Rename OIDC strategy from :rauthy to :oidc, update callback path
- Rename AshAuthentication strategy from :oidc :rauthy to :oidc :oidc; generated actions are now register_with_oidc / sign_in_with_oidc. - Update config keys (:rauthy → :oidc) in dev.exs and runtime.exs. - Update default_redirect_uri to /auth/user/oidc/callback everywhere. - Rename Mv.Accounts helper functions accordingly. - Update Mv.Secrets, AuthController, link_oidc_account_live and all tests. - Update docker-compose.prod.yml, .env.example, README and docs. IMPORTANT: OIDC providers must be updated to use the new redirect URI /auth/user/oidc/callback instead of /auth/user/rauthy/callback.
This commit is contained in:
parent
c637b6b84f
commit
339d37937a
GPG key ID:
1020A035E5DD0824
25 changed files with 134 additions and 135 deletions
|
|
@ -9,7 +9,7 @@ defmodule Mv.Accounts do
|
|||
## Public API
|
||||
The domain exposes these main actions:
|
||||
- User CRUD: `create_user/1`, `list_users/0`, `update_user/2`, `destroy_user/1`
|
||||
- Authentication: `create_register_with_rauthy/1`, `read_sign_in_with_rauthy/1`
|
||||
- Authentication: `create_register_with_oidc/1`, `read_sign_in_with_oidc/1`
|
||||
"""
|
||||
use Ash.Domain,
|
||||
extensions: [AshAdmin.Domain, AshPhoenix]
|
||||
|
|
@ -24,8 +24,8 @@ defmodule Mv.Accounts do
|
|||
define :list_users, action: :read
|
||||
define :update_user, action: :update_user
|
||||
define :destroy_user, action: :destroy
|
||||
define :create_register_with_rauthy, action: :register_with_rauthy
|
||||
define :read_sign_in_with_rauthy, action: :sign_in_with_rauthy
|
||||
define :create_register_with_oidc, action: :register_with_oidc
|
||||
define :read_sign_in_with_oidc, action: :sign_in_with_oidc
|
||||
end
|
||||
|
||||
resource Mv.Accounts.Token
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ defmodule Mv.Accounts.User do
|
|||
|
||||
@doc """
|
||||
AshAuthentication specific: Defines the strategies we want to use for authentication.
|
||||
Currently password and SSO with Rauthy as OIDC provider
|
||||
Currently password and SSO via OIDC (supports any provider: Authentik, Rauthy, Keycloak, etc.)
|
||||
"""
|
||||
authentication do
|
||||
session_identifier Application.compile_env!(:mv, :session_identifier)
|
||||
|
|
@ -52,7 +52,7 @@ defmodule Mv.Accounts.User do
|
|||
end
|
||||
|
||||
strategies do
|
||||
oidc :rauthy do
|
||||
oidc :oidc do
|
||||
client_id Mv.Secrets
|
||||
base_url Mv.Secrets
|
||||
redirect_uri Mv.Secrets
|
||||
|
|
@ -88,7 +88,7 @@ defmodule Mv.Accounts.User do
|
|||
# Always use one of these explicit create actions instead:
|
||||
# - :create_user (for manual user creation with optional member link)
|
||||
# - :register_with_password (for password-based registration)
|
||||
# - :register_with_rauthy (for OIDC-based registration)
|
||||
# - :register_with_oidc (for OIDC-based registration)
|
||||
defaults [:read]
|
||||
|
||||
destroy :destroy do
|
||||
|
|
@ -267,7 +267,7 @@ defmodule Mv.Accounts.User do
|
|||
prepare AshAuthentication.Preparations.FilterBySubject
|
||||
end
|
||||
|
||||
read :sign_in_with_rauthy do
|
||||
read :sign_in_with_oidc do
|
||||
# Single record expected; required for AshAuthentication OAuth2 strategy (returns list of 0 or 1).
|
||||
get? true
|
||||
argument :user_info, :map, allow_nil?: false
|
||||
|
|
@ -302,7 +302,7 @@ defmodule Mv.Accounts.User do
|
|||
end)
|
||||
end
|
||||
|
||||
create :register_with_rauthy do
|
||||
create :register_with_oidc do
|
||||
argument :user_info, :map, allow_nil?: false
|
||||
argument :oauth_tokens, :map, allow_nil?: false
|
||||
upsert? true
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue