Add optional OIDC avatar fetching from the “picture” claim

[bookstack] / app / Config / auth.php

diff --git a/app/Config/auth.php b/app/Config/auth.php
index 5535a6f9ce88b1c5ea6fd972d212f00337dfdb24..b1578fdb708f184462a4532eba43e53f276bfd82 100644 (file)
--- a/app/Config/auth.php
+++ b/app/Config/auth.php
@@ -10,15 +10,18 @@
 
 return [
 
-    // Method of authentication to use
-    // Options: standard, ldap
+    // Options: standard, ldap, saml2, oidc
     'method' => env('AUTH_METHOD', 'standard'),
 
+    // Automatically initiate login via external auth system if it's the sole auth method.
+    // Works with saml2 or oidc auth methods.
+    'auto_initiate' => env('AUTH_AUTO_INITIATE', false),
+
     // Authentication Defaults
     // This option controls the default authentication "guard" and password
     // reset options for your application.
     'defaults' => [
-        'guard' => 'web',
+        'guard'     => env('AUTH_METHOD', 'standard'),
         'passwords' => 'users',
     ],
 
@@ -26,17 +29,26 @@ return [
     // All authentication drivers have a user provider. This defines how the
     // users are actually retrieved out of your database or other storage
     // mechanisms used by this application to persist your user's data.
-    // Supported: "session", "token"
+    // Supported drivers: "session", "api-token", "ldap-session", "async-external-session"
     'guards' => [
-        'web' => [
-            'driver' => 'session',
+        'standard' => [
+            'driver'   => 'session',
             'provider' => 'users',
         ],
-
+        'ldap' => [
+            'driver'   => 'ldap-session',
+            'provider' => 'external',
+        ],
+        'saml2' => [
+            'driver'   => 'async-external-session',
+            'provider' => 'external',
+        ],
+        'oidc' => [
+            'driver'   => 'async-external-session',
+            'provider' => 'external',
+        ],
         'api' => [
-            'driver' => 'token',
-            'provider' => 'users',
-            'hash' => false,
+            'driver'   => 'api-token',
         ],
     ],
 
@@ -44,11 +56,15 @@ return [
     // All authentication drivers have a user provider. This defines how the
     // users are actually retrieved out of your database or other storage
     // mechanisms used by this application to persist your user's data.
-    // Supported: database, eloquent, ldap
     'providers' => [
         'users' => [
-            'driver' => env('AUTH_METHOD', 'standard') === 'standard' ? 'eloquent' : env('AUTH_METHOD'),
-            'model' => \BookStack\Auth\User::class,
+            'driver' => 'eloquent',
+            'model'  => \BookStack\Users\Models\User::class,
+        ],
+
+        'external' => [
+            'driver' => 'external-users',
+            'model'  => \BookStack\Users\Models\User::class,
         ],
 
         // 'users' => [
@@ -64,10 +80,17 @@ return [
     'passwords' => [
         'users' => [
             'provider' => 'users',
-            'email' => 'emails.password',
-            'table' => 'password_resets',
-            'expire' => 60,
+            'email'    => 'emails.password',
+            'table'    => 'password_resets',
+            'expire'   => 60,
+            'throttle' => 60,
         ],
     ],
 
+    // Password Confirmation Timeout
+    // Here you may define the amount of seconds before a password confirmation
+    // times out and the user is prompted to re-enter their password via the
+    // confirmation screen. By default, the timeout lasts for three hours.
+    'password_timeout' => 10800,
+
 ];