Home

Awesome

ep_oidc

This plugin is deprecated

You can find a newer and maintained version from https://github.com/ether/ep_openid_connect. Please treat this plugin as a non-maintained, deprecated version of oidc support for etherpad.

General

OIDC auth plugin for etherpad-lite

This plugin uses a passport.js strategy for OpenID Connect authentication, through passport-openidconnect by jaredhanson

This plugin is mostly based on ep_oauth2 plugin by HumanBrainProject

Settings configuration

You must add the required keys to etherpad settings (here with example values):

 "users": {
  "oidc": {
      "issuer": "https://auth.yourserver.com",
      "authorizationURL": "https://auth.yourserver.com/auth",
      "tokenURL": "https://auth.yourserver.com/token",
      "clientID": "YOUR_CLIENT_ID",
      "clientSecret": "YOUR_CLIENT_SECRET",
      "userinfoURL": "https://auth.yourserver.com/me",
      "usernameKey": "name",
      "useridKey": "sub",
      "passReqToCallback": false,
      "skipUserProfile": false,
      "callbackURL": "https://etherpad.yourserver.com/auth/callback",
      "responseType": "id_token",
      "scope": ["profile"]
  }
 }

Authorization

Note, that this plugin does not implement authorization for your etherpad-lite, so you must handle the authorization hook with another plugin (or create one yourself). Without the authorization, your etherpad-lite installation will not allow the user a permission to the pads, even though authenticated with ep_oidc. In example, going to the admin page with ep_oidc used as authentication and not implementing authorization, will cause an endless loop of requests (auth passes, but not authorized).

License

MIT