FEAT(authelia): add Immich as OIDC client in Authelia
- Add Immich OIDC client configuration - Enable OAuth authentication for Immich
This commit is contained in:
@@ -26,6 +26,8 @@ pod:
|
||||
path: HEADLAMP_CLIENT_SECRET
|
||||
- key: VAULT_CLIENT_SECRET
|
||||
path: VAULT_CLIENT_SECRET
|
||||
- key: IMMICH_CLIENT_SECRET
|
||||
path: IMMICH_CLIENT_SECRET
|
||||
- key: identity_providers.oidc.jwks.key
|
||||
path: jwks.pem
|
||||
extraVolumeMounts:
|
||||
@@ -41,6 +43,10 @@ pod:
|
||||
mountPath: /secrets/VAULT_CLIENT_SECRET
|
||||
subPath: VAULT_CLIENT_SECRET
|
||||
readOnly: true
|
||||
- name: oidc-secrets
|
||||
mountPath: /secrets/IMMICH_CLIENT_SECRET
|
||||
subPath: IMMICH_CLIENT_SECRET
|
||||
readOnly: true
|
||||
- name: oidc-secrets
|
||||
mountPath: /secrets/jwks.pem
|
||||
subPath: jwks.pem
|
||||
@@ -141,6 +147,21 @@ configMap:
|
||||
- email
|
||||
- groups
|
||||
token_endpoint_auth_method: client_secret_post
|
||||
- client_id: immich
|
||||
client_name: Immich
|
||||
client_secret:
|
||||
path: /secrets/IMMICH_CLIENT_SECRET
|
||||
public: false
|
||||
authorization_policy: one_factor
|
||||
redirect_uris:
|
||||
- https://immich0213.kro.kr/auth/login
|
||||
- https://immich0213.kro.kr/user-settings
|
||||
- app.immich:///oauth-callback
|
||||
scopes:
|
||||
- openid
|
||||
- profile
|
||||
- email
|
||||
token_endpoint_auth_method: client_secret_post
|
||||
|
||||
# Secret configuration - use existing secret from Vault
|
||||
secret:
|
||||
|
||||
@@ -52,3 +52,8 @@ spec:
|
||||
remoteRef:
|
||||
key: cluster-infrastructure/authelia
|
||||
property: VAULT_CLIENT_SECRET
|
||||
# Immich OIDC client secret
|
||||
- secretKey: IMMICH_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: cluster-infrastructure/authelia
|
||||
property: IMMICH_CLIENT_SECRET
|
||||
|
||||
Reference in New Issue
Block a user