Rocket.Chat - EGroupware/egroupware GitHub Wiki

Rocket.Chat custom OAuth configuration

Install Rocket.Chat via our egroupware-rocketchat package or eg. via docker-compose.

You need to create a Client-Identifier and -Secret via Admin >> OpenID / OAuth2 server >> Clients with the following grants:

  • Authorization Code
  • Refresh Token
  • Implicit

Then head in the Rocket.Chat Administration down to OAuth and click [Add custom oauth], give it a name eg. "EGroupware" and add the following values:

Enable:	        True
URL:	        https://example.org/egroupware/openid/endpoint.php
Token Path:     /access_token
Token Send Via: Payload
Identity Token Send Via:  Header
Identity Path:  /userinfo
Authorize Path: /authorize
Scope:          openid email profile roles
Param Name for access token: access_token
Id:             <client-id-from-egroupware>
Secret:         <client-secret-from-egroupware>
Login Style:    Redirect
Button Text:    EGroupware users click here
Username field: id
Name field:     name
Avatar field:   picture
Roles/Groups field name:  roles
Merge roles from SSO:     False (currently role got lost when rocketchat/status app login to RC api!)
Merge Users:    True

Then click on [Save changes] to activate login and user creation through EGroupware.

(If Rocket.Chat runs in Docker on a Mac and EGroupware directly on the Mac, use "docker.for.mac.localhost" as hostname, as it is different from localhost!)

If you only want users from EGroupware and no free registration with local passwords, go to Adminstration >> Accounts and set:

Show Default Login Form: False