From bd8188c9dffc9d0b7e67309832883aa396947ffa Mon Sep 17 00:00:00 2001
From: Dominik Schmidt <dev@dominik-schmidt.de>
Date: Thu, 31 Jul 2025 18:03:33 +0200
Subject: [PATCH] feat: add external-authelia idp config

---
 idm/external-authelia.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 idm/external-authelia.yml

diff --git a/idm/external-authelia.yml b/idm/external-authelia.yml
new file mode 100644
index 0000000..e4f5322
--- /dev/null
+++ b/idm/external-authelia.yml
@@ -0,0 +1,14 @@
+---
+services:
+  opencloud:
+    environment:
+      # enable opaque access tokens
+      PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD: "none"
+      PROXY_OIDC_SKIP_VERIFICATION: "false"
+
+      # oidc assignment driver currently doesn't work with the desktop client: https://github.com/opencloud-eu/desktop/issues/217
+      PROXY_ROLE_ASSIGNMENT_DRIVER: "default"
+      GRAPH_ASSIGN_DEFAULT_USER_ROLE: "true"
+
+      PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM: "groups"
+      WEB_OIDC_SCOPE: "openid profile email groups"