From 4e0a2fc86f81ee44bb5985d5389051012271d2de Mon Sep 17 00:00:00 2001 From: "Wyatt J. Miller" Date: Sun, 10 May 2026 14:42:08 -0400 Subject: [PATCH] changed sso parameters --- modules/machine/yshtola/configuration.nix | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/modules/machine/yshtola/configuration.nix b/modules/machine/yshtola/configuration.nix index 13f6861..1f4e70e 100644 --- a/modules/machine/yshtola/configuration.nix +++ b/modules/machine/yshtola/configuration.nix @@ -17,8 +17,10 @@ # After deploying Mastodon, register an OAuth application at # https://social.wyattjmiller.com/settings/applications and write the # client ID / secret to these paths (chmod 400, owned by the tuwunel user): - mastodonOauthClientIdFile = "/var/lib/tuwunel/mastodon-oauth-client-id"; - mastodonOauthClientSecretFile = "/var/lib/tuwunel/mastodon-oauth-client-secret"; + mastodonOauthClientIdFile = "/var/lib/private/tuwunel/matrix-oauth-client-id"; + mastodonOauthClientSecretFile = "/var/lib/private/tuwunel/matrix-oauth-client-secret"; + mastodonOauthClientId = builtins.readFile mastodonOauthClientIdFile; + mastodonOauthClientSecret = builtins.readFile mastodonOauthClientSecretFile; in { imports = [ ../../pwrMgmt @@ -200,10 +202,13 @@ in { { brand = "Mastodon"; issuer_url = "https://${mastodonFqdn}"; - id = "oidc-mastodon"; - client_id = mastodonOauthClientIdFile; - client_secret = mastodonOauthClientSecretFile; - scope = ["openid" "read:accounts"]; + id = mastodonOauthClientId; + callback_url = "https://${matrixFqdn}/_matrix/client/v3/login/sso/callback/${mastodonOauthClientId}"; + discovery_url = "https://${mastodonFqdn}/.well-known/oauth-authorization-server"; + client_id = mastodonOauthClientId; + client_secret = mastodonOauthClientSecret; + scope = ["profile"]; + userid_claims = ["preferred_username"]; } ]; };