diff options
| author | Logan <100550741+UncleArya@users.noreply.github.com> | 2025-02-02 12:42:36 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-02 21:42:36 +0100 |
| commit | 7e90dfd0485a6684f5dfe7f2abdd92c6f7acb9d0 (patch) | |
| tree | 1a6c5d49910a44b3cd52453201134ea741eb2441 | |
| parent | 1e8ef4bb7215417d425bb48cb2bec06f49e49bfc (diff) | |
| download | freshrss-7e90dfd0485a6684f5dfe7f2abdd92c6f7acb9d0.tar.gz freshrss-7e90dfd0485a6684f5dfe7f2abdd92c6f7acb9d0.zip | |
Add documentation for adding Pocket ID as OIDC provider (#7291)
* Add documentation for OIDC login via Pocket IT
* Images for the Pocket ID OIDC docs
* Update 16_OpenID-Connect.md
* Recompress images (too big)
* Fix typo and reduce long lines
* Remove advise on changing username
Which only work to some extent with SQLite (breaking a few minor things such as WebSub, API) and not at all with other databases
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
| -rw-r--r-- | docs/en/admins/16_OpenID-Connect.md | 1 | ||||
| -rw-r--r-- | docs/en/admins/18_Pocket-ID.md | 69 | ||||
| -rw-r--r-- | docs/en/img/admins/pocket-id-1.png | bin | 0 -> 9376 bytes | |||
| -rw-r--r-- | docs/en/img/admins/pocket-id-2.png | bin | 0 -> 17181 bytes |
4 files changed, 70 insertions, 0 deletions
diff --git a/docs/en/admins/16_OpenID-Connect.md b/docs/en/admins/16_OpenID-Connect.md index 8dca65faf..bab24f66b 100644 --- a/docs/en/admins/16_OpenID-Connect.md +++ b/docs/en/admins/16_OpenID-Connect.md @@ -59,3 +59,4 @@ See specific instructions for: * Authentik: [here](16_OpenID-Connect-Authentik.md) or [here](https://goauthentik.io/integrations/services/freshrss/) * Authelia: [here](https://www.authelia.com/integration/openid-connect/freshrss/) +* Pocket ID: [here](18_Pocket-ID.md) diff --git a/docs/en/admins/18_Pocket-ID.md b/docs/en/admins/18_Pocket-ID.md new file mode 100644 index 000000000..188f810f7 --- /dev/null +++ b/docs/en/admins/18_Pocket-ID.md @@ -0,0 +1,69 @@ +# Setting up Pocket ID for FreshRSS + +**[Pocket ID](https://github.com/stonith404/pocket-id)** is a simple OIDC provider that allows users to authenticate with their passkeys to your services. +(See [FreshRSS’ OpenID Connect documentation](16_OpenID-Connect.md)). + +You can find more information in the [Pocket ID documentation](https://docs.pocket-id.org/introduction). + +## 1. Create OAuth2/OpenID Provider + +Click on **Add OIDC Client** in the Pocket ID Web UI: + + + +Give the client a name. Under callback URLs, put the URL for your FreshRSS instance as such: +`https://freshrss.your.domain/i/oidc/`. +(Optional) Upload a logo for the client. Click Save. + +OIDC credentials for the client will be generated. Click *Show more details* to view all generated fields. +Keep this window open as these values will now need to be copied into your Docker Compose file for FreshRSS. + + + +## Step 2. Configure FreshRSS’ environment variables + +### Docker Compose + +This is an example docker-compose file for FreshRSS with OIDC enabled. + +```yaml +services: + freshrss: + image: freshrss/freshrss:1.25.0 + container_name: freshrss + ports: + - 8080:80 + volumes: + - /freshrss_data:/var/www/FreshRSS/data + - /freshrss_extensions:/var/www/FreshRSS/extensions + environment: + CRON_MIN: 1,31 + TZ: Etc/UTC + OIDC_ENABLED: 1 + OIDC_CLIENT_ID: <POCKET_ID_CLIENT_ID> + OIDC_CLIENT_SECRET: <POCKET_ID_SECRET> + OIDC_PROVIDER_METADATA_URL: https://pocketid.your.domain/.well-known/openid-configuration + OIDC_SCOPES: openid email profile + OIDC_X_FORWARDED_HEADERS: X-Forwarded-Proto X-Forwarded-Host + OIDC_REMOTE_USER_CLAIM: preferred_username + restart: unless-stopped + networks: + - freshrss +networks: + freshrss: + name: freshrss +``` + +> ℹ️ The Username used in Pocket ID must match the Username used in FreshRSS **exactly**. This also applies to case sensitivity. +As of version `0.24` of Pocket ID all Usernames are required to be entirely lowercase. FreshRSS allows for uppercase. +If a Pocket ID Username is `amanda` and your FreshRSS Username is `Amanda`, you will get a 403 error in FreshRSS and be unable to login. +As of version `1.25` of FreshRSS, it is not possible to change your username in the GUI. + +## Step 3. Complete OIDC Setup + +Back in your Pocket ID window, once your Pocket ID credentials are copied over, click *Save*. + +If you are setting up a new instance of FreshRSS, simply start the container with the OIDC variables and navigate to your FreshRSS URL. +If you are adding OIDC to an existing FreshRSS instance, recreate the container with the docker-compose file with the OIDC variables in it and navigate to your FreshRSS URL. + +See [FreshRSS’ OpenID Connect documentation](16_OpenID-Connect.md) for more information. diff --git a/docs/en/img/admins/pocket-id-1.png b/docs/en/img/admins/pocket-id-1.png Binary files differnew file mode 100644 index 000000000..8024adc16 --- /dev/null +++ b/docs/en/img/admins/pocket-id-1.png diff --git a/docs/en/img/admins/pocket-id-2.png b/docs/en/img/admins/pocket-id-2.png Binary files differnew file mode 100644 index 000000000..2c5592222 --- /dev/null +++ b/docs/en/img/admins/pocket-id-2.png |
