# 环境
# 网络环境确保
- https(建议,http未测试)
- 用户可访问
synapse、nextcloud synapse可访问nextcloud
# 自签名证书问题(指定ca文件)
# docker
-v /data/matrix/ca.pem:/etc/ssl/certs/ca.pem -e SSL_CERT_FILE=/etc/ssl/certs/ca.pem
# linux
export SSL_CERT_FILE=/data/matrix/ca.pem# nextcloud
# 在nextcloud创建OAuth2 Client
官方文档
callback: https://<Synapse Server>/_synapse/client/oidc/callback
# synapse配置文件(homeserver.yaml)
# oidc选项
oidc_providers:
- idp_id: nextcloud
idp_name: Nextcloud
#idp_brand: "net.eihei.mastodon" # optional: styling hint for clients
discover: false
issuer: ""
client_id: <OAuth Client ID>
client_secret: <OAuth Client Secret>
authorization_endpoint: "https://<Nextcloud Server>/apps/oauth2/authorize"
token_endpoint: "https://<Nextcloud Server>/apps/oauth2/api/v1/token"
userinfo_endpoint: "https://<Nextcloud Server>/ocs/v2.php/cloud/user?format=json"
scopes: [] # nextcloud尚未实现此功能
user_mapping_provider:
config:
subject_claim: "ocs.data.id"
localpart_template: "{{ ocs.data.id }}"
display_name_template: "{{ ocs.data.display-name }}"# github
# 在github创建OAuth2 Client
阮一峰的网络日志
callback: https://<Synapse Server>/_synapse/client/oidc/callback
# synapse配置文件(homeserver.yaml)
# oidc选项
oidc_providers:
- idp_id: github
idp_name: GitHub
idp_brand: "github" # optional: styling hint for clients
discover: false
issuer: "https://github.com/"
client_id: <OAuth Client ID>
client_secret: <OAuth Client Secret>
authorization_endpoint: "https://github.com/login/oauth/authorize"
token_endpoint: "https://github.com/login/oauth/access_token"
userinfo_endpoint: "https://api.github.com/user"
scopes: ["read:user"]
user_mapping_provider:
config:
subject_claim: "id"
localpart_template: "{{ user.login }}"
display_name_template: "{{ user.name }}"# 其他
# 禁用密码登录
password_config:
enabled: false
sso_redirect_options:
immediate: false
on_welcome_page: trueOCS数据结构
{
'ocs':
{
'meta':
{
'status': 'ok',
'statuscode': 200,
'message': 'OK'
},
'data':
{
'storageLocation': '',
'id': 'youyou',
'lastLogin': 1676870000000,
'backend': 'Database',
'subadmin': ['Guest'],
'quota':
{
'free': 0,
'used': 0,
'total': 0,
'relative': 0,
'quota': -3
},
'avatarScope': 'v2-federated',
'email': '',
'emailScope': 'v2-federated',
'additional_mail': [],
'additional_mailScope': [],
'displaynameScope': 'v2-federated',
'phone': '',
'phoneScope': 'v2-local',
'address': '',
'addressScope': 'v2-local',
'website': '',
'websiteScope': 'v2-published',
'twitter': '',
'twitterScope': 'v2-local',
'organisation': '',
'organisationScope': 'v2-local',
'role': '',
'roleScope': 'v2-local',
'headline': '',
'headlineScope': 'v2-local',
'biography': '',
'biographyScope': 'v2-local',
'profile_enabled': '1',
'profile_enabledScope': 'v2-local',
'groups': [],
'language': 'zh_CN',
'locale': 'zh_Hans_CN',
'notify_email': None,
'backendCapabilities':
{
'setDisplayName': True,
'setPassword': True
},
'display-name': ''
}
}
}