From 0a8cc8d1df2be33e0a254d3fa4fca3e74cc3c699 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Thu, 22 Aug 2024 15:27:43 +0200
Subject: [PATCH] [mod] role:authelia:variable lifespans and cors endpoints

---
 roles/authelia/defaults/main.json          |  5 ++++-
 roles/authelia/templates/conf-main.json.j2 |  8 +++++++
 roles/authelia/vardef.json                 | 26 ++++++++++++++++++++++
 3 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/roles/authelia/defaults/main.json b/roles/authelia/defaults/main.json
index 47b1e01..04a1f7f 100644
--- a/roles/authelia/defaults/main.json
+++ b/roles/authelia/defaults/main.json
@@ -32,5 +32,8 @@
 	"var_authelia_notification_smtp_username": "authelia",
 	"var_authelia_notification_smtp_password": "REPLACE_ME",
 	"var_authelia_notification_smtp_sender": "authelia@example.org",
-	"var_authelia_oidc_hmac_secret": "REPLACE_ME"
+	"var_authelia_oidc_hmac_secret": "REPLACE_ME",
+	"var_authelia_oidc_lifespan_access_token": "1h",
+	"var_authelia_oidc_lifespan_refresh_token": "1m",
+	"var_authelia_oidc_cors_endpoints": null
 }
diff --git a/roles/authelia/templates/conf-main.json.j2 b/roles/authelia/templates/conf-main.json.j2
index 475cda4..81bee44 100644
--- a/roles/authelia/templates/conf-main.json.j2
+++ b/roles/authelia/templates/conf-main.json.j2
@@ -190,8 +190,16 @@
 		"oidc": {
 			"hmac_secret": "{{var_authelia_oidc_hmac_secret}}",
 			"issuer_private_key": "{{temp_tls_result.privatekey | replace('\n', '\\n')}}",
+			"lifespans": {
+				"access_token": "{{var_authelia_oidc_lifespan_access_token}}",
+				"refresh_token": "{{var_authelia_oidc_lifespan_refresh_token}}"
+			},
 			"cors": {
 				"allowed_origins_from_client_redirect_uris": true
+{% if var_authelia_oidc_cors_endpoints == None %}
+{% else %}
+				,"endpoints": {{var_authelia_oidc_cors_endpoints | to_json}}
+{% endif %}
 			},
 			"clients": [
 			]
diff --git a/roles/authelia/vardef.json b/roles/authelia/vardef.json
index 9b7d5bc..9b651a1 100644
--- a/roles/authelia/vardef.json
+++ b/roles/authelia/vardef.json
@@ -139,5 +139,31 @@
 	"oidc_hmac_secret": {
 		"type": "string",
 		"mandatory": true
+	},
+	"oidc_lifespan_access_token": {
+		"nullable": true,
+		"type": "string",
+		"mandatory": false
+	},
+	"oidc_lifespan_refresh_token": {
+		"nullable": true,
+		"type": "string",
+		"mandatory": false
+	},
+	"oidc_cors_endpoints": {
+		"nullable": true,
+		"type": "array",
+		"items": {
+			"type": "string",
+			"enum": [
+				"authorization",
+				"pushed-authorization-request",
+				"token",
+				"revocation",
+				"introspection",
+				"userinfo"
+			]
+		},
+		"mandatory": false
 	}
 }