Rename OIDC strategy from :rauthy to :oidc, update callback path

- Rename AshAuthentication strategy from :oidc :rauthy to :oidc :oidc; generated actions are now register_with_oidc / sign_in_with_oidc. - Update config keys (:rauthy → :oidc) in dev.exs and runtime.exs. - Update default_redirect_uri to /auth/user/oidc/callback everywhere. - Rename Mv.Accounts helper functions accordingly. - Update Mv.Secrets, AuthController, link_oidc_account_live and all tests. - Update docker-compose.prod.yml, .env.example, README and docs. IMPORTANT: OIDC providers must be updated to use the new redirect URI /auth/user/oidc/callback instead of /auth/user/rauthy/callback.
2026-02-24 10:34:36 +01:00 · 2026-02-24 10:34:36 +01:00 · 339d37937a
commit 339d37937a
parent c637b6b84f
25 changed files with 134 additions and 135 deletions
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@ -28,7 +28,7 @@ defmodule Mv.Accounts.User do

  @doc """
  AshAuthentication specific: Defines the strategies we want to use for authentication.
-  Currently password and SSO with Rauthy as OIDC provider
+  Currently password and SSO via OIDC (supports any provider: Authentik, Rauthy, Keycloak, etc.)
  """
  authentication do
    session_identifier Application.compile_env!(:mv, :session_identifier)
@ -52,7 +52,7 @@ defmodule Mv.Accounts.User do
    end

    strategies do
-      oidc :rauthy do
+      oidc :oidc do
        client_id Mv.Secrets
        base_url Mv.Secrets
        redirect_uri Mv.Secrets
@ -88,7 +88,7 @@ defmodule Mv.Accounts.User do
    #       Always use one of these explicit create actions instead:
    #       - :create_user (for manual user creation with optional member link)
    #       - :register_with_password (for password-based registration)
-    #       - :register_with_rauthy (for OIDC-based registration)
+    #       - :register_with_oidc (for OIDC-based registration)
    defaults [:read]

    destroy :destroy do
@ -267,7 +267,7 @@ defmodule Mv.Accounts.User do
      prepare AshAuthentication.Preparations.FilterBySubject
    end

-    read :sign_in_with_rauthy do
+    read :sign_in_with_oidc do
      # Single record expected; required for AshAuthentication OAuth2 strategy (returns list of 0 or 1).
      get? true
      argument :user_info, :map, allow_nil?: false
@ -302,7 +302,7 @@ defmodule Mv.Accounts.User do
              end)
    end

-    create :register_with_rauthy do
+    create :register_with_oidc do
      argument :user_info, :map, allow_nil?: false
      argument :oauth_tokens, :map, allow_nil?: false
      upsert? true