pocketid/website
0
0
Fork 0
mirror of https://github.com/pocket-id/website.git synced 2026-02-16 14:27:17 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
website/docs/client-examples/headscale.md

951 B
Raw Permalink Blame History

title, description
title description
Headscale Configure Headscale VPN with Pocket ID OIDC

Create OIDC Client in Pocket ID

  1. Create a new OIDC Client in Pocket ID (e.g., Headscale).
  2. Set the callback URL: https://<HEADSCALE-DOMAIN>/oidc/callback, or leave blank to autofill on first login.
  3. Enable PKCE.
  4. Copy the Client ID and Client Secret.

Configure Headscale

Note

Refer to the example config.yaml for full OIDC configuration options.

Add the following to config.yaml:

oidc:
  issuer: 'https://<POCKET-ID-DOMAIN>'
  client_id: '<CLIENT-ID>'
  client_secret: '<CLIENT-SECRET>'
  pkce:
    enabled: true
    method: S256

(Optional) Restrict Access to Certain Groups

To allow only specific groups, add:

scope: ['openid', 'profile', 'email', 'groups']
allowed_groups:
  - <POCKET-ID-GROUP-NAME> #example: headscale
Reference in New Issue View Git Blame Copy Permalink