Skip to content

Commit 8a9fbbc

Browse files
committed
adjust README and settings UI
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
1 parent 0c7bced commit 8a9fbbc

2 files changed

Lines changed: 47 additions & 7 deletions

File tree

README.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -191,6 +191,22 @@ parameter to the login URL.
191191
sudo -u www-data php var/www/nextcloud/occ config:app:set --type=string --value=0 user_oidc allow_multiple_user_backends
192192
```
193193

194+
### Private key JWT authentication
195+
196+
This app supports private key JWT authentication.
197+
See the `private_key_jwt` authentication method in https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
198+
This can be enabled for each provider individually in their settings
199+
(in Nextcloud's admin settings or with the `occ user_oidc:provider` command`).
200+
201+
If you enable that for a provider, you must configure the client accordingly on the IdP side.
202+
In the IdP client settings, you should be able to make it accept a signed JWT and set the JWKS URL.
203+
204+
The JWKS URL you should set in your IdP's client settings is `https://<your-nextcloud-url>/index.php/apps/user_oidc/jwks`.
205+
The exact URL is displayed in the user_oidc admin settings.
206+
207+
In Keycloak, you can set the JWKS URL in the "Keys" tab of the client settings. Then you can choose "Signed Jwt"
208+
as the "Client Authenticator" in the "Credentials" tab.
209+
194210
### PKCE
195211

196212
This app supports PKCE (Proof Key for Code Exchange).

src/components/SettingsForm.vue

Lines changed: 31 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -23,13 +23,24 @@
2323
type="text"
2424
required>
2525
</p>
26-
<NcCheckboxRadioSwitch
27-
v-model="localProvider.settings.usePrivateKeyJwt"
28-
wrapper-element="div">
29-
{{ t('user_oidc', 'Use private key JWT authentication method') }}
30-
</NcCheckboxRadioSwitch>
31-
<!-- TODO: link to https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication -->
32-
<!-- TODO: give the JWKs URL to configure the IdP -->
26+
<div class="line">
27+
<NcCheckboxRadioSwitch
28+
v-model="localProvider.settings.usePrivateKeyJwt"
29+
wrapper-element="div">
30+
{{ t('user_oidc', 'Use private key JWT authentication method') }}
31+
</NcCheckboxRadioSwitch>
32+
<a href="https://github.com/nextcloud/user_oidc#private-key-jwt-authentication" target="_blank">
33+
<NcButton variant="tertiary"
34+
:title="t('user_oidc', 'More details on private key JWT authentication method')">
35+
<template #icon>
36+
<HelpCircleOutlineIcon />
37+
</template>
38+
</NcButton>
39+
</a>
40+
</div>
41+
<NcNoteCard v-if="localProvider.settings.usePrivateKeyJwt" type="info">
42+
{{ t('user_oidc', 'Use this JWKS URL in your IdP\'s client settings: {jwksUrl}', { jwksUrl }) }}
43+
</NcNoteCard>
3344
<p>
3445
<label for="oidc-client-secret">{{ t('user_oidc', 'Client secret') }}</label>
3546
<input id="oidc-client-secret"
@@ -357,19 +368,25 @@ import AlertOutlineIcon from 'vue-material-design-icons/AlertOutline.vue'
357368
import CheckIcon from 'vue-material-design-icons/Check.vue'
358369
import ChevronRightIcon from 'vue-material-design-icons/ChevronRight.vue'
359370
import ChevronDownIcon from 'vue-material-design-icons/ChevronDown.vue'
371+
import HelpCircleOutlineIcon from 'vue-material-design-icons/HelpCircleOutline.vue'
360372
361373
import NcCheckboxRadioSwitch from '@nextcloud/vue/components/NcCheckboxRadioSwitch'
362374
import NcButton from '@nextcloud/vue/components/NcButton'
375+
import NcNoteCard from '@nextcloud/vue/components/NcNoteCard'
376+
377+
import { generateUrl } from '@nextcloud/router'
363378
364379
export default {
365380
name: 'SettingsForm',
366381
components: {
367382
NcCheckboxRadioSwitch,
368383
NcButton,
384+
NcNoteCard,
369385
AlertOutlineIcon,
370386
CheckIcon,
371387
ChevronRightIcon,
372388
ChevronDownIcon,
389+
HelpCircleOutlineIcon,
373390
},
374391
props: {
375392
submitText: {
@@ -394,6 +411,7 @@ export default {
394411
localProvider: null,
395412
maxIdentifierLength: 128,
396413
showProfileAttributes: false,
414+
jwksUrl: window.location.protocol + '//' + window.location.host + generateUrl('/apps/user_oidc/jwks'),
397415
}
398416
},
399417
computed: {
@@ -445,6 +463,12 @@ export default {
445463
}
446464
}
447465
466+
.line {
467+
display: flex;
468+
align-items: center;
469+
margin: 4px 0;
470+
}
471+
448472
.warning-hint {
449473
margin-left: 160px;
450474
background-color: var(--color-background-dark);

0 commit comments

Comments
 (0)