local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 59 Pull requests 3 Projects 2 Releases Packages 1 Activity Actions

feat: OIDC configuration in global Settings (ENV or DB)

Browse source 
- Add oidc_* attributes to Setting, migration and Config helpers
- Secrets and OidcRoleSyncConfig read from Config (ENV overrides DB)
- GlobalSettingsLive: OIDC section with disabled fields when ENV set
- OIDC role sync tests use DataCase for DB access
This commit is contained in:
Moritz 2026-02-24 13:55:19 +01:00
parent f29bbb02a2
commit 8edbbac95f
Signed by: moritz
GPG key ID: 1020A035E5DD0824
8 changed files with 487 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

16
lib/mv/oidc_role_sync_config.ex
View file

@ -2,23 +2,19 @@ defmodule Mv.OidcRoleSyncConfig do
@moduledoc """
Runtime configuration for OIDC group role sync (e.g. admin group Admin role).
Reads from Application config `:mv, :oidc_role_sync`:
- `:admin_group_name` OIDC group name that maps to Admin role (optional; when nil, no sync).
- `:groups_claim` JWT/user_info claim name for groups (default: `"groups"`).
Reads from Mv.Config (ENV first, then Settings):
- `oidc_admin_group_name/0` OIDC group name that maps to Admin role (optional; when nil, no sync).
- `oidc_groups_claim/0` JWT/user_info claim name for groups (default: `"groups"`).
Set via ENV in production: OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM (see config/runtime.exs).
Set via ENV: OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM; or via Settings (Basic settings OIDC).
"""
@doc "Returns the OIDC group name that maps to Admin role, or nil if not configured."
def oidc_admin_group_name do
get(:admin_group_name)
Mv.Config.oidc_admin_group_name()
end
@doc "Returns the JWT/user_info claim name for groups; defaults to \"groups\"."
def oidc_groups_claim do
get(:groups_claim) || "groups"
end
defp get(key) do
Application.get_env(:mv, :oidc_role_sync, []) |> Keyword.get(key)
Mv.Config.oidc_groups_claim() || "groups"
end
end