From 5ca70cd8e4de7801e7cf607f5fe41cdb5c15e819 Mon Sep 17 00:00:00 2001
From: Yadd <yadd@debian.org>
Date: Thu, 16 May 2024 07:12:09 +0400
Subject: [PATCH 1/2] Update Lemonldap-NG OIDC config

---
 docs/openid.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/openid.md b/docs/openid.md
index 9773a7de52e..7a10b1615b8 100644
--- a/docs/openid.md
+++ b/docs/openid.md
@@ -525,6 +525,8 @@ oidc_providers:
   (`Options > Security > ID Token signature algorithm` and `Options > Security >
   Access Token signature algorithm`)
 - Scopes: OpenID, Email and Profile
+- Force claims into `id_token`
+  (`Options > Advanced > Force claims to be returned in ID Token`)
 - Allowed redirection addresses for login (`Options > Basic > Allowed
   redirection addresses for login` ) :
   `[synapse public baseurl]/_synapse/client/oidc/callback`

From 44c67130b22908eed9871312e432e45b9b6caba0 Mon Sep 17 00:00:00 2001
From: Yadd <yadd@debian.org>
Date: Thu, 16 May 2024 07:21:54 +0400
Subject: [PATCH 2/2] Add changelog entry

---
 changelog.d/17204.doc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/17204.doc

diff --git a/changelog.d/17204.doc b/changelog.d/17204.doc
new file mode 100644
index 00000000000..5a5a8f5107a
--- /dev/null
+++ b/changelog.d/17204.doc
@@ -0,0 +1 @@
+Update OIDC documentation: by default Matrix doesn't query userinfo endpoint, then claims should be put on id_token.