From 87ef2d97fa1eab1769ca85cb0c8d78f89d623c86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Mon, 19 Jan 2026 21:38:20 +0100 Subject: [PATCH] Clarify what the two requests are used for (#2179) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- services/webfinger/README.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/services/webfinger/README.md b/services/webfinger/README.md index 4fb0a6cde5..b43f7ba409 100644 --- a/services/webfinger/README.md +++ b/services/webfinger/README.md @@ -1,6 +1,11 @@ # Webfinger -The webfinger service provides an RFC7033 WebFinger lookup of OpenCloud instances relevant for a given user account via endpoints a the /.well-known/webfinger implementation. +The webfinger service provides an RFC7033 WebFinger lookup of OpenCloud resources, relevant for a given user account at the /.well-known/webfinger enpoint. + +1. An [OpenID Connect Discovery](#openid-connect-discovery) for the IdP, based on the OpenCloud URL. +2. An [Authenticated Instance Discovery](#authenticated-instance-discovery), based on the user account. + +These two request are only needed for discovery. ## OpenID Connect Discovery @@ -18,7 +23,7 @@ Clients can make an unauthenticated `GET https://drive.opencloud.test/.well-know } ``` -Here, the `resource` takes the instance domain URI, but an `acct:` URI works as well. +Here, the `resource` takes the instance domain URI, but an `acct:` URI works as well. ## Authenticated Instance Discovery @@ -58,14 +63,14 @@ webfinger: - claim: email regex: alan@example\.org href: "https://{{.preferred_username}}.cloud.opencloud.test" - title: + title: "en": "OpenCloud Instance for Alan" "de": "OpenCloud Instanz für Alan" break: true - claim: "email" regex: mary@example\.org href: "https://{{.preferred_username}}.cloud.opencloud.test" - title: + title: "en": "OpenCloud Instance for Mary" "de": "OpenCloud Instanz für Mary" break: false