From d671e345590db7bd59ad2f38d8eab254c8ab6d85 Mon Sep 17 00:00:00 2001 From: shamoon <4887959+shamoon@users.noreply.github.com> Date: Thu, 19 Mar 2026 22:03:00 -0700 Subject: [PATCH] Documentation: OIDC token_auth_method setting for v3 (#12398) --- docs/configuration.md | 3 +++ docs/migration-v3.md | 27 +++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/docs/configuration.md b/docs/configuration.md index 59bc56907..4ce2d9dc6 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -674,6 +674,9 @@ See the corresponding [django-allauth documentation](https://docs.allauth.org/en for a list of provider configurations. You will also need to include the relevant Django 'application' inside the [PAPERLESS_APPS](#PAPERLESS_APPS) setting to activate that specific authentication provider (e.g. `allauth.socialaccount.providers.openid_connect` for the [OIDC Connect provider](https://docs.allauth.org/en/latest/socialaccount/providers/openid_connect.html)). +: For OpenID Connect providers, set `settings.token_auth_method` if your identity provider +requires a specific token endpoint authentication method. + Defaults to None, which does not enable any third party authentication systems. #### [`PAPERLESS_SOCIAL_AUTO_SIGNUP=`](#PAPERLESS_SOCIAL_AUTO_SIGNUP) {#PAPERLESS_SOCIAL_AUTO_SIGNUP} diff --git a/docs/migration-v3.md b/docs/migration-v3.md index 43a3690c0..4c728a6a4 100644 --- a/docs/migration-v3.md +++ b/docs/migration-v3.md @@ -103,3 +103,30 @@ Multiple options are combined in a single value: ```bash PAPERLESS_DB_OPTIONS="sslmode=require;sslrootcert=/certs/ca.pem;pool.max_size=10" ``` + +## OpenID Connect Token Endpoint Authentication + +Some existing OpenID Connect setups may require an explicit token endpoint authentication method after upgrading to v3. + +#### Action Required + +If OIDC login fails at the callback with an `invalid_client` error, add `token_auth_method` to the provider `settings` in +[`PAPERLESS_SOCIALACCOUNT_PROVIDERS`](configuration.md#PAPERLESS_SOCIALACCOUNT_PROVIDERS). + +For example: + +```json +{ + "openid_connect": { + "APPS": [ + { + ... + "settings": { + "server_url": "https://login.example.com", + "token_auth_method": "client_secret_basic" + } + } + ] + } +} +```