Jump to content

Howto configure IPB Oauth together with Matrix / Synapse.


ossipetz
Go to solution Solved by ossipetz,

Recommended Posts

  • Solution
Marc
This post was recognized by Marc!

"Very nice of you to share what you have found there"

ossipetz was awarded the badge 'Great Content'

After the setup instructions on using Rocket.Chat and the IPB OAuth API I thought I would share the settings for using Matrix Chat.

Matrix in itself is more a specification. Its reference server is called Synapse. One of the well known Web Client is called Element-web (previously called Riot). There are several clients available to choose from. For more information the website is a good place: https://matrix.org/

Members with a forum account can use the same account to login into the element-web chat client.

These are the settings in the IPB Admin Panel:

  • Client Type: Custom Confidential OAuth Client
  • Available Grant Types: Authorization Code
  • Require PKCE for Authorization Code grant?: Not required
  • Redirection URIs: https://matrix.yourhostname.com/_synapse/client/oidc/callback
  • Authorization Prompt: Never
    this will allow your invisioncommunity members to just open the element chat, get redirected a few times, but then be already connected and online in the chat.
  • Allow users to choose scopes? off
  • Show in Account Settings? on
  • Access Tokens: leave the defaults
  • Scopes: profile and email. leave the defaults

And these are the settings for the synapse server (to be put into the homeserver.yaml):

oidc_providers:
  - idp_id: yourhostname
    idp_name: "Yourhostname.com Login"
    discover: false
    issuer: "https://www.hostname.com/"
    client_id: "changeme"
    client_secret: "secret_changeme_aswell"
    scopes: ["email", "profile"]
    authorization_endpoint: "https://www.yourhostname.com/oauth/authorize/"
    token_endpoint: "https://www.yourhostname.com/oauth/token/"
    userinfo_endpoint: "https://www.yourhostname.com/api/core/me"
    user_mapping_provider:
      config:
        subject_claim: "name"
        localpart_template: "{{ user.name }}"
        display_name_template: "{{ user.name }}"
        email_template: "{{ user.email }}"

More details on setup context and the docker-containers that run all this can be found in our administrators own blog (where this is taken from with his permission).

This hopefully is of some use for someone else ☺️

 

If you have an "online users widget" for synapse, please let me know 😉 

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...