feat(secrets): updated as recommended in ashauthentication docs

2025-06-20 08:54:11 +02:00 · 2025-06-20 08:54:11 +02:00 · 565aaddd94
commit 565aaddd94
parent 7bfde5e230
3 changed files with 35 additions and 10 deletions
--- a/config/dev.exs
+++ b/config/dev.exs
@ -90,6 +90,8 @@ config :mv, :secret_key_base, "ryn7D6ssmIHQFWIks2sFiTGATgwwAR1+3bN8p7fy6qVtB8qnx
 # Signing Secret for Authentication
 config :mv, :token_signing_secret, "IwUwi65TrEeExwBXXFPGm2I7889NsL"

-config :mv,
-       :oicd_client_secret,
-       "auhoZABKjohxhmeVCIDzMMUkBOtDQjPKiQiFQwmIogfaPPvBOeqtvnEJuTYIWcIc"
+config :mv, :rauthy,
+  client_id: "mv",
+  base_url: "http://localhost:8080/auth/v1",
+  client_secret: "GWGkEWBLRAzZruXhipQKSjeaOtwZtKdETBABHLAXVoqrhsJoXUOsIDfNVOXCQUEv",
+  redirect_uri: "http://localhost:4000/auth/user/rauthy/callback"
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@ -32,15 +32,12 @@ defmodule Mv.Accounts.User do

    strategies do
      oidc :rauthy do
-        client_id "mv"
-        base_url "http://localhost:8080/auth/v1"
-        redirect_uri "http://localhost:4000/auth/user/rauthy/callback"
+        client_id Mv.Secrets
+        base_url Mv.Secrets
+        redirect_uri Mv.Secrets
+        client_secret Mv.Secrets
        auth_method :client_secret_jwt
        code_verifier true
-
-        client_secret fn _, _ ->
-          Application.fetch_env(:mv, :oicd_client_secret)
-        end
      end

      password :password do
--- a/lib/mv/secrets.ex
+++ b/lib/mv/secrets.ex
@ -0,0 +1,26 @@
+defmodule Mv.Secrets do
+  use AshAuthentication.Secret
+
+  def secret_for([:authentication, :strategies, :rauthy, :client_id], Mv.Accounts.User, _opts, _meth) do
+    get_config(:client_id)
+  end
+
+  def secret_for([:authentication, :strategies, :rauthy, :redirect_uri], Mv.Accounts.User, _opts, _meth) do
+    get_config(:redirect_uri)
+  end
+
+  def secret_for([:authentication, :strategies, :rauthy, :client_secret], Mv.Accounts.User, _opts, _meth) do
+    get_config(:client_secret)
+  end
+
+  def secret_for([:authentication, :strategies, :rauthy, :base_url], Mv.Accounts.User, _opts, _meth) do
+    get_config(:base_url)
+  end
+
+  defp get_config(key) do
+    :mv
+    |> Application.fetch_env!(:rauthy)
+    |> Keyword.fetch!(key)
+    |> then(&{:ok, &1})
+  end
+end