diff --git a/charts/premium/authelia/Chart.yaml b/charts/premium/authelia/Chart.yaml index 78e24f8ccdc..b0b2465b89b 100644 --- a/charts/premium/authelia/Chart.yaml +++ b/charts/premium/authelia/Chart.yaml @@ -51,4 +51,4 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/premium/authelia - https://ghcr.io/authelia/authelia type: application -version: 23.12.1 +version: 23.13.0 diff --git a/charts/premium/authelia/questions.yaml b/charts/premium/authelia/questions.yaml index e5276beb285..e887aa38086 100644 --- a/charts/premium/authelia/questions.yaml +++ b/charts/premium/authelia/questions.yaml @@ -1142,6 +1142,19 @@ questions: type: string default: "form_post" required: true + - variable: token_endpoint_auth_method + description: "The supported client authentication methods this client supports." + label: "token_endpoint_auth_method" + schema: + type: list + default: [] + items: + - variable: methodEntry + label: "Method" + schema: + type: string + default: "client_secret_basic" + required: true - variable: require_pkce label: "Require PKCE" description: "This configuration option enforces the use of PKCE for this registered client." diff --git a/charts/premium/authelia/templates/_configmap.tpl b/charts/premium/authelia/templates/_configmap.tpl index 45ff8fe98ce..f12bec74c61 100644 --- a/charts/premium/authelia/templates/_configmap.tpl +++ b/charts/premium/authelia/templates/_configmap.tpl @@ -279,6 +279,12 @@ data: - {{ . }} {{- end }} {{- end }} + {{- if $client.token_endpoint_auth_method }} + token_endpoint_auth_method: + {{- range $client.token_endpoint_auth_method }} + - {{ . }} + {{- end }} + {{- end }} userinfo_signing_algorithm: {{ $client.userinfo_signing_algorithm | default "none" }} {{- if $client.require_pkce }} require_pkce: {{ $client.require_pkce }} diff --git a/charts/premium/authelia/values.yaml b/charts/premium/authelia/values.yaml index c9b82260e9f..f5f28cbd0c7 100644 --- a/charts/premium/authelia/values.yaml +++ b/charts/premium/authelia/values.yaml @@ -570,6 +570,12 @@ identity_providers: # - query # - fragment +## Client Authentication Method configures which client authentication methods this client supports. +## It's not recommended to configure this unless you know what you're doing. +# token_endpoint_auth_method: +# - client_secret_basic +# - client_secret_post + ## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256. # userinfo_signing_algorithm: none