Add OpenID connect support to login form in PeerTube.
Add OpenID Connect support to the login form in PeerTube.
The initial code of this plugin was developed with the financial support of the "Direction du Numérique pour l'Éducation du Ministère de l'Éducation et de la Jeunesse" (French Ministry of National Education).
The callback URL to configure on the OIDC provider side is:/plugins/auth-openid-connect/router/code-cb
If you don't specify a role attribute, new users will have a default 'User' role.
If you use this attribute, it should hold an integer from the following set:
- 0 (Administrator)
- 1 (Moderator)
- 2 (User)
With group-property and allowed-group, you can restrict login to only a subset of users.
PeerTube >= 7.3
externalRedirectUri query param can be specified by the client when redirecting the user on the auth plugin URL (https://example.com/plugins/auth-openid-connect/x.x.x/auth/openid-connect). Once the authentication succeeded and if the URL is allowed by the plugin configuration, the user will be redirected on this URL (instead of https://example.com/login). The URL will contain an externalAuthToken query param that you can use to login to the PeerTube REST API.
This plugin optionally supports redirecting users to the OpenID Connect provider's logout endpoint.
To enable logout redirection, configure the Logout redirect URI plugin setting with the appropriate query parameters for your OIDC provider.
For example:post_logout_redirect_uri=https://your-instance.example.com
Some providers like AWS Cognito use different parameter names. For Cognito, use:logout_uri=https://your-instance.example.com
Make sure the redirect URI is registered in your OIDC provider's settings.
When a user logs out from PeerTube, they will also be logged out from the OIDC provider and redirected to the specified URL.