From 9270e22f193c03f0441e1612dd1dc56803f282ad Mon Sep 17 00:00:00 2001 From: Carter Mintey Date: Sat, 16 Mar 2024 01:41:38 +0000 Subject: [PATCH] clarify docs --- .../docs/documentation/getting-started/authentication/oidc.md | 2 +- .../getting-started/installation/backend-config.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/docs/documentation/getting-started/authentication/oidc.md b/docs/docs/documentation/getting-started/authentication/oidc.md index 59c9f5a0a72c..1d6a1686a524 100644 --- a/docs/docs/documentation/getting-started/authentication/oidc.md +++ b/docs/docs/documentation/getting-started/authentication/oidc.md @@ -13,7 +13,7 @@ Signing in with OAuth will automatically find your account in Mealie and link to ## Provider Setup -Before you can start using OIDC Authentication, you must first configure a new client application in your identity provider. Your identity provider must support the OAuth **Authorization Code** flow (with PKCE). The steps will vary by provider, but generally, the steps are as follows. +Before you can start using OIDC Authentication, you must first configure a new client application in your identity provider. Your identity provider must support the OAuth **Authorization Code flow with PKCE**. The steps will vary by provider, but generally, the steps are as follows. 1. Create a new client application - The Provider type should be OIDC or OAuth2 diff --git a/docs/docs/documentation/getting-started/installation/backend-config.md b/docs/docs/documentation/getting-started/installation/backend-config.md index 911b526fc3cd..657b42e72bf0 100644 --- a/docs/docs/documentation/getting-started/installation/backend-config.md +++ b/docs/docs/documentation/getting-started/installation/backend-config.md @@ -85,8 +85,8 @@ For usage, see [Usage - OpenID Connect](../authentication/oidc.md) | OIDC_SIGNUP_ENABLED | True | Enables new users to be created when signing in for the first time with OIDC | | OIDC_CONFIGURATION_URL | None | The URL to the OIDC configuration of your provider. This is usually something like https://auth.example.com/.well-known/openid-configuration | | OIDC_CLIENT_ID | None | The client id of your configured client in your provider | -| OIDC_USER_GROUP| None | If specified, this group must be present in the user's group claim in order to authenticate | -| OIDC_ADMIN_GROUP | None | If this group is present in the group claims, the user will be set as an admin | +| OIDC_USER_GROUP| None | If specified, only users belonging to this group will be able to successfully authenticate, regardless of the OIDC_ADMIN_GROUP | +| OIDC_ADMIN_GROUP | None | If specified, users belonging to this group will be made an admin | | OIDC_AUTO_REDIRECT | False | If `True`, then the login page will be bypassed an you will be sent directly to your Identity Provider. You can still get to the login page by adding `?direct=1` to the login URL | | OIDC_PROVIDER_NAME | OAuth | The provider name is shown in SSO login button. "Login with " | | OIDC_REMEMBER_ME | False | Because redirects bypass the login screen, you cant extend your session by clicking the "Remember Me" checkbox. By setting this value to true, a session will be extended as if "Remember Me" was checked |