refactor(oidc): drop OidcRoleSyncConfig passthrough and use Mv.Config directly
This commit is contained in:
parent
c4a695329c
commit
924dbd3bb8
4 changed files with 5 additions and 84 deletions
|
|
@ -4,7 +4,7 @@ defmodule Mv.OidcRoleSync do
|
|||
|
||||
Used after OIDC registration (register_with_oidc) and on sign-in so that
|
||||
users in the configured admin group get the Admin role; others get Mitglied.
|
||||
Configure via OIDC_ADMIN_GROUP_NAME and OIDC_GROUPS_CLAIM (see OidcRoleSyncConfig).
|
||||
Configure via OIDC_ADMIN_GROUP_NAME and OIDC_GROUPS_CLAIM (see Mv.Config).
|
||||
|
||||
Groups are read from user_info (ID token claims) first; if missing or empty,
|
||||
the access_token from oauth_tokens is decoded as JWT and the groups claim is
|
||||
|
|
@ -23,7 +23,7 @@ defmodule Mv.OidcRoleSync do
|
|||
"""
|
||||
alias Mv.Accounts.User
|
||||
alias Mv.Authorization.Role
|
||||
alias Mv.OidcRoleSyncConfig
|
||||
alias Mv.Config
|
||||
|
||||
@doc """
|
||||
Applies Admin or Mitglied role to the user based on OIDC groups claim.
|
||||
|
|
@ -38,12 +38,12 @@ defmodule Mv.OidcRoleSync do
|
|||
@spec apply_admin_role_from_user_info(User.t(), map(), map() | nil) :: :ok
|
||||
def apply_admin_role_from_user_info(user, user_info, oauth_tokens \\ nil)
|
||||
when is_map(user_info) do
|
||||
admin_group = OidcRoleSyncConfig.oidc_admin_group_name()
|
||||
admin_group = Config.oidc_admin_group_name()
|
||||
|
||||
if is_nil(admin_group) or admin_group == "" do
|
||||
:ok
|
||||
else
|
||||
claim = OidcRoleSyncConfig.oidc_groups_claim()
|
||||
claim = Config.oidc_groups_claim()
|
||||
groups = groups_from_user_info(user_info, claim)
|
||||
|
||||
groups =
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
defmodule Mv.OidcRoleSyncConfig do
|
||||
@moduledoc """
|
||||
Runtime configuration for OIDC group → role sync (e.g. admin group → Admin role).
|
||||
|
||||
Reads from Mv.Config (ENV first, then Settings):
|
||||
- `oidc_admin_group_name/0` – OIDC group name that maps to Admin role (optional; when nil, no sync).
|
||||
- `oidc_groups_claim/0` – JWT/user_info claim name for groups (default: `"groups"`).
|
||||
|
||||
Set via ENV: OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM; or via Settings (Basic settings → OIDC).
|
||||
"""
|
||||
@doc "Returns the OIDC group name that maps to Admin role, or nil if not configured."
|
||||
def oidc_admin_group_name do
|
||||
Mv.Config.oidc_admin_group_name()
|
||||
end
|
||||
|
||||
@doc "Returns the JWT/user_info claim name for groups; defaults to \"groups\"."
|
||||
def oidc_groups_claim do
|
||||
Mv.Config.oidc_groups_claim()
|
||||
end
|
||||
end
|
||||
Loading…
Add table
Add a link
Reference in a new issue