local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 59 Pull requests 2 Projects 2 Releases Packages 1 Activity Actions

Rename OIDC strategy from :rauthy to :oidc, update callback path

Browse source 
- Rename AshAuthentication strategy from :oidc :rauthy to :oidc :oidc;
  generated actions are now register_with_oidc / sign_in_with_oidc.
- Update config keys (:rauthy → :oidc) in dev.exs and runtime.exs.
- Update default_redirect_uri to /auth/user/oidc/callback everywhere.
- Rename Mv.Accounts helper functions accordingly.
- Update Mv.Secrets, AuthController, link_oidc_account_live and all tests.
- Update docker-compose.prod.yml, .env.example, README and docs.

IMPORTANT: OIDC providers must be updated to use the new redirect URI
/auth/user/oidc/callback instead of /auth/user/rauthy/callback.
This commit is contained in:
Moritz 2026-02-24 10:34:36 +01:00
parent c637b6b84f
commit 339d37937a
Signed by: moritz
GPG key ID: 1020A035E5DD0824
25 changed files with 134 additions and 135 deletions
Download patch file Download diff file Expand all files Collapse all files

4
config/dev.exs
View file

@ -93,11 +93,11 @@ config :mv, :secret_key_base, "ryn7D6ssmIHQFWIks2sFiTGATgwwAR1+3bN8p7fy6qVtB8qnx
# Signing Secret for Authentication
config :mv, :token_signing_secret, "IwUwi65TrEeExwBXXFPGm2I7889NsL"
config :mv, :rauthy,
config :mv, :oidc,
client_id: "mv",
base_url: "http://localhost:8080/auth/v1",
client_secret: System.get_env("OIDC_CLIENT_SECRET"),
redirect_uri: "http://localhost:4000/auth/user/rauthy/callback"
redirect_uri: "http://localhost:4000/auth/user/oidc/callback"
# AshAuthentication development configuration
config :mv, :session_identifier, :jti

7
config/runtime.exs
View file

@ -129,8 +129,7 @@ if config_env() == :prod do
config :mv, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
# OIDC configuration (works with any OIDC provider: Authentik, Rauthy, Keycloak, etc.)
# Note: The strategy is named :rauthy internally, but works with any OIDC provider.
# The redirect_uri callback path is always /auth/user/rauthy/callback regardless of provider.
# The redirect_uri callback path is /auth/user/oidc/callback.
#
# Supports OIDC_CLIENT_SECRET or OIDC_CLIENT_SECRET_FILE for Docker secrets.
# OIDC_CLIENT_SECRET is required only if OIDC is being used (indicated by explicit OIDC env vars).
@ -150,9 +149,9 @@ if config_env() == :prod do
# Build redirect_uri: use OIDC_REDIRECT_URI if set, otherwise build from host.
# Uses HTTPS since production runs behind TLS termination.
default_redirect_uri = "https://#{host}/auth/user/rauthy/callback"
default_redirect_uri = "https://#{host}/auth/user/oidc/callback"
config :mv, :rauthy,
config :mv, :oidc,
client_id: oidc_client_id || "mv",
base_url: oidc_base_url || "http://localhost:8080/auth/v1",
client_secret: client_secret,