Rename OIDC strategy from :rauthy to :oidc, update callback path

- Rename AshAuthentication strategy from :oidc :rauthy to :oidc :oidc; generated actions are now register_with_oidc / sign_in_with_oidc. - Update config keys (:rauthy → :oidc) in dev.exs and runtime.exs. - Update default_redirect_uri to /auth/user/oidc/callback everywhere. - Rename Mv.Accounts helper functions accordingly. - Update Mv.Secrets, AuthController, link_oidc_account_live and all tests. - Update docker-compose.prod.yml, .env.example, README and docs. IMPORTANT: OIDC providers must be updated to use the new redirect URI /auth/user/oidc/callback instead of /auth/user/rauthy/callback.
2026-02-24 10:34:36 +01:00 · 2026-02-24 10:34:36 +01:00 · 339d37937a
commit 339d37937a
parent c637b6b84f
25 changed files with 134 additions and 135 deletions
--- a/test/mv_web/controllers/auth_controller_test.exs
+++ b/test/mv_web/controllers/auth_controller_test.exs
@ -254,7 +254,7 @@ defmodule MvWeb.AuthControllerTest do
  end

  # OIDC/Rauthy error handling tests
-  describe "handle_rauthy_failure/2" do
+  describe "handle_oidc_failure/2" do
    test "Assent.ServerUnreachableError redirects to sign-in with error flash", %{
      conn: authenticated_conn
    } do
@ -266,7 +266,7 @@ defmodule MvWeb.AuthControllerTest do
        reason: %Mint.TransportError{reason: :econnrefused}
      }

-      conn = MvWeb.AuthController.failure(conn, {:rauthy, :callback}, error)
+      conn = MvWeb.AuthController.failure(conn, {:oidc, :callback}, error)

      assert redirected_to(conn) == ~p"/sign-in"

@ -288,7 +288,7 @@ defmodule MvWeb.AuthControllerTest do
        }
      }

-      conn = MvWeb.AuthController.failure(conn, {:rauthy, :callback}, error)
+      conn = MvWeb.AuthController.failure(conn, {:oidc, :callback}, error)

      assert redirected_to(conn) == ~p"/sign-in"

@ -302,7 +302,7 @@ defmodule MvWeb.AuthControllerTest do
      conn = build_unauthenticated_conn(authenticated_conn)
      unknown_reason = :oops

-      conn = MvWeb.AuthController.failure(conn, {:rauthy, :callback}, unknown_reason)
+      conn = MvWeb.AuthController.failure(conn, {:oidc, :callback}, unknown_reason)

      assert redirected_to(conn) == ~p"/sign-in"

@ -326,7 +326,7 @@ defmodule MvWeb.AuthControllerTest do

      log =
        capture_log(fn ->
-          MvWeb.AuthController.failure(conn, {:rauthy, :callback}, error)
+          MvWeb.AuthController.failure(conn, {:oidc, :callback}, error)
        end)

      # Should log redacted URL (only scheme and host)
@ -352,17 +352,17 @@ defmodule MvWeb.AuthControllerTest do

      log =
        capture_log(fn ->
-          MvWeb.AuthController.failure(conn, {:rauthy, :callback}, error)
+          MvWeb.AuthController.failure(conn, {:oidc, :callback}, error)
        end)

      # Should log error type but not full error details
      assert log =~ "Authentication failure"
-      assert log =~ "rauthy"
+      assert log =~ "oidc"
      # Should not log full error struct with inspect
      refute log =~ "Assent.InvalidResponseError"
    end

-    test "does not log full reason for unknown rauthy errors", %{
+    test "does not log full reason for unknown OIDC errors", %{
      conn: authenticated_conn
    } do
      conn = build_unauthenticated_conn(authenticated_conn)
@ -375,19 +375,19 @@ defmodule MvWeb.AuthControllerTest do

      log =
        capture_log(fn ->
-          MvWeb.AuthController.failure(conn, {:rauthy, :callback}, error_with_sensitive_data)
+          MvWeb.AuthController.failure(conn, {:oidc, :callback}, error_with_sensitive_data)
        end)

      # Should log error type but not full error details
      assert log =~ "Authentication failure"
-      assert log =~ "rauthy"
+      assert log =~ "oidc"
      # Should NOT log sensitive data
      refute log =~ "secret_token_123"
      refute log =~ "access_token=abc123"
      refute log =~ "callback?access_token"
    end

-    test "logs full reason for non-rauthy activities (password auth)", %{
+    test "logs full reason for non-OIDC activities (password auth)", %{
      conn: authenticated_conn
    } do
      conn = build_unauthenticated_conn(authenticated_conn)
@ -401,7 +401,7 @@ defmodule MvWeb.AuthControllerTest do
          MvWeb.AuthController.failure(conn, {:password, :sign_in}, reason)
        end)

-      # For non-rauthy activities, full reason is safe to log
+      # For non-OIDC activities, full reason is safe to log
      assert log =~ "Authentication failure"
      assert log =~ "password"
      assert log =~ "AuthenticationFailed"