Simple guide on how to set up Rocket.Chat with Feide login using Uninett's Dataporten service.
If you have selected email, profile, userid and userid-feide as available scopes for your application in the Dataporten Dashboard Rocket.Chat should receive a JSON response similar to this:
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"user": {
"userid": "76a7a061-3c55-430d-8ee0-6f82ec42501f",
"userid_sec": ["feide:andreas@uninett.no"],
"name": "Andreas \u00c5kre Solberg",
"email": "andreas.solberg@uninett.no",
"profilephoto": "p:a3019954-902f-45a3-b4ee-bca7b48ab507"
},
"audience": "e8160a77-58f8-4006-8ee5-ab64d17a5b1e"
}For more details, please read the Dataporten documentation.
As an administrator for a Rocket.Chat instance, click Administration, OAuth and Add custom OAuth, and add the following configuration:
Enable: True
URL: https://auth.dataporten.no
Token Path: /oauth/token
Identity Path: /userinfo
Authorize Path: /oauth/authorization
Scope: email profile userid userid-feide
Token Sent Via: Header
Id: ********-****-****-****-************
Secret: ********-****-****-****-************
Login Style: Redirect
...
Username field: id
Note that the Scope field actually takes a space-separated list of multiple scopes. Furthermore, mapping the username to id seems strange on the surface, but this works since Rocket.Chat under the hood rewrites id to user.userid to match the response from Dataporten.