docs/content/integration/openid-connect/clients/donetick/index.md
{{% oidc-common %}}
This example makes the following assumptions:
https://donetick.{{< sitevar name="domain" nojs="example.com" >}}/https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/donetickinsecure_secretSome of the values presented in this guide can automatically be replaced with documentation variables.
{{< sitevar-preferences >}}
The following YAML configuration is an example Authelia client configuration for use with Donetick which will operate with the application example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_id: 'donetick'
client_name: 'Donetick'
client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: 'two_factor'
require_pkce: false
pkce_challenge_method: ''
redirect_uris:
- 'https://donetick.{{< sitevar name="domain" nojs="example.com" >}}/auth/oauth2'
scopes:
- 'openid'
- 'profile'
- 'email'
access_token_signed_response_alg: 'none'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'
To configure Donetick there are two methods, using Environment Variables, or using the Configuration File.
To configure Donetick to utilize Authelia as an OpenID Connect 1.0 Provider, use the following environment variables:
DT_OAUTH2_NAME=Authelia
DT_OAUTH2_CLIENT_ID=donetick
DT_OAUTH2_CLIENT_SECRET=insecure_secret
DT_OAUTH2_SCOPE=openid profile email
DT_OAUTH2_AUTH_URL=https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/authorization
DT_OAUTH2_TOKEN_URL=https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/token
DT_OAUTH2_INFO_URL=https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/userinfo
DT_OAUTH2_REDIRECT_URL=https://donetick.{{< sitevar name="domain" nojs="example.com" >}}/auth/oauth2
services:
donetick:
environment:
DT_OAUTH2_NAME: 'Authelia'
DT_OAUTH2_CLIENT_ID: 'donetick'
DT_OAUTH2_CLIENT_SECRET: 'insecure_secret'
DT_OAUTH2_SCOPES: 'openid profile email'
DT_OAUTH2_AUTH_URL: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/authorization'
DT_OAUTH2_TOKEN_URL: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/token'
DT_OAUTH2_USER_INFO_URL: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/userinfo'
DT_OAUTH2_REDIRECT_URL: 'https://donetick.{{< sitevar name="domain" nojs="example.com" >}}/auth/oauth2'
To configure Donetick to utilize Authelia as an OpenID Connect 1.0 Provider, use the following configuration:
oauth2:
name: 'Authelia'
client_id: 'donetick'
client_secret: 'insecure_secret'
scopes:
- 'openid'
- 'profile'
- 'email'
auth_url: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/authorization'
token_url: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/token'
user_info_url: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/userinfo'
redirect_url: 'https://donetick.{{< sitevar name="domain" nojs="example.com" >}}/auth/oauth2'
Please note that the Donetick app in version 0.1.34 does not work with OpenID on self-hosted Donetick instances. See issue #268 for details.