docs: ✏️ Add custom OAuth issuer docs

2025-07-27 10:02:59 +08:00 · 2025-06-09 17:22:09 +02:00 · 2025-06-09 17:22:09 +02:00 · 988a2b8d29
commit 988a2b8d29
parent 9c38398ae3
13 changed files with 57 additions and 46 deletions
--- a/apps/server/src/assets/doc_notes/en/User
+++ b/apps/server/src/assets/doc_notes/en/User
@ -46,7 +46,7 @@
  variable to something larger than the integer <code>250</code> (e.g. <code>450</code> in
  the following example):</p><pre><code class="language-text-x-trilium-auto">export MAX_ALLOWED_FILE_SIZE_MB=450</code></pre>
 <h3>Disabling Authentication</h3>
-<p>See&nbsp;<a class="reference-link" href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/_help_0hzsNCP31IAB">Authentication</a>.</p>
+<p>See&nbsp;<a class="reference-link" href="#root/_help_0hzsNCP31IAB">Authentication</a>.</p>
 <h2>Reverse Proxy Setup</h2>
 <p>To configure a reverse proxy for Trilium, you can use either <strong>nginx</strong> or <strong>Apache</strong>.
  You can also check out the documentation stored in the Reverse proxy folder.</p>
--- a/apps/server/src/assets/doc_notes/en/User
+++ b/apps/server/src/assets/doc_notes/en/User
@ -10,7 +10,14 @@ vim default.conf</code></pre>
  </li>
  <li>
    <p>Fill the file with the context shown below, part of the setting show be
-      changed. Then you can enjoy your web with HTTPS forced and proxy.</p><pre><code class="language-text-x-trilium-auto"># This part is for proxy and HTTPS configure
+      changed. Then you can enjoy your web with HTTPS forced and proxy.</p><pre><code class="language-text-x-trilium-auto"># This part configures, where your Trilium server is running
 upstream trilium {
  zone trilium 64k;
  server 127.0.0.1:8080; # change it to a different hostname and port if non-default is used
  keepalive 2;
 }
 # This part is for proxy and HTTPS configure
 server {
    listen 443 ssl;
    server_name trilium.example.net; #change trilium.example.net to your domain without HTTPS or HTTP.
@ -29,9 +36,8 @@ server {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
-        proxy_pass http://127.0.0.1:8080; # change it to a different port if non-default is used
+        proxy_pass http://trilium;
        proxy_read_timeout 90;
        proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
    }
 }
@ -52,16 +58,16 @@ server {
      <li>add the <code>proxy_cookie_path</code> directive with the same path: this
        allows you to stay logged in at multiple instances at the same time.</li>
    </ul><pre><code class="language-text-x-trilium-auto">    location /trilium/instance-one {
        rewrite /trilium/instance-one/(.*) /$1  break;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
-        proxy_pass http://127.0.0.1:8080; # change it to a different port if non-default is used
+        proxy_pass http://trilium;
        proxy_cookie_path / /trilium/instance-one
        proxy_read_timeout 90;
        proxy_redirect http://127.0.0.1:8080 https://trilium.example.net; # change them based on your IP, port and domain
    }
 </code></pre>
  </li>
--- a/apps/server/src/assets/doc_notes/en/User
+++ b/apps/server/src/assets/doc_notes/en/User
@ -4,7 +4,7 @@
  by adding the following to <code>config.ini</code>:</p><pre><code class="language-text-x-trilium-auto">[General]
 noAuthentication=true</code></pre>
 <p>Disabling authentication will bypass even the&nbsp;<a class="reference-link"
-  href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/WOcw2SLH6tbX/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>&nbsp;since
+  href="#root/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>&nbsp;since
  v0.94.1.</p>
 <h2>Understanding how the session works</h2>
 <p>Once logged into Trilium, the application will store this information
@ -22,14 +22,14 @@ cookieMaxAge=86400</code></pre>
  the <em>last interaction with the application</em>.</p>
 <h2>Viewing active sessions</h2>
 <p>The login sessions are now stored in the same&nbsp;<a class="reference-link"
-  href="#root/pOsGYCXsbNQG/tC7s2alapj8V/_help_wX4HbRucYSDD">Database</a>&nbsp;as
+  href="#root/_help_wX4HbRucYSDD">Database</a>&nbsp;as the user data. In
-  the user data. In order to view which sessions are active, open the&nbsp;
+  order to view which sessions are active, open the&nbsp;<a class="reference-link"
-  <a
+  href="#root/_help_YKWqdJhzi2VY">SQL Console</a>&nbsp;and run the following
-  class="reference-link" href="#root/pOsGYCXsbNQG/tC7s2alapj8V/wX4HbRucYSDD/oyIAJ9PvvwHX/_help_YKWqdJhzi2VY">SQL Console</a>&nbsp;and run the following query:</p><pre><code class="language-text-x-sqlite-schema-trilium">SELECT * FROM sessions</code></pre>
+  query:</p><pre><code class="language-text-x-trilium-auto">SELECT * FROM sessions</code></pre>
 <p>Expired sessions are periodically cleaned by the server, generally an
  hourly interval.</p>
 <h2>See also</h2>
 <ul>
-  <li><a class="reference-link" href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/WOcw2SLH6tbX/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>
+  <li><a class="reference-link" href="#root/_help_7DAiwaf8Z7Rz">Multi-Factor Authentication</a>
  </li>
 </ul>
--- a/apps/server/src/assets/doc_notes/en/User
+++ b/apps/server/src/assets/doc_notes/en/User
@ -41,10 +41,6 @@ class="admonition warning">
      the page).</li>
  </ol>
  <h3>OpenID</h3>
  <aside class="admonition note">
    <p>Currently only compatible with Google. Other services like Authentik and
      Auth0 are planned on being added.</p>
  </aside>
  <p>In order to setup OpenID, you will need to setup a authentication provider.
    This requires a bit of extra setup. Follow <a href="https://developers.google.com/identity/openid-connect/openid-connect">these instructions</a> to
    setup an OpenID service through google.</p>
@ -61,4 +57,12 @@ class="admonition warning">
    <li>Click the “Enable Multi-Factor Authentication” checkbox if not checked</li>
    <li>Choose “OAuth/OpenID” under MFA Method</li>
    <li>Refresh the page and login through OpenID provider</li>
-  </ol>
+  </ol>
  <aside class="admonition note">
    <p>The default OAuth issuer is Google. To use other services such as Authentik
      or Auth0, you can configure the settings via <code>oauthIssuerBaseUrl</code>, <code>oauthIssuerName</code>,
      and <code>oauthIssuerIcon</code> in the <code>config.ini</code> file. Alternatively,
      these values can be set using environment variables: <code>TRILIUM_OAUTH_ISSUER_BASE_URL</code>, <code>TRILIUM_OAUTH_ISSUER_NAME</code>,
      and <code>TRILIUM_OAUTH_ISSUER_ICON</code>. <code>oauthIssuerName</code> and <code>oauthIssuerIcon</code> are
      required for displaying correct issuer information at the Login page.</p>
  </aside>
--- a/apps/server/src/assets/doc_notes/en/User
+++ b/apps/server/src/assets/doc_notes/en/User
@ -135,7 +135,8 @@ body.electron:not(.native-titlebar) {
 <h2>Custom fonts</h2>
 <p>Currently the only way to include a custom font is to use&nbsp;<a href="#root/_help_d3fAXQ2diepH">Custom resource providers</a>.
  Basically import a font into Trilium and assign it <code>#customResourceProvider=fonts/myfont.ttf</code> and
-  then import the font in CSS via <code>/custom/fonts/myfont.ttf</code>.</p>
+  then import the font in CSS via <code>/custom/fonts/myfont.ttf</code>. Use <code>../../../custom/fonts/myfont.ttf</code> if
  you run your Trilium server on a different path than <code>/</code>.</p>
 <h2>Dark and light themes</h2>
 <p>A light theme needs to have the following CSS:</p><pre><code class="language-text-css">:root {
 	--theme-style: light;
--- a/Guide/!!!meta.json
+++ b/Guide/!!!meta.json
@ -1,6 +1,6 @@
 {
    "formatVersion": 2,
-    "appVersion": "0.94.0",
+    "appVersion": "0.94.1",
    "files": [
        {
            "isClone": false,
--- a/Notes/!!!meta.json
+++ b/Notes/!!!meta.json
@ -1,6 +1,6 @@
 {
    "formatVersion": 2,
-    "appVersion": "0.94.0",
+    "appVersion": "0.94.1",
    "files": [
        {
            "isClone": false,
--- a/Notes/v0.94.1.md
+++ b/Notes/v0.94.1.md
@ -1,6 +1,6 @@
 # v0.94.1
 > [!NOTE]
-> *TriliumNext Notes* will rebrand itself back to Trilium Notes since @zadam was kind enough to give us the original name. See [#2190](https://github.com/orgs/TriliumNext/discussions/2190) for more info. This will probably be the "last" version branded as *TriliumNext Notes*.
+> _TriliumNext Notes_ will rebrand itself back to Trilium Notes since @zadam was kind enough to give us the original name. See [#2190](https://github.com/orgs/TriliumNext/discussions/2190) for more info. This will probably be the "last" version branded as _TriliumNext Notes_.
 > [!IMPORTANT]
 > If you enjoyed this release, consider showing a token of appreciation by:
--- a/Guide/!!!meta.json
+++ b/Guide/!!!meta.json
@ -1,6 +1,6 @@
 {
    "formatVersion": 2,
-    "appVersion": "0.94.0",
+    "appVersion": "0.94.1",
    "files": [
        {
            "isClone": false,
@ -189,23 +189,23 @@
                                {
                                    "type": "relation",
                                    "name": "internalLink",
-                                    "value": "fDLvzOx29Pfg",
+                                    "value": "0hzsNCP31IAB",
                                    "isInheritable": false,
                                    "position": 120
                                },
                                {
                                    "type": "relation",
                                    "name": "internalLink",
                                    "value": "fDLvzOx29Pfg",
                                    "isInheritable": false,
                                    "position": 130
                                },
                                {
                                    "type": "label",
                                    "name": "shareAlias",
                                    "value": "server-installation",
                                    "isInheritable": false,
                                    "position": 30
                                },
                                {
                                    "type": "relation",
                                    "name": "internalLink",
                                    "value": "0hzsNCP31IAB",
                                    "isInheritable": false,
                                    "position": 130
                                }
                            ],
                            "format": "markdown",
@ -674,32 +674,32 @@
                                    "mime": "text/html",
                                    "attributes": [
                                        {
-                                            "type": "label",
+                                            "type": "relation",
-                                            "name": "iconClass",
+                                            "name": "internalLink",
-                                            "value": "bx bx-lock-alt",
+                                            "value": "wX4HbRucYSDD",
                                            "isInheritable": false,
                                            "position": 10
                                        },
                                        {
                                            "type": "relation",
                                            "name": "internalLink",
-                                            "value": "7DAiwaf8Z7Rz",
+                                            "value": "YKWqdJhzi2VY",
                                            "isInheritable": false,
                                            "position": 20
                                        },
                                        {
                                            "type": "relation",
                                            "name": "internalLink",
-                                            "value": "wX4HbRucYSDD",
+                                            "value": "7DAiwaf8Z7Rz",
                                            "isInheritable": false,
                                            "position": 30
                                        },
                                        {
-                                            "type": "relation",
+                                            "type": "label",
-                                            "name": "internalLink",
+                                            "name": "iconClass",
-                                            "value": "YKWqdJhzi2VY",
+                                            "value": "bx bx-lock-alt",
                                            "isInheritable": false,
-                                            "position": 40
+                                            "position": 10
                                        }
                                    ],
                                    "format": "markdown",
--- a/Guide/Installation
+++ b/Guide/Installation
@ -73,4 +73,4 @@ Configure Nginx proxy and HTTPS. The operating system here is Ubuntu 18.04.
            proxy_read_timeout 90;
        }
-    ```
+    ```
--- a/Installation/Authentication.md
+++ b/Installation/Authentication.md
@ -27,7 +27,7 @@ When “Remember me” is unchecked, the behavior is different. At client/browse
 The login sessions are now stored in the same <a class="reference-link" href="../../Advanced%20Usage/Database.md">Database</a> as the user data. In order to view which sessions are active, open the <a class="reference-link" href="../../Advanced%20Usage/Database/Manually%20altering%20the%20database/SQL%20Console.md">SQL Console</a> and run the following query:
-```trilium
+```
 SELECT * FROM sessions
 ```
--- a/Installation/Multi-Factor
+++ b/Installation/Multi-Factor
@ -34,9 +34,6 @@ MFA can only be set up on a server instance.
 ### OpenID
 > [!NOTE]
 > Currently only compatible with Google. Other services like Authentik and Auth0 are planned on being added.
 In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow [these instructions](https://developers.google.com/identity/openid-connect/openid-connect) to setup an OpenID service through google.
 1.  Set the `oauthBaseUrl`, `oauthClientId` and `oauthClientSecret` in the `config.ini` file (check <a class="reference-link" href="../../Advanced%20Usage/Configuration%20(config.ini%20or%20e.md">Configuration (config.ini or environment variables)</a> for more information).
@ -45,4 +42,7 @@ In order to setup OpenID, you will need to setup a authentication provider. This
 3.  Go to "Menu" -> "Options" -> "MFA"
 4.  Click the “Enable Multi-Factor Authentication” checkbox if not checked
 5.  Choose “OAuth/OpenID” under MFA Method
-6.  Refresh the page and login through OpenID provider
+6.  Refresh the page and login through OpenID provider
 > [!NOTE]
 > The default OAuth issuer is Google. To use other services such as Authentik or Auth0, you can configure the settings via `oauthIssuerBaseUrl`, `oauthIssuerName`, and `oauthIssuerIcon` in the `config.ini` file. Alternatively, these values can be set using environment variables: `TRILIUM_OAUTH_ISSUER_BASE_URL`, `TRILIUM_OAUTH_ISSUER_NAME`, and `TRILIUM_OAUTH_ISSUER_ICON`. `oauthIssuerName` and `oauthIssuerIcon` are required for displaying correct issuer information at the Login page.
--- a/development/Reference.md
+++ b/development/Reference.md
@ -195,4 +195,4 @@ If the theme is auto (e.g. supports both light or dark based on `prefers-color-s
 }
 ```
-This will affect the behavior of the Electron application by informing the operating system of the color preference (e.g. background effects will appear correct on Windows).
+This will affect the behavior of the Electron application by informing the operating system of the color preference (e.g. background effects will appear correct on Windows).