Rename OIDC strategy from :rauthy to :oidc, update callback path
- Rename AshAuthentication strategy from :oidc :rauthy to :oidc :oidc; generated actions are now register_with_oidc / sign_in_with_oidc. - Update config keys (:rauthy → :oidc) in dev.exs and runtime.exs. - Update default_redirect_uri to /auth/user/oidc/callback everywhere. - Rename Mv.Accounts helper functions accordingly. - Update Mv.Secrets, AuthController, link_oidc_account_live and all tests. - Update docker-compose.prod.yml, .env.example, README and docs. IMPORTANT: OIDC providers must be updated to use the new redirect URI /auth/user/oidc/callback instead of /auth/user/rauthy/callback.
This commit is contained in:
parent
c637b6b84f
commit
339d37937a
GPG key ID:
1020A035E5DD0824
25 changed files with 134 additions and 135 deletions
|
|
@ -48,8 +48,8 @@ defmodule MvWeb.AuthController do
|
|||
log_failure_safely(activity, reason)
|
||||
|
||||
case {activity, reason} do
|
||||
{{:rauthy, _action}, reason} ->
|
||||
handle_rauthy_failure(conn, reason)
|
||||
{{:oidc, _action}, reason} ->
|
||||
handle_oidc_failure(conn, reason)
|
||||
|
||||
{_, %AshAuthentication.Errors.AuthenticationFailed{caused_by: caused_by}} ->
|
||||
handle_authentication_failed(conn, caused_by)
|
||||
|
|
@ -61,8 +61,8 @@ defmodule MvWeb.AuthController do
|
|||
end
|
||||
end
|
||||
|
||||
# Log authentication failures safely, avoiding sensitive data for {:rauthy, _} activities
|
||||
defp log_failure_safely({:rauthy, _action} = activity, reason) do
|
||||
# Log authentication failures safely, avoiding sensitive data for {:oidc, _} activities
|
||||
defp log_failure_safely({:oidc, _action} = activity, reason) do
|
||||
# For Assent errors, use safe_assent_meta to avoid logging tokens/URLs with query params
|
||||
case reason do
|
||||
%Assent.ServerUnreachableError{} = err ->
|
||||
|
|
@ -76,7 +76,7 @@ defmodule MvWeb.AuthController do
|
|||
Logger.warning(message)
|
||||
|
||||
_ ->
|
||||
# For other rauthy errors, log only error type, not full details
|
||||
# For other OIDC errors, log only error type, not full details
|
||||
error_type = get_error_type(reason)
|
||||
|
||||
Logger.warning(
|
||||
|
|
@ -86,7 +86,7 @@ defmodule MvWeb.AuthController do
|
|||
end
|
||||
|
||||
defp log_failure_safely(activity, reason) do
|
||||
# For non-rauthy activities, safe to log full reason
|
||||
# For non-OIDC activities, safe to log full reason
|
||||
Logger.warning(
|
||||
"Authentication failure - Activity: #{inspect(activity)}, Reason: #{inspect(reason)}"
|
||||
)
|
||||
|
|
@ -119,12 +119,12 @@ defmodule MvWeb.AuthController do
|
|||
if Enum.empty?(parts), do: "", else: " - " <> Enum.join(parts, ", ")
|
||||
end
|
||||
|
||||
# Handle all Rauthy (OIDC) authentication failures
|
||||
defp handle_rauthy_failure(conn, %Ash.Error.Invalid{errors: errors}) do
|
||||
# Handle all OIDC authentication failures
|
||||
defp handle_oidc_failure(conn, %Ash.Error.Invalid{errors: errors}) do
|
||||
handle_oidc_email_collision(conn, errors)
|
||||
end
|
||||
|
||||
defp handle_rauthy_failure(conn, %AshAuthentication.Errors.AuthenticationFailed{
|
||||
defp handle_oidc_failure(conn, %AshAuthentication.Errors.AuthenticationFailed{
|
||||
caused_by: caused_by
|
||||
}) do
|
||||
case caused_by do
|
||||
|
|
@ -139,7 +139,7 @@ defmodule MvWeb.AuthController do
|
|||
end
|
||||
|
||||
# Handle Assent server unreachable errors (network/connectivity issues)
|
||||
defp handle_rauthy_failure(conn, %Assent.ServerUnreachableError{} = _err) do
|
||||
defp handle_oidc_failure(conn, %Assent.ServerUnreachableError{} = _err) do
|
||||
# Logging already done safely in failure/3 via log_failure_safely/2
|
||||
# No need to log again here to avoid duplicate logs
|
||||
|
||||
|
|
@ -152,7 +152,7 @@ defmodule MvWeb.AuthController do
|
|||
end
|
||||
|
||||
# Handle Assent invalid response errors (configuration or malformed responses)
|
||||
defp handle_rauthy_failure(conn, %Assent.InvalidResponseError{} = _err) do
|
||||
defp handle_oidc_failure(conn, %Assent.InvalidResponseError{} = _err) do
|
||||
# Logging already done safely in failure/3 via log_failure_safely/2
|
||||
# No need to log again here to avoid duplicate logs
|
||||
|
||||
|
|
@ -165,7 +165,7 @@ defmodule MvWeb.AuthController do
|
|||
end
|
||||
|
||||
# Catch-all clause for any other error types
|
||||
defp handle_rauthy_failure(conn, _reason) do
|
||||
defp handle_oidc_failure(conn, _reason) do
|
||||
# Logging already done safely in failure/3 via log_failure_safely/2
|
||||
# No need to log again here to avoid duplicate logs
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue