Hi - new here but wanted to share that OAuth using Pocket ID is working well with Web and Desktop apps.
Notes:
- Seems there is a bug for OAuth in mobile apps not specific to Pocket ID due to the way Rocket.Chat mobile apps handle the browser.
- Where I have used mydomain you should replace with your Pocket ID public URL.
- This assumes you have Pocket ID already setup - it is not documented here - please follow instructions and look for help via: Introduction
Setup Steps:
In Pocket ID:
- Add OIDC Client
- Name: Rocket.Chat
- Client Launch URL: mydomain
- Callback URL set to https://mydomain/_oauth/pocketid
- PKCE disabled (enabled not tested as yet)
- Everything else default.
- Save (but keep a copy of Client ID and Client secret for Rocket.Chat config below.
In Rocket.Chat:
- Add Custom OAuth “Pocket ID”
- Enable: enabled
- URL: mydomain
- Token Path: /api/oidc/token
- Token Sent Via: Header
- Identity Token Sent Via: Same as “Token Sent Via”
- Identity Path: /api/oidc/userinfo
- Authorize Path: /authorize
- Scope: openid email profile groups
- Param Name for access token: access_token
- Id: “Client ID” from Pocket ID
- Secret: “Client secret” from Pocket ID
- Login Style: Redirect
- Button Text: Login with Pocket ID
- Key field: Username
- Username field: preferred_username
- Email field: email
- Name field: name
- Avatar field: picture
- Roles/Groups field name: groups
- Roles/Groups field for channel mapping: groups
- User Data Group Map: groups
- Merge Roles from SSO: enabled
- Roles to Sync: admin, member
- Merge users: enabled
- Show Button on Login Page: enabled
With this all setup and saved, test logging in with a test user - should all be working!
Thanks,
Shane.