Explain environment variables for OAuth 2.0 login in .env.example

Author: Minei3oat

.env.example

@@ -35,3 +35,29 @@
 # Can be generated with e.g. pwgen -s 64 1
 # Please provide a string of length 64+ characters
 # SESSION_SECRET=
+
+# Enable login with OAuth 2.0
+# OAUTH2_ENABLED: false
+# OAUTH2_CLIENT_ID: ctfnote
+# OAUTH2_CLIENT_SECRET: insecure_secret
+# OAUTH2_SCOPE: openid profile groups
+
+# The attribute to use as login and username
+# OAUTH2_USERNAME_ATTR: name
+
+# The attribute to use for determining the user's role
+# The attribute can either be a string or an array of strings
+# In case of an array, the highest role will be selected
+# OAUTH2_ROLE_ATTR: groups
+
+# A mapping for the values of the attribute to roles in CTFNote
+# roles: user_admin, user_manager, user_member, user_fried, user_guest, none (no access to CTFNote)
+# OAUTH2_ROLE_MAPPING: '{"ctf0_admin": "user_member"}'
+
+# Either specify the discovery url or all other properties
+# If a discovery url is provided, the other properties overwrite the values from the discovery
+# OAUTH2_DISCOVERY_URL: https://example.com/.well-known/openid-configuration
+# OAUTH2_ISSUER: https://example.com
+# OAUTH2_AUTHORIZATION_ENDPOINT: https://example.com/api/oidc/authorization
+# OAUTH2_TOKEN_ENDPOINT: https://example.com/api/oidc/token
+# OAUTH2_USERINFO_ENDPOINT: https://example.com/api/oidc/userinfo

api/src/plugins/loginWithOAuth2.ts

@@ -59,7 +59,7 @@ export async function checkOAuth2Enabled() {
             config.oauth2.tokenEndpoint || discoveryJson.token_endpoint,
           userinfoEndpoint:
             config.oauth2.userinfoEndpoint || discoveryJson.userinfo_endpoint,
-          issuer: discoveryJson.issuer || config.oauth2.issuer,
+          issuer: config.oauth2.issuer || discoveryJson.issuer,
         };
       } catch (error) {
         console.error(`Failed to fetch ${config.oauth2.discoveryUrl}:`, error);