From aa5c0592e72e7ef8c015208e9947b385e6a87e59 Mon Sep 17 00:00:00 2001
From: villepeh <100730729+villepeh@users.noreply.github.com>
Date: Mon, 15 May 2023 12:17:24 +0300
Subject: [PATCH] Update Mastodon SSO instructions (#15587)

---
 changelog.d/15587.doc | 1 +
 docs/openid.md        | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 changelog.d/15587.doc

diff --git a/changelog.d/15587.doc b/changelog.d/15587.doc
new file mode 100644
index 000000000..b0d768b46
--- /dev/null
+++ b/changelog.d/15587.doc
@@ -0,0 +1 @@
+Update and improve Mastodon Single Sign-On documentation.
diff --git a/docs/openid.md b/docs/openid.md
index 73f1e0612..9773a7de5 100644
--- a/docs/openid.md
+++ b/docs/openid.md
@@ -569,7 +569,7 @@ You should receive a response similar to the following. Make sure to save it.
 {"client_id":"someclientid_123","client_secret":"someclientsecret_123","id":"12345","name":"my_synapse_app","redirect_uri":"https://[synapse_public_baseurl]/_synapse/client/oidc/callback","website":null,"vapid_key":"somerandomvapidkey_123"}
 ```
 
-As the Synapse login mechanism needs an attribute to uniquely identify users, and Mastodon's endpoint does not return a `sub` property, an alternative `subject_claim` has to be set. Your Synapse configuration should include the following:
+As the Synapse login mechanism needs an attribute to uniquely identify users, and Mastodon's endpoint does not return a `sub` property, an alternative `subject_template` has to be set. Your Synapse configuration should include the following:
 
 ```yaml
 oidc_providers:
@@ -585,7 +585,9 @@ oidc_providers:
     scopes: ["read"]
     user_mapping_provider:
       config:
-        subject_claim: "id"
+        subject_template: "{{ user.id }}"
+        localpart_template: "{{ user.username }}"
+        display_name_template: "{{ user.display_name }}"
 ```
 
 Note that the fields `client_id` and `client_secret` are taken from the CURL response above.