X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/b987bea37a593201107f207dc065e973e3ec39e8..refs/pull/4467/head:/app/Config/oidc.php

diff --git a/app/Config/oidc.php b/app/Config/oidc.php
index 8a9dd3a87..a624e034c 100644
--- a/app/Config/oidc.php
+++ b/app/Config/oidc.php
@@ -8,9 +8,12 @@ return [
     // Dump user details after a login request for debugging purposes
     'dump_user_details' => env('OIDC_DUMP_USER_DETAILS', false),
 
-    // Attribute, within a OpenId token, to find the user's display name
+    // Claim, within an OpenId token, to find the user's display name
     'display_name_claims' => explode('|', env('OIDC_DISPLAY_NAME_CLAIMS', 'name')),
 
+    // Claim, within an OpenID token, to use to connect a BookStack user to the OIDC user.
+    'external_id_claim' => env('OIDC_EXTERNAL_ID_CLAIM', 'sub'),
+
     // OAuth2/OpenId client id, as configured in your Authorization server.
     'client_id' => env('OIDC_CLIENT_ID', null),
 
@@ -41,7 +44,12 @@ return [
     // Enable syncing, upon login, of OIDC groups to BookStack roles
     'user_to_groups' => env('OIDC_USER_TO_GROUPS', false),
     // Attribute, within a OIDC ID token, to find group names within
-    'group_attribute' => env('OIDC_GROUP_ATTRIBUTE', 'groups'),
+    'groups_claim' => env('OIDC_GROUPS_CLAIM', 'groups'),
     // When syncing groups, remove any groups that no longer match. Otherwise sync only adds new groups.
     'remove_from_groups' => env('OIDC_REMOVE_FROM_GROUPS', false),
+
+    // OIDC Logout Feature: OAuth2 end_session_endpoint
+    'end_session_endpoint' => env('OIDC_END_SESSION_ENDPOINT', null),
+
 ];
+