External Authentication
Users that are not connected to your Peertube instance are joining the chat using “anonymous accounts” (they can freely choose a nickname, and will be assigned a random avatar).
You can enable some external authentication methods to allow user to create chat accounts. In such case their nickname and avatar will be automatically initialized with the remote account information.
Such “external account users” will be easier to moderate than anonymous accounts.
This also allows user to join the chat without creating Peertube account (in case your instance has closed registration for example, or without waiting for account approval).
This page will describe available authentication methods.
For the user documentation, see user documentation
OpenID Connect
This feature is still experimental. This feature is available with the plugin version >= 9.0.0.
You can configure one external OpenID Connect compatible provider.
Doing so, you can for example use your website for Single Sign-On.
Popular CMS softwares (Wordpess, …) offers plugins implementing OpenID Connect.
To enable this feature, first you have to create a client on your provider side (check the related documentation for enabling OpenID Connect). Then go to the plugin settings, and enable “Use an OpenID Connect provider”.
Note: if you want to restrict allowed redirection urls on the provider side (best security practice), the plugin will show you the url to allow. Just copy it in your OpenID Connect application configuration.
You will now have to fill some settings.
連接按鈕的標籤
此標籤將作為向該 OIDC 提供者進行身份驗證的按鈕標籤顯示給使用者。
This is the button label in the following screenshot:
For now, it is not possible to localize this label.
OIDC_custom_dicovery_url
Your OpenID Connect provider must implement the discovery
URL. Just set
here the discovery url, that should be something like
https://example.com/.well-known/openid-configuration
.
Note: if your provider use the standard /.well-known/openid-configuration
path, you can omit it. For example https://accounts.google.com
will work.
Client ID
Your application Client ID.
Client secret
You application Client secret.
Google, Facebook, …
In addition to that, you can also configure one or several “standard” Open ID Connect provider (Google, Facebook, …).
For these providers, discovery url and button label are preset. You just have to create an OAuth2 application on the provider side, and configure Client ID and Client Secret.
If you think of a standard provider that is not available, you can ask for implementation by opening a new issue.
Troubleshooting
If the button does not appear for end users, there might be a configuration issue. You can try the diagnostic tool to get more information.
Note: if you are connected to your Peertube account, the button will never show. So use a private browser window to test.
If the button is displayed but is not working, check your Peertube logs. It could be because the remote service does not use standard scopes or attribute names.
More to come
Other authentication methods will be implemented in the future.