From 0d8d5c3651d53e1b17e39c8d64464853d31b07a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Thu, 4 Jul 2024 09:47:26 +0200
Subject: [PATCH] =?UTF-8?q?[mod]=20role:authelia:Variablen=20f=C3=BCr=20ow?=
 =?UTF-8?q?nCloud-Anbindung?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/authelia/defaults/main.json          |  5 ++++-
 roles/authelia/templates/conf-main.json.j2 |  8 +++++++
 roles/authelia/vardef.json                 | 26 ++++++++++++++++++++++
 3 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/roles/authelia/defaults/main.json b/roles/authelia/defaults/main.json
index 47b1e01..16b0b06 100644
--- a/roles/authelia/defaults/main.json
+++ b/roles/authelia/defaults/main.json
@@ -32,5 +32,8 @@
 	"var_authelia_notification_smtp_username": "authelia",
 	"var_authelia_notification_smtp_password": "REPLACE_ME",
 	"var_authelia_notification_smtp_sender": "authelia@example.org",
-	"var_authelia_oidc_hmac_secret": "REPLACE_ME"
+	"var_authelia_oidc_hmac_secret": "REPLACE_ME",
+	"var_authelia_oidc_lifespan_access_token": "1h",
+	"var_authelia_oidc_lifespan_authorization_code": "1m",
+	"var_authelia_oidc_cors_endpoints": null
 }
diff --git a/roles/authelia/templates/conf-main.json.j2 b/roles/authelia/templates/conf-main.json.j2
index 475cda4..b2b267d 100644
--- a/roles/authelia/templates/conf-main.json.j2
+++ b/roles/authelia/templates/conf-main.json.j2
@@ -190,8 +190,16 @@
 		"oidc": {
 			"hmac_secret": "{{var_authelia_oidc_hmac_secret}}",
 			"issuer_private_key": "{{temp_tls_result.privatekey | replace('\n', '\\n')}}",
+			"lifespans": {
+				"access_token": "{{var_authelia_oidc_lifespan_access_token}}",
+				"authorization_code": "{{var_authelia_oidc_lifespan_authorization_code}}"
+			},
 			"cors": {
 				"allowed_origins_from_client_redirect_uris": true
+{% if oidc_cors_endpoints is None %}
+{% else %}
+				,"endpoints": {{var_authelia_oidc_cors_endpoints | json}}
+{% endif %}
 			},
 			"clients": [
 			]
diff --git a/roles/authelia/vardef.json b/roles/authelia/vardef.json
index 9b7d5bc..731cf8a 100644
--- a/roles/authelia/vardef.json
+++ b/roles/authelia/vardef.json
@@ -139,5 +139,31 @@
 	"oidc_hmac_secret": {
 		"type": "string",
 		"mandatory": true
+	},
+	"oidc_lifespan_access_token": {
+		"nullable": true,
+		"type": "string",
+		"mandatory": false
+	},
+	"oidc_lifespan_authorization_code": {
+		"nullable": true,
+		"type": "string",
+		"mandatory": false
+	},
+	"oidc_cors_endpoints": {
+		"nullable": true,
+		"type": "array",
+		"items": {
+			"type": "string",
+			"enum": [
+				"authorization",
+				"pushed-authorization-request",
+				"token",
+				"revocation",
+				"introspection",
+				"userinfo"
+			]
+		},
+		"mandatory": false
 	}
 }