From a9ef7872a10a3ebd1e9af5631623b4ca5a2524fe Mon Sep 17 00:00:00 2001
From: LRVT <21357789+l4rm4nd@users.noreply.github.com>
Date: Sat, 3 Aug 2024 02:54:53 +0200
Subject: [PATCH] chore: extend authelia config

add identity provider example config for immich
---
 examples/authelia/config/configuration.yml | 70 ++++++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git a/examples/authelia/config/configuration.yml b/examples/authelia/config/configuration.yml
index bbea539..1689aa6 100644
--- a/examples/authelia/config/configuration.yml
+++ b/examples/authelia/config/configuration.yml
@@ -103,4 +103,74 @@ notifier:
   #   sender: "MySender <admin@example.com>"
   filesystem:
     filename: /config/notifications.txt
+
+#identity_providers:
+#  oidc:
+#    hmac_secret: 'a-very-secure-hmac-secret'
+#    jwks:
+#      - key_id: 'authelia'
+#        algorithm: 'RS256'
+#        use: 'sig'
+#        certificate_chain: |
+#          -----BEGIN CERTIFICATE-----
+#          <PUBLIC-KEY-DATA-COMES-HERE>
+#          -----END CERTIFICATE-----
+#        key: |
+#          -----BEGIN PRIVATE KEY-----
+#          <PRIVATE-KEY-DATA-COMES-HERE>
+#          -----END PRIVATE KEY-----
+#    enable_client_debug_messages: false
+#    minimum_parameter_entropy: 8
+#    enforce_pkce: 'public_clients_only'
+#    enable_pkce_plain_challenge: false
+#    enable_jwt_access_token_stateless_introspection: false
+#    discovery_signed_response_alg: 'none'
+#    discovery_signed_response_key_id: ''
+#    require_pushed_authorization_requests: false
+#    lifespans:
+#      access_token: '1h'
+#      authorize_code: '1m'
+#      id_token: '1h'
+#      refresh_token: '90m'
+#    cors:
+#      endpoints:
+#        - 'authorization'
+#        - 'token'
+#        - 'revocation'
+#        - 'introspection'
+#      allowed_origins:
+#        - 'https://immich.example.com'
+#      allowed_origins_from_client_redirect_uris: false
+#    clients:
+#      - client_id: immich
+#        client_name: Immich OIDC
+#        client_secret: 'a-very-secure-client-secret'
+#        public: false
+#        authorization_policy: one_factor # may use two_factor to enforce 2FA
+#        consent_mode: explicit
+#        token_endpoint_auth_method: "client_secret_basic"
+#        pre_configured_consent_duration: 1w
+#        scopes:
+#          - openid
+#          - groups
+#          - email
+#          - profile
+#        redirect_uris: # adjust to your domains
+#          - https://authelia.example.com/
+#          - https://authelia.example.com/oauth2/callback
+#          - https://immich.example.com/oauth2/callback
+#          - https://immich.example.com/auth/login
+#          - https://immich.example.com/user-settings
+#          - https://immich.example.com
+#          - app.immich:/
+#          - https://immich.example.com/api/oauth/mobile-redirect
+#        grant_types:
+#          - refresh_token
+#          - authorization_code
+#        response_types:
+#          - code
+#        response_modes:
+#          - form_post
+#          - query
+#          - fragment    
 ...