integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
- "dev": true,
"requires": {
"yallist": "^4.0.0"
}
@@ -19471,6 +19512,11 @@
"integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=",
"dev": true
},
+ "object-hash": {
+ "version": "2.2.0",
+ "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz",
+ "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw=="
+ },
"object-inspect": {
"version": "1.12.3",
"resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.3.tgz",
@@ -19515,6 +19561,11 @@
"es-abstract": "^1.19.1"
}
},
+ "oidc-token-hash": {
+ "version": "5.0.3",
+ "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz",
+ "integrity": "sha512-IF4PcGgzAr6XXSff26Sk/+P4KZFJVuHAJZj3wgO3vX2bMdNVp/QXTP3P7CEm9V1IdG8lDLY3HhiqpsE/nOwpPw=="
+ },
"on-finished": {
"version": "2.4.1",
"resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
@@ -19550,6 +19601,17 @@
"mimic-fn": "^2.1.0"
}
},
+ "openid-client": {
+ "version": "5.6.5",
+ "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.6.5.tgz",
+ "integrity": "sha512-5P4qO9nGJzB5PI0LFlhj4Dzg3m4odt0qsJTfyEtZyOlkgpILwEioOhVVJOrS1iVH494S4Ee5OCjjg6Bf5WOj3w==",
+ "requires": {
+ "jose": "^4.15.5",
+ "lru-cache": "^6.0.0",
+ "object-hash": "^2.2.0",
+ "oidc-token-hash": "^5.0.3"
+ }
+ },
"optionator": {
"version": "0.9.3",
"resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz",
@@ -21519,8 +21581,7 @@
"yallist": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
- "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
- "dev": true
+ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
},
"yaml": {
"version": "2.3.1",
diff --git a/package.json b/package.json
index 915633d2..c0c9e69a 100644
--- a/package.json
+++ b/package.json
@@ -39,6 +39,7 @@
"got": "^11.8.2",
"http-proxy": "^1.18.1",
"log-rotate": "^0.2.8",
+ "openid-client": "^5.6.5",
"validate-color": "^2.2.1",
"xmppjs-chat-bot": "^0.3.0"
},
diff --git a/server/lib/conversejs/params.ts b/server/lib/conversejs/params.ts
index 213a991e..7fb2a702 100644
--- a/server/lib/conversejs/params.ts
+++ b/server/lib/conversejs/params.ts
@@ -10,6 +10,7 @@ import { getVideoLiveChatInfos } from '../federation/storage'
import { getBaseRouterRoute, getBaseStaticRoute } from '../helpers'
import { getProsodyDomain } from '../prosody/config/domain'
import { getBoshUri, getWSUri } from '../uri/webchat'
+import { ExternalAuthOIDC } from '../external-auth/oidc'
interface GetConverseJSParamsParams {
readonly?: boolean | 'noscroll'
@@ -76,6 +77,10 @@ async function getConverseJSParams (
roomJID
} = connectionInfos
+ const oidc = ExternalAuthOIDC.singleton()
+ // TODO:
+ const externalAuthOIDC = await oidc.isOk() ? undefined : undefined
+
return {
peertubeVideoOriginalUrl: roomInfos.video?.url,
peertubeVideoUUID: roomInfos.video?.uuid,
@@ -98,7 +103,8 @@ async function getConverseJSParams (
transparent,
// forceDefaultHideMucParticipants is for testing purpose
// (so we can stress test with the muc participant list hidden by default)
- forceDefaultHideMucParticipants: params.forceDefaultHideMucParticipants
+ forceDefaultHideMucParticipants: params.forceDefaultHideMucParticipants,
+ externalAuthOIDC
}
}
diff --git a/server/lib/diagnostic/external-auth-custom-oidc.ts b/server/lib/diagnostic/external-auth-custom-oidc.ts
new file mode 100644
index 00000000..a0b51413
--- /dev/null
+++ b/server/lib/diagnostic/external-auth-custom-oidc.ts
@@ -0,0 +1,39 @@
+import type { RegisterServerOptions } from '@peertube/peertube-types'
+import { newResult, TestResult } from './utils'
+import { ExternalAuthOIDC } from '../external-auth/oidc'
+
+export async function diagExternalAuthCustomOIDC (test: string, _options: RegisterServerOptions): Promise {
+ const result = newResult(test)
+ result.label = 'Test External Auth Custom OIDC'
+ result.next = 'everything-ok'
+
+ try {
+ const oidc = ExternalAuthOIDC.singleton()
+
+ if (oidc.isDisabledBySettings()) {
+ result.ok = true
+ result.messages.push('Feature disabled in plugins settings.')
+ return result
+ }
+
+ const errors = await oidc.check()
+ if (errors.length) {
+ result.messages.push({
+ level: 'error',
+ message: 'The ExternalAuthOIDC singleton got some errors:'
+ })
+ result.messages.push(...errors)
+ return result
+ }
+ } catch (err) {
+ result.messages.push({
+ level: 'error',
+ message: 'Error while retrieving the ExternalAuthOIDC singleton:' + (err as string)
+ })
+ return result
+ }
+
+ result.ok = true
+ result.messages.push('Configuration OK.')
+ return result
+}
diff --git a/server/lib/diagnostic/index.ts b/server/lib/diagnostic/index.ts
index 92885998..497bca58 100644
--- a/server/lib/diagnostic/index.ts
+++ b/server/lib/diagnostic/index.ts
@@ -4,6 +4,7 @@ import { TestResult, newResult } from './utils'
import { diagDebug } from './debug'
import { diagProsody } from './prosody'
import { diagVideo } from './video'
+import { diagExternalAuthCustomOIDC } from './external-auth-custom-oidc'
import { helpUrl } from '../../../shared/lib/help'
export async function diag (test: string, options: RegisterServerOptions): Promise {
@@ -17,6 +18,8 @@ export async function diag (test: string, options: RegisterServerOptions): Promi
result = await diagVideo(test, options)
} else if (test === 'prosody') {
result = await diagProsody(test, options)
+ } else if (test === 'external-auth-custom-oidc') {
+ result = await diagExternalAuthCustomOIDC(test, options)
} else if (test === 'everything-ok') {
result = newResult(test)
result.label = 'Everything seems fine'
diff --git a/server/lib/diagnostic/prosody.ts b/server/lib/diagnostic/prosody.ts
index a91300a7..6ea63c49 100644
--- a/server/lib/diagnostic/prosody.ts
+++ b/server/lib/diagnostic/prosody.ts
@@ -236,6 +236,6 @@ export async function diagProsody (test: string, options: RegisterServerOptions)
}
result.ok = true
- result.next = 'everything-ok'
+ result.next = 'external-auth-custom-oidc'
return result
}
diff --git a/server/lib/diagnostic/utils.ts b/server/lib/diagnostic/utils.ts
index 97aef41e..5bb4211e 100644
--- a/server/lib/diagnostic/utils.ts
+++ b/server/lib/diagnostic/utils.ts
@@ -1,4 +1,4 @@
-type nextValue = 'backend' | 'debug' | 'webchat-video' | 'prosody' | 'everything-ok'
+type nextValue = 'backend' | 'debug' | 'webchat-video' | 'prosody' | 'external-auth-custom-oidc' | 'everything-ok'
interface MessageWithLevel {
level: 'info' | 'warning' | 'error'
diff --git a/server/lib/external-auth/oidc.ts b/server/lib/external-auth/oidc.ts
new file mode 100644
index 00000000..11a3e06d
--- /dev/null
+++ b/server/lib/external-auth/oidc.ts
@@ -0,0 +1,163 @@
+import type { RegisterServerOptions } from '@peertube/peertube-types'
+import { URL } from 'url'
+import { Issuer } from 'openid-client'
+
+let singleton: ExternalAuthOIDC | undefined
+
+/**
+ * This class handles the external OpenId Connect provider, if defined.
+ */
+class ExternalAuthOIDC {
+ private readonly enabled: boolean
+ private readonly buttonLabel: string | undefined
+ private readonly discoveryUrl: string | undefined
+ private readonly clientId: string | undefined
+ private readonly clientSecret: string | undefined
+ private ok: boolean | undefined
+ protected readonly logger: {
+ debug: (s: string) => void
+ info: (s: string) => void
+ warn: (s: string) => void
+ error: (s: string) => void
+ }
+
+ constructor (
+ logger: RegisterServerOptions['peertubeHelpers']['logger'],
+ enabled: boolean,
+ buttonLabel: string | undefined,
+ discoveryUrl: string | undefined,
+ clientId: string | undefined,
+ clientSecret: string | undefined
+ ) {
+ this.logger = {
+ debug: (s) => logger.debug('[ExternalAuthOIDC] ' + s),
+ info: (s) => logger.info('[ExternalAuthOIDC] ' + s),
+ warn: (s) => logger.warn('[ExternalAuthOIDC] ' + s),
+ error: (s) => logger.error('[ExternalAuthOIDC] ' + s)
+ }
+
+ this.enabled = !!enabled
+ if (this.enabled) {
+ this.buttonLabel = buttonLabel
+ this.discoveryUrl = discoveryUrl
+ this.clientId = clientId
+ this.clientSecret = clientSecret
+ }
+ }
+
+ /**
+ * Indicates that the OIDC is disabled.
+ * Caution: this does not indicate if it is enabled, but poorly configured.
+ * This method should only be used in the diagnostic tool.
+ */
+ isDisabledBySettings (): boolean {
+ return !this.enabled
+ }
+
+ /**
+ * Indicates if the OIDC provider is correctly configured.
+ * @param force If true, all checks will be forced again.
+ */
+ async isOk (force?: boolean): Promise {
+ // If we already checked it, just return the previous value.
+ if (!force && this.ok !== undefined) { return this.ok }
+
+ this.ok = (await this.check()).length === 0
+ return this.ok
+ }
+
+ /**
+ * Check the configuration.
+ * Returns an error list.
+ * If error list is empty, consider the OIDC is correctly configured.
+ */
+ async check (): Promise {
+ if (!this.enabled) {
+ this.logger.debug('OIDC is disabled')
+ return ['OIDC disabled']
+ }
+
+ const errors: string[] = []
+ if (this.buttonLabel === undefined) {
+ errors.push('Missing button label')
+ }
+ if (this.discoveryUrl === undefined) {
+ errors.push('Missing discovery url')
+ } else {
+ try {
+ const uri = new URL(this.discoveryUrl)
+ this.logger.debug('OIDC Discovery url is valid: ' + uri.toString())
+ } catch (err) {
+ errors.push('Invalid discovery url')
+ }
+ }
+ if (this.clientId === undefined) {
+ errors.push('Missing client id')
+ }
+ if (this.clientSecret === undefined) {
+ errors.push('Missing client secret')
+ }
+
+ if (errors.length === 0) {
+ // Now we can try to use the discover service
+ try {
+ const issuer = await Issuer.discover(this.discoveryUrl as string)
+ this.logger.debug(`Discovered issuer, metadata are: ${JSON.stringify(issuer.metadata)}`)
+ } catch (err) {
+ this.logger.error(err as string)
+ errors.push(`Discovery URL non working: ${err as string}`)
+ }
+ }
+
+ if (errors.length) {
+ this.logger.error('OIDC is not ok: ' + JSON.stringify(errors))
+ }
+ return errors
+ }
+
+ /**
+ * frees the singleton
+ */
+ public static async destroySingleton (): Promise {
+ if (!singleton) { return }
+ singleton = undefined
+ }
+
+ /**
+ * Instanciate the singleton.
+ * Note: no need to destroy the singleton before creating a new one.
+ */
+ public static async initSingleton (options: RegisterServerOptions): Promise {
+ const settings = await options.settingsManager.getSettings([
+ 'external-auth-custom-oidc',
+ 'external-auth-custom-oidc-button-label',
+ 'external-auth-custom-oidc-discovery-url',
+ 'external-auth-custom-oidc-client-id',
+ 'external-auth-custom-oidc-client-secret'
+ ])
+ singleton = new ExternalAuthOIDC(
+ options.peertubeHelpers.logger,
+ settings['external-auth-custom-oidc'] as boolean,
+ settings['external-auth-custom-oidc-button-label'] as string | undefined,
+ settings['external-auth-custom-oidc-discovery-url'] as string | undefined,
+ settings['external-auth-custom-oidc-client-id'] as string | undefined,
+ settings['external-auth-custom-oidc-client-secret'] as string | undefined
+ )
+ return singleton
+ }
+
+ /**
+ * Gets the singleton, or raise an exception if it is too soon.
+ * @returns the singleton
+ */
+ public static singleton (): ExternalAuthOIDC {
+ if (!singleton) {
+ throw new Error('ExternalAuthOIDC singleton is not initialized yet')
+ }
+ return singleton
+ }
+}
+
+export {
+ ExternalAuthOIDC
+}
diff --git a/server/lib/settings.ts b/server/lib/settings.ts
index f88e30bf..99c72c8d 100644
--- a/server/lib/settings.ts
+++ b/server/lib/settings.ts
@@ -3,6 +3,7 @@ import type { ConverseJSTheme } from '../../shared/lib/types'
import { ensureProsodyRunning } from './prosody/ctl'
import { RoomChannel } from './room-channel'
import { BotsCtl } from './bots/ctl'
+import { ExternalAuthOIDC } from './external-auth/oidc'
import { loc } from './loc'
type AvatarSet = 'sepia' | 'cat' | 'bird' | 'fenec' | 'abstract' | 'legacy'
@@ -13,11 +14,14 @@ async function initSettings (options: RegisterServerOptions): Promise {
initImportantNotesSettings(options)
initChatSettings(options)
initFederationSettings(options)
+ initExternalAuth(options)
initAdvancedChannelCustomizationSettings(options)
initChatBehaviourSettings(options)
initThemingSettings(options)
initChatServerAdvancedSettings(options)
+ await ExternalAuthOIDC.initSingleton(options)
+
let currentProsodyRoomtype = (await settingsManager.getSettings(['prosody-room-type']))['prosody-room-type']
// ********** settings changes management
@@ -27,6 +31,8 @@ async function initSettings (options: RegisterServerOptions): Promise {
await BotsCtl.destroySingleton()
await BotsCtl.initSingleton(options)
+ await ExternalAuthOIDC.initSingleton(options)
+
peertubeHelpers.logger.info('Saving settings, ensuring prosody is running')
await ensureProsodyRunning(options)
@@ -135,6 +141,77 @@ function initFederationSettings ({ registerSetting }: RegisterServerOptions): vo
})
}
+/**
+ * Registers settings related to the "External Authentication" section.
+ * @param param0 server options
+ */
+function initExternalAuth ({ registerSetting }: RegisterServerOptions): void {
+ registerSetting({
+ type: 'html',
+ private: true,
+ descriptionHTML: loc('external_auth_description')
+ })
+ registerSetting({
+ name: 'external-auth-custom-oidc',
+ label: loc('external_auth_custom_oidc_label'),
+ descriptionHTML: loc('external_auth_custom_oidc_description'),
+ type: 'input-checkbox',
+ default: false,
+ private: true
+ })
+ registerSetting({
+ name: 'external-auth-custom-oidc-button-label',
+ label: loc('external_auth_custom_oidc_button_label_label'),
+ descriptionHTML: loc('external_auth_custom_oidc_button_label_description'),
+ type: 'input',
+ default: '',
+ private: true
+ })
+ registerSetting({
+ name: 'external-auth-custom-oidc-discovery-url',
+ label: loc('external_auth_custom_oidc_discovery_url_label'),
+ // descriptionHTML: loc('external_auth_custom_oidc_discovery_url_description'),
+ type: 'input',
+ private: true
+ })
+ registerSetting({
+ name: 'external-auth-custom-oidc-client-id',
+ label: loc('external_auth_custom_oidc_client_id_label'),
+ // descriptionHTML: loc('external_auth_custom_oidc_client_id_description'),
+ type: 'input',
+ private: true
+ })
+ registerSetting({
+ name: 'external-auth-custom-oidc-client-secret',
+ label: loc('external_auth_custom_oidc_client_secret_label'),
+ // descriptionHTML: loc('external_auth_custom_oidc_client_secret_description'),
+ type: 'input-password',
+ private: true
+ })
+
+ // registerSetting({
+ // name: 'external-auth-custom-oidc-scope',
+ // label: loc('external_auth_custom_oidc_scope_label'),
+ // descriptionHTML: loc('external_auth_custom_oidc_scope_description'),
+ // type: 'input',
+ // private: true,
+ // default: 'openid profile'
+ // })
+ // registerSetting({
+ // name: 'username-property',
+ // label: 'Username property',
+ // type: 'input',
+ // private: true,
+ // default: 'preferred_username'
+ // })
+ // registerSetting({
+ // name: 'display-name-property',
+ // label: 'Display name property',
+ // type: 'input',
+ // private: true
+ // })
+}
+
/**
* Registers settings related to the "Advanced channel customization" section.
* @param param0 server options
diff --git a/server/main.ts b/server/main.ts
index 5df544c7..ae37b674 100644
--- a/server/main.ts
+++ b/server/main.ts
@@ -12,6 +12,7 @@ import { loadLoc } from './lib/loc'
import { RoomChannel } from './lib/room-channel'
import { BotConfiguration } from './lib/configuration/bot'
import { BotsCtl } from './lib/bots/ctl'
+import { ExternalAuthOIDC } from './lib/external-auth/oidc'
import decache from 'decache'
// FIXME: Peertube unregister don't have any parameter.
@@ -93,6 +94,7 @@ async function unregister (): Promise {
await RoomChannel.destroySingleton()
await BotConfiguration.destroySingleton()
+ await ExternalAuthOIDC.destroySingleton()
const module = __filename
OPTIONS?.peertubeHelpers.logger.info(`Unloading module ${module}...`)
diff --git a/shared/lib/types.ts b/shared/lib/types.ts
index 6180450c..cf9473e3 100644
--- a/shared/lib/types.ts
+++ b/shared/lib/types.ts
@@ -22,6 +22,9 @@ interface InitConverseJSParams {
transparent: boolean
forceDefaultHideMucParticipants?: boolean
autofocus?: boolean
+ externalAuthOIDC?: {
+ buttonLabel: string
+ }
}
interface InitConverseJSParamsError {