servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(monitoring): update OAuth config for improved security settings

Browse Source
This commit is contained in:
uttarayan21
2025-10-24 14:13:59 +05:30
parent bda071e9f8
commit 705c6c0b3b
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/mirai/services/monitoring.nix
View File

@@ -153,6 +153,7 @@
client_id = "grafana"; client_id = "grafana";
client_secret = "$__file{${config.sops.secrets.oauth-client-secret-grafana.path}}"; client_secret = "$__file{${config.sops.secrets.oauth-client-secret-grafana.path}}";
scopes = "openid profile email groups"; scopes = "openid profile email groups";
empty_scopes = false;
auth_url = "https://auth.darksailor.dev/api/oidc/authorization"; auth_url = "https://auth.darksailor.dev/api/oidc/authorization";
token_url = "https://auth.darksailor.dev/api/oidc/token"; token_url = "https://auth.darksailor.dev/api/oidc/token";
api_url = "https://auth.darksailor.dev/api/oidc/userinfo"; api_url = "https://auth.darksailor.dev/api/oidc/userinfo";
@@ -162,9 +163,9 @@
use_pkce = true; use_pkce = true;
auto_login = true; auto_login = true;
allow_sign_up = true; allow_sign_up = true;
# use_refresh_token = true; role_attribute_path = "";
# id_token_attribute_name = "id_token"; use_refresh_token = false;
# role_attribute_path = "groups"; id_token_attribute_name = "";
}; };
}; };
@@ -237,7 +238,8 @@
response_types = ["code"]; response_types = ["code"];
grant_types = ["authorization_code"]; grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none"; userinfo_signed_response_alg = "none";
access_token_signed_response_alg = "none"; id_token_signed_response_alg = "RS256";
access_token_signed_response_alg = "RS256";
token_endpoint_auth_method = "client_secret_basic"; token_endpoint_auth_method = "client_secret_basic";
} }
]; ];