From f6a045c6b176083000e4179ecdc1f7a114f3bdfc Mon Sep 17 00:00:00 2001
From: Valentin Iovene <val@too.gy>
Date: Sun, 27 Oct 2024 18:44:26 +0100
Subject: [PATCH 1/3] Add Forgejo oidc provider config example

---
 docs/openid.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/docs/openid.md b/docs/openid.md
index 7a10b1615b8..1f84b23aeda 100644
--- a/docs/openid.md
+++ b/docs/openid.md
@@ -336,6 +336,36 @@ but it has a `response_types_supported` which excludes "code" (which we rely on,
 is even mentioned in their [documentation](https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login)),
 so we have to disable discovery and configure the URIs manually.
 
+### Forgejo
+
+Forgejo is a fork of Gitea that can act as an OAuth2 provider.
+
+The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined sub claim.
+
+Synapse config:
+
+```yaml
+oidc_providers:
+  - idp_id: forgejo
+    idp_name: Forgejo
+    discover: false
+    issuer: "https://your-forgejo.com/"
+    client_id: "your-client-id" # TO BE FILLED
+    client_secret: "your-client-secret" # TO BE FILLED
+    client_auth_method: client_secret_post
+    scopes: ["openid", "profile", "email", "groups"]
+    authorization_endpoint: "https://your-forgejo.com/login/oauth/authorize"
+    token_endpoint: "https://your-forgejo.com/login/oauth/access_token"
+    userinfo_endpoint: "https://your-forgejo.com/api/v1/user"
+    user_mapping_provider:
+      config:
+        subject_claim: "sub"
+        picture_claim: "picture"
+        localpart_template: "{{ user.preferred_username }}"
+        display_name_template: "{{ user.name }}"
+        email_template: "{{ user.email }}"
+```
+
 ### GitHub
 
 [GitHub][github-idp] is a bit special as it is not an OpenID Connect compliant provider, but

From 0a6116723f3c791fe5d020697170756f438da8cf Mon Sep 17 00:00:00 2001
From: Valentin Iovene <val@too.gy>
Date: Sun, 27 Oct 2024 20:20:31 +0100
Subject: [PATCH 2/3] Create 17872.doc

---
 changelog.d/17872.doc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/17872.doc

diff --git a/changelog.d/17872.doc b/changelog.d/17872.doc
new file mode 100644
index 00000000000..7f8b2d34953
--- /dev/null
+++ b/changelog.d/17872.doc
@@ -0,0 +1 @@
+Add OIDC example configuration for Forgejo (fork of Gitea).

From c4007b646b7213e2eeb781719c15eadec1265a5f Mon Sep 17 00:00:00 2001
From: Valentin Iovene <val@too.gy>
Date: Mon, 18 Nov 2024 11:49:50 +0100
Subject: [PATCH 3/3] Update docs/openid.md

Co-authored-by: Eric Eastwood <madlittlemods@gmail.com>
---
 docs/openid.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/openid.md b/docs/openid.md
index 1f84b23aeda..5a3d7e9fba6 100644
--- a/docs/openid.md
+++ b/docs/openid.md
@@ -340,7 +340,7 @@ so we have to disable discovery and configure the URIs manually.
 
 Forgejo is a fork of Gitea that can act as an OAuth2 provider.
 
-The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined sub claim.
+The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined `subject_claim` and `scopes`.
 
 Synapse config: