mirror of
https://github.com/TheAnachronism/docspell.git
synced 2025-06-21 18:08:25 +00:00
Document TOTP
This commit is contained in:
eikek
@ -66,31 +66,31 @@ docspell.server {
|
||||
#
|
||||
# Multiple authentication providers can be defined. Each is
|
||||
# configured in the array below. The `provider` block gives all
|
||||
# details necessary to authenticate agains an external OIDC or OAuth
|
||||
# provider. This requires at least two URLs for OIDC and three for
|
||||
# OAuth2. The `user-url` is only required for OIDC, if the account
|
||||
# data is to be retrieved from the user-info endpoint and not from
|
||||
# the JWT token. The access token is then used to authenticate at
|
||||
# the provider to obtain user info. Thus, it doesn't need to be
|
||||
# validated here and therefore no `sign-key` setting is needed.
|
||||
# However, if you want to extract the account information from the
|
||||
# access token, it must be validated here and therefore the correct
|
||||
# signature key and algorithm must be provided. This would save
|
||||
# another request. If the `sign-key` is left empty, the `user-url`
|
||||
# is used and must be specified. If the `sign-key` is _not_ empty,
|
||||
# the response from the authentication provider is validated using
|
||||
# this key.
|
||||
# details necessary to authenticate against an external OIDC or
|
||||
# OAuth provider. This requires at least two URLs for OIDC and three
|
||||
# for OAuth2. When using OIDC, the `user-url` is only required if
|
||||
# the account data is to be retrieved from the user-info endpoint
|
||||
# and not from the JWT token. For the request to the `user-url`, the
|
||||
# access token is then used to authenticate at the provider. Thus,
|
||||
# it doesn't need to be validated here and therefore no `sign-key`
|
||||
# setting is needed. However, if you want to extract the account
|
||||
# information from the access token, it must be validated here and
|
||||
# therefore the correct signature key and algorithm must be
|
||||
# provided. If the `sign-key` is left empty, the `user-url` is used
|
||||
# and must be specified. If the `sign-key` is _not_ empty, the
|
||||
# response from the authentication provider is validated using this
|
||||
# key.
|
||||
#
|
||||
# After successful authentication, docspell needs to create the
|
||||
# account. For this a username and collective name is required. The
|
||||
# username is defined by the `user-key` setting. The `user-key` is
|
||||
# used to search the JSON structure, that is obtained from the JWT
|
||||
# token or the user-info endpoint, for the login name to use. It
|
||||
# traverses the JSON structure recursively, until it finds an object
|
||||
# with that key. The first value is used.
|
||||
# account name is defined by the `user-key` and `collective-key`
|
||||
# setting. The `user-key` is used to search the JSON structure, that
|
||||
# is obtained from the JWT token or the user-info endpoint, for the
|
||||
# login name to use. It traverses the JSON structure recursively,
|
||||
# until it finds an object with that key. The first value is used.
|
||||
#
|
||||
# There are the following ways to specify how to retrieve the full
|
||||
# account id depending on the value of `collective-key`:
|
||||
# The `collective-key` can be used in multiple ways and both can
|
||||
# work together to retrieve the full account id:
|
||||
#
|
||||
# - If it starts with `fixed:`, like "fixed:collective", the name
|
||||
# after the `fixed:` prefix is used as collective as is. So all
|
||||
@ -100,15 +100,15 @@ docspell.server {
|
||||
# value after the prefix is used to search the JSON response for
|
||||
# an object with this key, just like it works with the `user-key`.
|
||||
#
|
||||
# - If it starts with `account:`, like "account:ds-account", it
|
||||
# works the same as `lookup:` only that the value is interpreted
|
||||
# as the full account name of form `collective/login`. The
|
||||
# `user-key` value is ignored in this case.
|
||||
# - If it starts with `account:`, like "account:demo", it works the
|
||||
# same as `lookup:` only that the value is interpreted as the full
|
||||
# account name of form `collective/login`. The `user-key` value is
|
||||
# ignored in this case.
|
||||
#
|
||||
# If these values cannot be obtained from the response, docspell
|
||||
# fails the authentication by denying access. It is then assumed
|
||||
# that the successfully authenticated user has not enough
|
||||
# permissions to access docspell.
|
||||
# fails the authentication. It is then assumed that the successfully
|
||||
# authenticated user at the OP has not enough permissions to access
|
||||
# docspell.
|
||||
#
|
||||
# Below are examples for OpenID Connect (keycloak) and OAuth2
|
||||
# (github).
|
||||
|
||||
@ -84,7 +84,7 @@ gb =
|
||||
or to just leave it there. In the latter case you should
|
||||
adjust the schedule to avoid reading over the same mails
|
||||
again."""
|
||||
, otpMenu = "Two Factor"
|
||||
, otpMenu = "Two Factor Authentication"
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user