From 195505a52cad2cbd478cbcdfeb32f83ae8ae5bd2 Mon Sep 17 00:00:00 2001
From: Oliver Hanikel <Oliver.Hanikel@stud.h-da.de>
Date: Sat, 16 Jan 2021 02:56:10 +0100
Subject: [PATCH 1/4] added OpenID example config for Gitea

Signed-off-by: Oliver Hanikel <Oliver.Hanikel@stud.h-da.de>
---
 docs/openid.md | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/docs/openid.md b/docs/openid.md
index 4ba3559e3887..e4f086903346 100644
--- a/docs/openid.md
+++ b/docs/openid.md
@@ -353,3 +353,37 @@ Relevant documents:
  * https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
  * Using Facebook's Graph API: https://developers.facebook.com/docs/graph-api/using-graph-api/
  * Reference to the User endpoint: https://developers.facebook.com/docs/graph-api/reference/user
+
+### Gitea
+
+Gitea is, like Github, not an OpenID provider, but just an OAuth2 provider.
+
+The [`/user` API endpoint](https://try.gitea.io/api/swagger#/user/userGetCurrent)
+can be used to retrieve information on the authenticated user. As the Synapse
+login mechanism needs an attribute to uniquely identify users, and that endpoint
+does not return a `sub` property, an alternative `subject_claim` has to be set.
+
+1. Create a new application.
+2. Add this Callback URL: `[synapse public baseurl]/_synapse/oidc/callback`
+
+Synapse config:
+
+```yaml
+oidc_config:
+  enabled: true
+  discover: false
+  issuer: "https://your-gitea.com/"
+  client_id: "your-client-id" # TO BE FILLED
+  client_secret: "your-client-secret" # TO BE FILLED
+  client_auth_method: client_secret_post
+  scopes: [] # Gitea doesn't support Scopes
+  authorization_endpoint: "https://your-gitea.com/login/oauth/authorize"
+  token_endpoint: "https://your-gitea.com/login/oauth/access_token"
+  userinfo_endpoint: "https://your-gitea.com/api/v1/user"
+  user_mapping_provider:
+    config:
+      subject_claim: "id"
+      localpart_template: "{{ user.login }}"
+      display_name_template: "{{ user.full_name }}" 
+```
+

From b5e9e97b446c677086d377366dd5e10690e83cf1 Mon Sep 17 00:00:00 2001
From: Oliver Hanikel <Oliver.Hanikel@stud.h-da.de>
Date: Sat, 16 Jan 2021 03:02:24 +0100
Subject: [PATCH 2/4] added changelog

---
 changelog.d/9134.doc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/9134.doc

diff --git a/changelog.d/9134.doc b/changelog.d/9134.doc
new file mode 100644
index 000000000000..04120918c2f1
--- /dev/null
+++ b/changelog.d/9134.doc
@@ -0,0 +1 @@
+Add docs for using Gitea as OpenID provider.

From 2a086b028cacbd52c42578aa9a4d236fcb8c4eac Mon Sep 17 00:00:00 2001
From: Oliver Hanikel <Oliver.Hanikel@stud.h-da.de>
Date: Sun, 31 Jan 2021 21:11:33 +0100
Subject: [PATCH 3/4] change format to oidc_providers

---
 docs/openid.md | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/docs/openid.md b/docs/openid.md
index e4f086903346..5e3c063ff6cd 100644
--- a/docs/openid.md
+++ b/docs/openid.md
@@ -369,21 +369,23 @@ does not return a `sub` property, an alternative `subject_claim` has to be set.
 Synapse config:
 
 ```yaml
-oidc_config:
-  enabled: true
-  discover: false
-  issuer: "https://your-gitea.com/"
-  client_id: "your-client-id" # TO BE FILLED
-  client_secret: "your-client-secret" # TO BE FILLED
-  client_auth_method: client_secret_post
-  scopes: [] # Gitea doesn't support Scopes
-  authorization_endpoint: "https://your-gitea.com/login/oauth/authorize"
-  token_endpoint: "https://your-gitea.com/login/oauth/access_token"
-  userinfo_endpoint: "https://your-gitea.com/api/v1/user"
-  user_mapping_provider:
-    config:
-      subject_claim: "id"
-      localpart_template: "{{ user.login }}"
-      display_name_template: "{{ user.full_name }}" 
+oidc_providers:
+  - idp_id: gitea
+    idp_name: Gitea
+    idp_brand: "org.matrix.gitea"  # optional: styling hint for clients
+    discover: false
+    issuer: "https://your-gitea.com/"
+    client_id: "your-client-id" # TO BE FILLED
+    client_secret: "your-client-secret" # TO BE FILLED
+    client_auth_method: client_secret_post
+    scopes: [] # Gitea doesn't support Scopes
+    authorization_endpoint: "https://your-gitea.com/login/oauth/authorize"
+    token_endpoint: "https://your-gitea.com/login/oauth/access_token"
+    userinfo_endpoint: "https://your-gitea.com/api/v1/user"
+    user_mapping_provider:
+      config:
+        subject_claim: "id"
+        localpart_template: "{{ user.login }}"
+        display_name_template: "{{ user.full_name }}" 
 ```
 

From 6276e685345cff0b1dc32a02354914a39da911f0 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <clokep@users.noreply.github.com>
Date: Mon, 1 Feb 2021 16:20:25 -0500
Subject: [PATCH 4/4] Remove brand hint.

---
 docs/openid.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/openid.md b/docs/openid.md
index 5e3c063ff6cd..3d072209676e 100644
--- a/docs/openid.md
+++ b/docs/openid.md
@@ -372,7 +372,6 @@ Synapse config:
 oidc_providers:
   - idp_id: gitea
     idp_name: Gitea
-    idp_brand: "org.matrix.gitea"  # optional: styling hint for clients
     discover: false
     issuer: "https://your-gitea.com/"
     client_id: "your-client-id" # TO BE FILLED
@@ -388,4 +387,3 @@ oidc_providers:
         localpart_template: "{{ user.login }}"
         display_name_template: "{{ user.full_name }}" 
 ```
-