X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/2ec0aa85cab7c09f45589af6b05a053d44a8ca46..refs/pull/3918/head:/app/Config/oidc.php

diff --git a/app/Config/oidc.php b/app/Config/oidc.php
index 43e8678ad..d223a63ef 100644
--- a/app/Config/oidc.php
+++ b/app/Config/oidc.php
@@ -17,14 +17,31 @@ return [
     // OAuth2/OpenId client secret, as configured in your Authorization server.
     'client_secret' => env('OIDC_CLIENT_SECRET', null),
 
-    // The issuer of the identity token (id_token) this will be compared with what is returned in the token.
+    // The issuer of the identity token (id_token) this will be compared with
+    // what is returned in the token.
     'issuer' => env('OIDC_ISSUER', null),
 
+    // Auto-discover the relevant endpoints and keys from the issuer.
+    // Fetched details are cached for 15 minutes.
+    'discover' => env('OIDC_ISSUER_DISCOVER', false),
+
     // Public key that's used to verify the JWT token with.
     // Can be the key value itself or a local 'file://public.key' reference.
     'jwt_public_key' => env('OIDC_PUBLIC_KEY', null),
 
     // OAuth2 endpoints.
     'authorization_endpoint' => env('OIDC_AUTH_ENDPOINT', null),
-    'token_endpoint' => env('OIDC_TOKEN_ENDPOINT', null),
+    'token_endpoint'         => env('OIDC_TOKEN_ENDPOINT', null),
+
+    // Add extra scopes, upon those required, to the OIDC authentication request
+    // Multiple values can be provided comma seperated.
+    'additional_scopes' => env('OIDC_ADDITIONAL_SCOPES', null),
+
+    // Group sync options
+    // Enable syncing, upon login, of OIDC groups to BookStack roles
+    'user_to_groups' => env('OIDC_USER_TO_GROUPS', false),
+    // Attribute, within a OIDC ID token, to find group names within
+    'groups_claim' => env('OIDC_GROUPS_CLAIM', 'groups'),
+    // When syncing groups, remove any groups that no longer match. Otherwise sync only adds new groups.
+    'remove_from_groups' => env('OIDC_REMOVE_FROM_GROUPS', false),
 ];