commit 9025794d2665dd477ce4c48efaf407a9505e5f69
parent 1d506135640319e451858b876de3c9d20a6b2a45
Author: decentral1se <decentral1se@web>
Date: Sat, 11 Apr 2026 22:31:16 +0200
fix: use confidential
Diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eik.mdwn b/eik.mdwn
@@ -245,7 +245,7 @@ This avoids us having to hand out a HTTP basic auth username/password on top of
The configuration is fairly hairy but once you get it, you get it. And yes, if `rauthy` is down, there is no access. It's as solid as HTTP basic auth. The `rauthy` [docs](https://sebadob.github.io/rauthy/work/forward_auth.html#advanced-forward-auth) cover it but the TLDR; if you're moving fast:
-* Create a non-confidential client on Rauthy with the correct allowed origin (the URL you want to protect) and redirect URI (the URL you want to protect + /callback)
+* Create a confidential client (we don't use the password) on Rauthy with the correct allowed origin (the URL you want to protect) and redirect URI (the URL you want to protect + /callback)
* Disable PKCE in the `rauthy` web client UI
* Configure your Nginx configuration roughly like below. Refer to [the rauthy docs](https://sebadob.github.io/rauthy/work/forward_auth.html#advanced-forward-auth) for full context and tips. Please note, `<YOUR-CLIENT-ID>` must be replaced in the minimal configuration example below.
