refactor(oidc): drop OidcRoleSyncConfig passthrough and use Mv.Config directly

This commit is contained in:
Moritz 2026-06-16 14:52:34 +02:00 committed by moritz
parent c4a695329c
commit 924dbd3bb8
4 changed files with 5 additions and 84 deletions

View file

@ -4,7 +4,7 @@ defmodule Mv.OidcRoleSync do
Used after OIDC registration (register_with_oidc) and on sign-in so that
users in the configured admin group get the Admin role; others get Mitglied.
Configure via OIDC_ADMIN_GROUP_NAME and OIDC_GROUPS_CLAIM (see OidcRoleSyncConfig).
Configure via OIDC_ADMIN_GROUP_NAME and OIDC_GROUPS_CLAIM (see Mv.Config).
Groups are read from user_info (ID token claims) first; if missing or empty,
the access_token from oauth_tokens is decoded as JWT and the groups claim is
@ -23,7 +23,7 @@ defmodule Mv.OidcRoleSync do
"""
alias Mv.Accounts.User
alias Mv.Authorization.Role
alias Mv.OidcRoleSyncConfig
alias Mv.Config
@doc """
Applies Admin or Mitglied role to the user based on OIDC groups claim.
@ -38,12 +38,12 @@ defmodule Mv.OidcRoleSync do
@spec apply_admin_role_from_user_info(User.t(), map(), map() | nil) :: :ok
def apply_admin_role_from_user_info(user, user_info, oauth_tokens \\ nil)
when is_map(user_info) do
admin_group = OidcRoleSyncConfig.oidc_admin_group_name()
admin_group = Config.oidc_admin_group_name()
if is_nil(admin_group) or admin_group == "" do
:ok
else
claim = OidcRoleSyncConfig.oidc_groups_claim()
claim = Config.oidc_groups_claim()
groups = groups_from_user_info(user_info, claim)
groups =