# TEMPORARILY DISABLED - OIDC clients causing template processing issues # identity_providers: # oidc: # hmac_secret: {{ secret "/run/secrets/IDENTITY_PROVIDERS_OIDC_HMAC_SECRET" }} # jwks: # - key: {{ secret "/run/secrets/IDENTITY_PROVIDERS_OIDC_JWKS_KEY" | mindent 10 "|" | msquote }} # # authorization_policies: # # headscale: # default_policy: deny # rules: # - policy: one_factor # subject: group:headscale # # To generate secrets: # # docker exec -it authelia authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 # clients: # # - client_id: headscale # client_name: Headscale # client_secret: {{ secret "/run/secrets/CLIENT_SECRET_HEADSCALE" }} # public: false # authorization_policy: headscale # consent_mode: implicit # scopes: # - openid # - email # - profile # redirect_uris: # - https://headscale.{{ env "TRAEFIK_DOMAIN" }}/oidc/callback # - https://headscale.{{ env "TRAEFIK_DOMAIN" }}/admin/oidc/callback # headplane on same domain as headscale # # - https://headplane.{{ env "TRAEFIK_DOMAIN" }}/admin/oidc/callback # headplane on it's own domain # userinfo_signed_response_alg: none # - client_id: headadmin # client_name: headadmin # client_secret: {{ secret "/run/secrets/CLIENT_SECRET_HEADADMIN" }} # public: false # authorization_policy: one_factor # consent_mode: implicit # scopes: # - openid # - email # - profile # redirect_uris: # - https://headadmin.{{ env "TRAEFIK_DOMAIN" }}/oidc_callback # userinfo_signed_response_alg: none # # - client_id: portainer # client_name: Portainer # client_secret: {{ secret "/run/secrets/CLIENT_SECRET_PORTAINER" }} # public: false # authorization_policy: one_factor # consent_mode: implicit # scopes: # - openid # - email # - profile # - groups # redirect_uris: # - https://portainer.{{ env "TRAEFIK_DOMAIN" }}/ # userinfo_signed_response_alg: none