From 2d1d1c62dcb78010e7ec0f4945e397cbd43e91d4 Mon Sep 17 00:00:00 2001 From: Moritz Date: Tue, 24 Feb 2026 15:07:52 +0100 Subject: [PATCH] Docs and .env.example: document OIDC_ONLY --- .env.example | 4 ++++ docs/admin-bootstrap-and-oidc-role-sync.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.env.example b/.env.example index 543579c..e24b118 100644 --- a/.env.example +++ b/.env.example @@ -31,6 +31,10 @@ ASSOCIATION_NAME="Sportsclub XYZ" # OIDC_ADMIN_GROUP_NAME=admin # OIDC_GROUPS_CLAIM=groups +# Optional: Show only OIDC sign-in on login page (hide password form). +# When set to true and OIDC is configured, users see only the Single Sign-On button. +# OIDC_ONLY=true + # Optional: Vereinfacht accounting integration (finance-contacts sync) # If set, these override values from Settings UI; those fields become read-only. # VEREINFACHT_API_URL=https://api.verein.visuel.dev/api/v1 diff --git a/docs/admin-bootstrap-and-oidc-role-sync.md b/docs/admin-bootstrap-and-oidc-role-sync.md index ef7c4ce..abbd03f 100644 --- a/docs/admin-bootstrap-and-oidc-role-sync.md +++ b/docs/admin-bootstrap-and-oidc-role-sync.md @@ -33,6 +33,10 @@ - `OIDC_GROUPS_CLAIM` – JWT claim name for group list (default "groups"). - Module: Mv.OidcRoleSyncConfig (oidc_admin_group_name/0, oidc_groups_claim/0). +### Sign-in page (OIDC-only mode) + +- `OIDC_ONLY` (or Settings → OIDC → "Only OIDC sign-in") – When set to true/1/yes and OIDC is configured, the sign-in page shows only the Single Sign-On button (password login is hidden). ENV takes precedence over Settings. + ### Sync Logic - Mv.OidcRoleSync.apply_admin_role_from_user_info(user, user_info) – If admin group configured, sets user role to Admin or Mitglied based on user_info groups.