📝 [#84] Update usage section of README

* update list of mozilla-django-oidc variables that are made admin configurable * add separate list of custom options that mozilla-django-oidc-db introduces
maykinmedia · Feb 8, 2024 · 6d94eb9 · 6d94eb9
1 parent 878920a
commit 6d94eb9
Showing 1 changed file with 28 additions and 15 deletions.
diff --git a/README.rst b/README.rst
@@ -162,28 +162,41 @@ Usage
 =====
 
 Now OpenID Connect can be enabled/disabled via the admin (disabled by default)
-and the following settings for OpenID Connect can be configured in the admin:
-
-- ``oidc_rp_client_id``
-- ``oidc_rp_client_secret``
-- ``oidc_rp_sign_algo``
-- ``oidc_rp_scopes_list``
-- ``oidc_op_discovery_endpoint``
-- ``oidc_op_jwks_endpoint``
-- ``oidc_op_authorization_endpoint``
-- ``oidc_op_token_endpoint``
-- ``oidc_op_user_endpoint``
-- ``oidc_rp_idp_sign_key``
-
-If the ``oidc_op_discovery_endpoint`` is supplied, the other endpoints will be derived
-from this discovery endpoint.
+and the following settings from ``mozilla-django-oidc`` for OpenID Connect can be configured in the admin:
+
+- ``OIDC_RP_CLIENT_ID``
+- ``OIDC_RP_CLIENT_SECRET``
+- ``OIDC_RP_SIGN_ALGO``
+- ``OIDC_RP_SCOPES`` (via ``oidc_rp_scopes_list``)
+- ``OIDC_OP_JWKS_ENDPOINT``
+- ``OIDC_OP_AUTHORIZATION_ENDPOINT``
+- ``OIDC_OP_TOKEN_ENDPOINT``
+- ``OIDC_TOKEN_USE_BASIC_AUTH``
+- ``OIDC_OP_USER_ENDPOINT``
+- ``OIDC_RP_IDP_SIGN_KEY``
+- ``OIDC_USE_NONCE``
+- ``OIDC_STATE_SIZE``
+- ``OIDC_EXEMPT_URLS``
 
 In case no value is provided for one of these variables, the default from ``mozilla-django-oidc``
 will be used (if there is one). A detailed description of all settings can be found in the `mozilla-django-oidc settings documentation`_
 
 For more detailed documentation, refer to the `mozilla-django-oidc documentation`_. In this documentation
 the origin of the admin configurable settings is also explained.
 
+Additionally, ``mozilla-django-oidc-db`` adds the following customizable options as well:
+
+- ``userinfo_claims_source``: indicates the source of the user information (either ``userinfo_endpoint`` or ``id_token``)
+- ``oidc_op_discovery_endpoint``: if supplied, the other endpoints (like ``OIDC_OP_TOKEN_ENDPOINT`` and ``OIDC_OP_AUTHORIZATION_ENDPOINT``) will be derived from this discovery endpoint.
+- ``username_claim``: the name of the OIDC claim that is used as the username
+- ``claim_mapping``: mapping from user-model fields to OIDC claims
+- ``groups_claim``: The name of the OIDC claim that holds the values to map to local user groups
+- ``sync_groups``: if enabled, local Django user groups will be created for group names present in the groups claim, if they do not exist yet locally
+- ``sync_groups_glob_pattern``: the glob pattern that groups must match to be synchronized to the local database
+- ``default_groups``: the default groups to which **every** user logging in with OIDC will be assigned
+- ``make_users_staff``: if enabled, users will be flagged as being a staff user automatically. This allows users to login to the admin interface. By default they have no permissions, even if they are staff
+- ``superuser_group_names``: if any of these group names are present in the claims upon login, the user will be marked as a superuser. If none of these groups are present the user will lose superuser permissions. If this is left empty, the superuser status of users will not be changed
+
 User profile
 ------------