From 935f1d32a45a401492e60f8d8c7950593ededbc0 Mon Sep 17 00:00:00 2001 From: Suguru Hirahara Date: Mon, 23 Dec 2024 14:31:09 +0900 Subject: [PATCH] Update docs/configuring-playbook-user-verification-service.md: move the section for obtaining an access token up Signed-off-by: Suguru Hirahara --- ...ring-playbook-user-verification-service.md | 24 +++++++------------ 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/docs/configuring-playbook-user-verification-service.md b/docs/configuring-playbook-user-verification-service.md index 63c5d4bf5..ab789a9f0 100644 --- a/docs/configuring-playbook-user-verification-service.md +++ b/docs/configuring-playbook-user-verification-service.md @@ -41,34 +41,28 @@ You can use the playbook to [register a new user](registering-users.md): ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=uvs password=PASSWORD_FOR_THE_USER admin=yes' --tags=register-user ``` +### Obtain an access token + +UVS requires an access token as an admin user to verify RoomMembership and PowerLevel against `matrix_user_verification_service_uvs_homeserver_url`. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). + +⚠️ **Warning**: Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone. + ## Adjusting the playbook configuration -To enable UVS, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file: +To enable UVS, add the following configuration to your `inventory/host_vars/matrix.example.com/vars.yml` file. Make sure to replace `ACCESS_TOKEN_HERE` with the one created [above](#obtain-an-access-token). ```yaml matrix_user_verification_service_enabled: true + +matrix_user_verification_service_uvs_access_token: "ACCESS_TOKEN_HERE" ``` ## Configuration -The only required configuration variable is `matrix_user_verification_service_uvs_access_token` (see below). - For a list of all configuration options see the role defaults [`roles/matrix-user-verification-service/defaults/main.yml`](../roles/custom/matrix-user-verification-service/defaults/main.yml). But be aware of all the plugging happening in `group_vars/matrix_servers`. In the default configuration, the UVS Server is only reachable via the docker network, which is fine if e.g. Jitsi is also running in a container on the host. However, it is possible to expose UVS via setting `matrix_user_verification_service_container_http_host_bind_port`. -### Obtain an access token - -The Synapse Access Token is used to verify RoomMembership and PowerLevel against `matrix_user_verification_service_uvs_homeserver_url`. - -You are required to specify an access token (belonging to this new user) for UVS to work. Refer to the documentation on [how to obtain an access token](obtaining-access-tokens.md). - -⚠️ **Warning**: Access tokens are sensitive information. Do not include them in any bug reports, messages, or logs. Do not share the access token with anyone. - -```yaml -matrix_user_verification_service_uvs_access_token: "ACCESS_TOKEN_HERE" -``` - ### Custom Auth Token (optional) It is possible to set an API Auth Token to restrict access to the UVS. If this is enabled, anyone making a request to UVS must provide it via the header "Authorization: Bearer TOKEN"