roles/hedgedoc/defaults/main.json

@@ -11,7 +11,7 @@
 	"var_hedgedoc_database_data_postgresql_password": "REPLACE_ME",
 	"var_hedgedoc_database_data_postgresql_schema": "hedgedoc",
 	"var_hedgedoc_domain": "hedgedoc.example.org",
-	"var_hedgedoc_authentication_kind": "internal",
+	"var_hedgedoc_authentication_kind": "authelia",
 	"var_hedgedoc_authentication_data_authelia_client_id": "hedgedoc",
 	"var_hedgedoc_authentication_data_authelia_client_secret": "REPLACE_ME",
 	"var_hedgedoc_authentication_data_authelia_url_base": "https://authelia.example.org",

roles/mas/defaults/main.json

@@ -12,11 +12,13 @@
 	"var_mas_matrix_secret": "REPLACE_ME",
 	"var_mas_matrix_endpoint": "http://localhost:8008/",
 	"var_mas_encryption_key": "REPLACE_ME",
-	"var_mas_authentication_upstream_kind": "none",
+	"var_mas_authentication_upstream_active": false,
-	"var_mas_authentication_upstream_data_authelia_url_base": "https://authelia.example.org",
+	"var_mas_authentication_upstream_id": "default_upstream",
-	"var_mas_authentication_upstream_data_authelia_auth_method": "client_secret_post",
+	"var_mas_authentication_upstream_issuer": "https://auth.example.org",
-	"var_mas_authentication_upstream_data_authelia_scope": "openid profile email",
+	"var_mas_authentication_upstream_client_id": "mas",
-	"var_mas_authentication_upstream_data_authelia_name": "authelia",
+	"var_mas_authentication_upstream_client_secret": "REPLACE_ME",
-	"var_mas_authentication_upstream_data_authelia_client_id": "mas",
+	"var_mas_authentication_upstream_token_endpoint_auth_method": "client_secret_post"
-	"var_mas_authentication_upstream_data_authelia_client_secret": "REPLACE_ME"
+	"var_mas_authentication_upstream_scope": "openid email profile",
+	"var_mas_authentication_upstream_authorization_endpoint": "https://auth.example.org/authorize",
+	"var_mas_authentication_upstream_token_endpoint": "https://auth.example.org/token"
 }

roles/mas/templates/config-base.json.j2

@@ -85,20 +85,18 @@
 		],
 		"minimum_complexity": 3
 	},
-{% if var_mas_authentication_upstream_kind == 'none' %}
+{% if var_mas_authentication_upstream_active %}
-{% endif %}
-{% if var_mas_authentication_upstream_kind == 'authelia' %}
 	"upstream_oauth2": {
 		"providers": [
 			{
-				"id": "{{var_mas_authentication_upstream_data_authelia_name}}",
+				"id": "{{var_mas_authentication_upstream_id}}",
-				"issuer": "{{var_mas_authentication_upstream_data_authelia_url_base}}",
+				"issuer": "{{var_mas_authentication_upstream_issuer}}",
-				"authorization_endpoint": "{{var_mas_authentication_upstream_data_authelia_url_base}}/api/oidc/authorization",
+				"client_id": "{{var_mas_authentication_upstream_client_id}}",
-				"token_endpoint": "{{var_mas_authentication_upstream_data_authelia_url_base}}/api/oidc/token",
+				"client_secret": "{{var_mas_authentication_upstream_client_secret}}",
-				"token_endpoint_auth_method": "{{var_mas_authentication_upstream_data_authelia_auth_method}}",
+				"token_endpoint_auth_method": "{{var_mas_authentication_upstream_token_endpoint_auth_method}}",
-				"scope": "{{var_mas_authentication_upstream_data_authelia_scope}}",
+				"scope": "{{var_mas_authentication_upstream_scope}}",
-				"client_id": "{{var_mas_authentication_upstream_data_authelia_client_id}}",
+				"authorization_endpoint": "{{var_mas_authentication_upstream_authorization_endpoint}}",
-				"client_secret": "{{var_mas_authentication_upstream_data_authelia_client_secret}}"
+				"token_endpoint": "{{var_mas_authentication_upstream_token_endpoint}}"
 			}
 		]
 	},

roles/mas/vardef.json

@@ -43,36 +43,40 @@
 		"type": "string",
 		"mandatory": false
 	},
-	"authentication_upstream_kind": {
+	"authentication_upstream_active": {
 		"nullable": false,
-		"type": "string",
+		"type": "boolean"
-		"options": [
-			"none",
-			"authelia"
-		]
 	},
-	"authentication_upstream_data_authelia_url_base": {
+	"authentication_upstream_id": {
-		"type": "string",
+		"nullable": false,
-		"mandatory": false
+		"type": "string"
 	},
-	"authentication_upstream_data_authelia_auth_method": {
+	"authentication_upstream_issuer": {
-		"type": "string",
+		"nullable": false,
-		"mandatory": false
+		"type": "string"
 	},
-	"authentication_upstream_data_authelia_scope": {
+	"authentication_upstream_client_id": {
-		"type": "string",
+		"nullable": false,
-		"mandatory": false
+		"type": "string"
 	},
-	"authentication_upstream_data_authelia_name": {
+	"authentication_upstream_client_secret": {
-		"type": "string",
+		"nullable": false,
-		"mandatory": false
+		"type": "string"
 	},
-	"authentication_upstream_data_authelia_client_id": {
+	"authentication_upstream_token_endpoint_auth_method": {
-		"type": "string",
+		"nullable": false,
-		"mandatory": false
+		"type": "string"
 	},
-	"authentication_upstream_data_authelia_client_secret": {
+	"authentication_upstream_scope": {
-		"type": "string",
+		"nullable": false,
-		"mandatory": false
+		"type": "string"
+	},
+	"authentication_upstream_authorization_endpoint": {
+		"nullable": false,
+		"type": "string"
+	},
+	"authentication_upstream_token_endpoint": {
+		"nullable": false,
+		"type": "string"
 	}
 }