diff --git a/app/matrix/lib/matrix.libsonnet b/app/matrix/lib/matrix.libsonnet
index 9887f58f..4190941b 100644
--- a/app/matrix/lib/matrix.libsonnet
+++ b/app/matrix/lib/matrix.libsonnet
@@ -54,6 +54,15 @@ local postgres = import "../../../kube/postgres.libsonnet";
         cas: {
             # whether to enable the CAS proxy (ie. connect to hswaw sso via OAuth)
             enable: false,
+            # generate client ID and secret in with your OAuth2 provider, refer to https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/
+            oauth2: {
+                clientID:       error "cas.oauth2.clientID must be set",
+                clientSecret:   error "cas.oauth2.clientSecret must be set",
+                scope:          error "cas.oauth2.scope must be set",
+                authorizeURL:   error "cas.oauth2.authorizeURL must be set",
+                tokenURL:       error "cas.oauth2.tokenURL must be set",
+                userinfoURL:    error "cas.oauth2.userinfoURL must be set",
+            },
         },
     },
 
@@ -138,8 +147,12 @@ local postgres = import "../../../kube/postgres.libsonnet";
                             env_: {
                                 BASE_URL: "https://%s" % [cfg.webDomain],
                                 SERVICE_URL: "https://%s" % [cfg.webDomain],
-                                OAUTH2_CLIENT: "matrix",
-                                OAUTH2_SECRET: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
+                                OAUTH2_CLIENT: cfg.cas.oauth2.clientID,
+                                OAUTH2_SECRET: cfg.cas.oauth2.clientSecret,
+                                OAUTH2_SCOPE: cfg.cas.oauth2.scope,
+                                OAUTH2_AUTHORIZE: cfg.cas.oauth2.authorizeURL,
+                                OAUTH2_TOKEN: cfg.cas.oauth2.tokenURL,
+                                OAUTH2_USERINFO: cfg.cas.oauth2.userinfoURL,
                             },
                         },
                     },
diff --git a/app/matrix/matrix.hackerspace.pl.jsonnet b/app/matrix/matrix.hackerspace.pl.jsonnet
index e882636c..d71dd849 100644
--- a/app/matrix/matrix.hackerspace.pl.jsonnet
+++ b/app/matrix/matrix.hackerspace.pl.jsonnet
@@ -11,6 +11,14 @@ matrix {
         serverName: "hackerspace.pl",
         cas: {
             enable: true,
+            oauth2: {
+                clientID: "matrix",
+                clientSecret: { secretKeyRef: { name: "oauth2-cas-proxy", key: "oauth2_secret" } },
+                scope: "profile:read",
+                authorizeURL: "https://sso.hackerspace.pl/oauth/authorize",
+                tokenURL: "https://sso.hackerspace.pl/oauth/token",
+                userinfoURL: "https://sso.hackerspace.pl/api/1/profile",
+            },
         },
     },