2023-07-16 13:09:15 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
return [
|
|
|
|
|
'mastodon' => [
|
|
|
|
|
'enabled' => env('PF_LOGIN_WITH_MASTODON_ENABLED', false),
|
2023-09-27 07:33:39 +00:00
|
|
|
'ignore_closed_state' => env('PF_LOGIN_WITH_MASTODON_ENABLED_SKIP_CLOSED', false),
|
2023-07-16 13:09:15 +00:00
|
|
|
|
|
|
|
|
'contraints' => [
|
|
|
|
|
/*
|
|
|
|
|
* Skip email verification
|
|
|
|
|
*
|
|
|
|
|
* To improve the onboarding experience, you can opt to skip the email
|
|
|
|
|
* verification process and automatically verify their email
|
|
|
|
|
*/
|
|
|
|
|
'skip_email_verification' => env('PF_LOGIN_WITH_MASTODON_SKIP_EMAIL', true),
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
'domains' => [
|
|
|
|
|
'default' => 'mastodon.social,mastodon.online,mstdn.social,mas.to',
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Custom mastodon domains
|
|
|
|
|
*
|
|
|
|
|
* Define a comma separated list of custom domains to allow
|
|
|
|
|
*/
|
|
|
|
|
'custom' => env('PF_LOGIN_WITH_MASTODON_DOMAINS'),
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Use only default domains
|
|
|
|
|
*
|
|
|
|
|
* Allow Sign-in with Mastodon using only the default domains
|
|
|
|
|
*/
|
2023-07-17 04:54:02 +00:00
|
|
|
'only_default' => env('PF_LOGIN_WITH_MASTODON_ONLY_DEFAULT', false),
|
2023-07-16 13:09:15 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Use only custom domains
|
|
|
|
|
*
|
|
|
|
|
* Allow Sign-in with Mastodon using only the custom domains
|
|
|
|
|
* you define, in comma separated format
|
|
|
|
|
*/
|
|
|
|
|
'only_custom' => env('PF_LOGIN_WITH_MASTODON_ONLY_CUSTOM', false),
|
|
|
|
|
],
|
|
|
|
|
|
|
|
|
|
'max_uses' => [
|
|
|
|
|
/*
|
|
|
|
|
* Max Uses
|
|
|
|
|
*
|
|
|
|
|
* Using a centralized service operated by pixelfed.org that tracks mastodon imports,
|
|
|
|
|
* you can set a limit of how many times a mastodon account can be imported across
|
|
|
|
|
* all known and reporting Pixelfed instances to prevent the same masto account from
|
|
|
|
|
* abusing this
|
|
|
|
|
*/
|
|
|
|
|
'enabled' => env('PF_LOGIN_WITH_MASTODON_ENFORCE_MAX_USES', true),
|
|
|
|
|
'limit' => env('PF_LOGIN_WITH_MASTODON_MAX_USES_LIMIT', 3)
|
|
|
|
|
]
|
|
|
|
|
],
|
Staging (#5978)
* Added current title as value for input so that the current value remains stored by default
* Added parameter 'show_legal_notice_link' => (bool) config_cache('instance.has_legal_notice'),
* Added conditional display of a link to legal notice if the page is active
* Added key 'legalNotice'
* feat translate story
* translate auth
- register
- login
* add remove follow
* Update ApiV1Controller.php
Co-Authored-By: Mathieu <385764+Casmo@users.noreply.github.com>
* New translations web.php (Chinese Simplified)
[ci skip]
* Added current title as value for input so that the current value remains stored by default
* Added parameter 'show_legal_notice_link' => (bool) config_cache('instance.has_legal_notice'),
* Added conditional display of a link to legal notice if the page is active
* Added key 'legalNotice'
* add missing key
* add missing keys
* New translations web.php (Portuguese, Brazilian)
[ci skip]
* New translations web.php (Turkish)
[ci skip]
* New translations web.php (Italian)
[ci skip]
* translate custom filter
* New translations web.php (Italian)
[ci skip]
* use configured alt text length limit when uploading multiple photos
* in notifications sidebar, show popover on shared posts too, not just liked posts
* use case insensitive search when tagging accounts
* New translations web.php (Portuguese, Brazilian)
[ci skip]
* Generic OIDC Support
* Everything should be configurable by env variables
* Basic request tests
* Fixes for items highlighted by review.ai
* Consider using `hash_equals()` instead of `==` when comparing the state values to prevent timing attacks:
`abort_unless(hash_equals($request->input('state'), $request->session()->pull('oauth2state')), 400, 'invalid
state');`
* For better data integrity, consider adding a foreign key constraint to the user_id column: `$table-
>foreign('user_id')->references('id')->on('users')->onDelete('cascade');`
* Does the OIDC provider guarantee that the username field exists in the userInfo data? Consider adding a
null check or fallback: `$userInfoData[config('remote-auth.oidc.field_username')] ?? null`
* field isnt accessTokenResourceOwnerId but responseResourceOwnerId
* New translations web.php (Dutch)
[ci skip]
* Fix components
* Update LandingService and Config util to properly support the legal_notice setting
* Update footer to use legalNotice i18n
* Update i18n
* Update sidebar with gap padding for footer links
* Update compiled assets
* Update i18n json
* Update OIDC config with comments, and disable tests as we dont have db tests configured
* Update remove_from_followers api endpoint
* Update i18n
* Update compiled assets
* Update changelog
* New supported formats, Preserve ICC Color Profiles, libvips support
Update image pipeline to handle avif, heic and webp and preserve ICC color profiles and added libvips support.
* Fix tests
* Update CHANGELOG.md
---------
Co-authored-by: Samy Elshamy <elshamy@coderbutze.de>
Co-authored-by: Felipe Mateus <eu@felipemateus.com>
Co-authored-by: Mathieu <385764+Casmo@users.noreply.github.com>
Co-authored-by: Mackenzie Morgan <macoafi@gmail.com>
Co-authored-by: Gavin Mogan <git@gavinmogan.com>
2025-05-13 08:25:23 +00:00
|
|
|
|
|
|
|
|
'oidc' => [
|
|
|
|
|
/*
|
|
|
|
|
* Enable OIDC authentication
|
|
|
|
|
*
|
|
|
|
|
* Enable Sign-in with OpenID Connect (OIDC) authentication providers
|
|
|
|
|
*/
|
|
|
|
|
'enabled' => env('PF_OIDC_ENABLED', false),
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Client ID
|
|
|
|
|
*
|
|
|
|
|
* The client ID provided by your OIDC provider
|
|
|
|
|
*/
|
|
|
|
|
'clientId' => env('PF_OIDC_CLIENT_ID', false),
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Client Secret
|
|
|
|
|
*
|
|
|
|
|
* The client secret provided by your OIDC provider
|
|
|
|
|
*/
|
|
|
|
|
'clientSecret' => env('PF_OIDC_CLIENT_SECRET', false),
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* OAuth Scopes
|
|
|
|
|
*
|
|
|
|
|
* The scopes to request from the OIDC provider, typically including
|
|
|
|
|
* 'openid' (required), 'profile', and 'email' for basic user information
|
|
|
|
|
*/
|
|
|
|
|
'scopes' => env('PF_OIDC_SCOPES', 'openid profile email'),
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Authorization URL
|
|
|
|
|
*
|
|
|
|
|
* The endpoint used to start the OIDC authentication flow
|
|
|
|
|
*/
|
|
|
|
|
'authorizeURL' => env('PF_OIDC_AUTHORIZE_URL', ''),
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Token URL
|
|
|
|
|
*
|
|
|
|
|
* The endpoint used to exchange the authorization code for an access token
|
|
|
|
|
*/
|
|
|
|
|
'tokenURL' => env('PF_OIDC_TOKEN_URL', ''),
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Profile URL
|
|
|
|
|
*
|
|
|
|
|
* The endpoint used to retrieve user information with a valid access token
|
|
|
|
|
*/
|
|
|
|
|
'profileURL' => env('PF_OIDC_PROFILE_URL', ''),
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Logout URL
|
|
|
|
|
*
|
|
|
|
|
* The endpoint used to log the user out of the OIDC provider
|
|
|
|
|
*/
|
|
|
|
|
'logoutURL' => env('PF_OIDC_LOGOUT_URL', ''),
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Username Field
|
|
|
|
|
*
|
|
|
|
|
* The field from the OIDC profile response to use as the username
|
|
|
|
|
* Default is 'preferred_username' but can be changed based on your provider
|
|
|
|
|
*/
|
|
|
|
|
'field_username' => env('PF_OIDC_USERNAME_FIELD', "preferred_username"),
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* ID Field
|
|
|
|
|
*
|
|
|
|
|
* The field from the OIDC profile response to use as the unique identifier
|
|
|
|
|
* Default is 'sub' (subject) which is standard in OIDC implementations
|
|
|
|
|
*/
|
|
|
|
|
'field_id' => env('PF_OIDC_FIELD_ID', 'sub'),
|
|
|
|
|
],
|
2023-07-16 13:09:15 +00:00
|
|
|
];
|