From 4e67fdb8a0630b740fefea742b8177d948045a39 Mon Sep 17 00:00:00 2001
From: Elias Fink <mail@eliasfink.de>
Date: Tue, 11 Nov 2025 22:58:07 +0100
Subject: [PATCH] Add OAUTH2 login to hedgedoc

---
 hedgedoc/compose.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/hedgedoc/compose.yml b/hedgedoc/compose.yml
index dc76c3d..733d309 100644
--- a/hedgedoc/compose.yml
+++ b/hedgedoc/compose.yml
@@ -12,6 +12,16 @@ services:
       CMD_ALLOW_EMAIL_REGISTER: false
       CMD_DB_URL: postgres://hedgedoc:${DB_PASSWORD}@hedgedoc_db:5432/hedgedoc
       CMD_DOMAIN: pad.eliasfink.de
+      CMD_OAUTH2_PROVIDERNAME: EFlogin
+      CMD_OAUTH2_CLIENT_ID: ${OAUTH2_CLIENT_ID}
+      CMD_OAUTH2_CLIENT_SECRET: ${OAUTH2_CLIENT_SECRET} 
+      CMD_OAUTH2_SCOPE: openid email profile
+      CMD_OAUTH2_AUTHORIZATION_URL: https://login.eliasfink.de/application/o/authorize/
+      CMD_OAUTH2_TOKEN_URL: https://login.eliasfink.de/application/o/token/
+      CMD_OAUTH2_USER_PROFILE_URL: https://login.eliasfink.de/application/o/userinfo/
+      CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
+      CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
+      CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
       CMD_PROTOCOL_USESSL: true
     networks:
       - default