OIDC doc: adds missing jwt_config values to authentik example (#18931)

maxkratz · anoadragon453 · web-flow · commit 4367fb2d078c · 2025-09-18T15:05:41.000+01:00
Co-authored-by: Andrew Morgan &lt;1342360+anoadragon453@users.noreply.github.com&gt;
diff --git a/changelog.d/18931.doc b/changelog.d/18931.doc
@@ -0,0 +1,2 @@
+Clarify necessary `jwt_config` parameter in OIDC documentation for authentik.
+Contributed by @maxkratz.
diff --git a/docs/openid.md b/docs/openid.md
@@ -186,6 +186,7 @@ oidc_providers:
 4. Note the slug of your application, Client ID and Client Secret.
 
 Note: RSA keys must be used for signing for Authentik, ECC keys do not work.
+Note: The provider must have a signing key set and must not use an encryption key.
 
 Synapse config:
 ```yaml
@@ -204,6 +205,12 @@ oidc_providers:
       config:
         localpart_template: "{{ user.preferred_username }}"
         display_name_template: "{{ user.preferred_username|capitalize }}" # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize.
+[...]
+jwt_config:
+    enabled: true
+    secret: "your client secret" # TO BE FILLED (same as `client_secret` above)
+    algorithm: "RS256"
+    # (...other fields)
 ```
 
 ### Dex

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+Clarify necessary `jwt_config` parameter in OIDC documentation for authentik.
	`2`	`+Contributed by @maxkratz.`