If you want to use Piwik with this service, either install it via composer or use a distribution-provided package and point the Apache config and settings to it.
+The default skin of the service is intentionally very generic. To create your own skin, copy the app/skin/default folder to a new folder next ot it (matching the skin name you put into settings) and adapt the files contained in there. Right now the SVG file is unused and you don't need it but in the future it may get used.
+
+When using it as an OAuth2 provider for login to another site, here are the important endpoints:
+* /authorize --- authentication, call with ?response_type=code&client_id=...&state=...&scope=...&redirect_uri=... - only response_type=code is supported right now (will display HTML form to user and send JSON to redirect_uri).
+* /token --- fetch token, this is both for getting access tokens and refresh tokens (as usual).
+* /api --- API, needs to be called with a valid access token, mostly for getting email address (?email with email scope), but can also be used for adding a new OAuth2 client (?newclient with clientreg scope).
+* / (or index.php) --- You shouldn't call this from the other site, but people can access it directly and may be redirected/pointed to it in the auth flow.
+
+You need the "email" scope for normal login operation, so you can fetch a (verified) login email after authentication.
+
+There is (rudimentary) UI for adding new OAuth2 clients, which can be whitelisted for certain users only by adding their email addresses into the settings file (client_reg_email_whitelist).
+
Please don't use GitHub for issue tracking but http://bugzilla.kairo.at/ - Product: KaiRo Software, Component: Authentication Service
projects / authserver.git / blobdiff