feaut(oicd_provider): added oicd provider rauthy and strategy for authentication

2025-06-18 09:31:47 +02:00 · 2025-06-18 09:31:47 +02:00 · a6fcaa1640
commit a6fcaa1640
parent 192ceaed45
8 changed files with 147 additions and 241 deletions
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@ -21,6 +21,22 @@ defmodule Mv.Accounts.User do
    end

    strategies do
+      oidc :rauthy do
+          client_id "mv"
+          base_url "http://localhost:8080/auth/v1"
+          redirect_uri "http://localhost:4000/auth/user/rauthy/callback"
+          auth_method :client_secret_jwt
+          #id_token_signed_response_alg "EdDSA"
+          #user_url "http://localhost:8080/auth/v1/oidc/userinfo"
+          #token_url "http://localhost:8080/auth/v1/oidc/token"
+          #authorize_url "http://localhost:8080/auth/v1/oidc/authorize"
+          registration_enabled? false
+          code_verifier true
+          client_secret fn _, _ ->
+            Application.fetch_env(:mv, :oicd_client_secret)
+        end
+      end
+
      password :password do
        identity_field :email
        hash_provider AshAuthentication.BcryptProvider
@ -39,21 +55,23 @@ defmodule Mv.Accounts.User do
      prepare AshAuthentication.Preparations.FilterBySubject
    end

-    # read :sign_in_with_example do
-    #   argument :user_info, :map, allow_nil?: false
-    #   argument :oauth_tokens, :map, allow_nil?: false
-    #   prepare AshAuthentication.Strategy.OAuth2.SignInPreparation
+    read :sign_in_with_rauthy do
+      argument :user_info, :map, allow_nil?: false
+      argument :oauth_tokens, :map, allow_nil?: false
+      prepare AshAuthentication.Strategy.OAuth2.SignInPreparation

-    #   filter expr(email == get_path(^arg(:user_info), [:email]))
-    # end
+      filter expr(email == get_path(^arg(:user_info), [:email]))
+    end
  end

+  ## TODO: registration ergänzen, seed rausnehmen, oidc_id aus user_info map holen
+
  attributes do
    uuid_primary_key :id

    attribute :email, :ci_string, allow_nil?: false, public?: true
    attribute :hashed_password, :string, sensitive?: true, allow_nil?: true
-    attribute :oicd_id, :string, allow_nil?: true
+    attribute :oidc_id, :string, allow_nil?: true
  end

  relationships do
@ -62,6 +80,7 @@ defmodule Mv.Accounts.User do

  identities do
    identity :unique_email, [:email]
+    identity :unique_oidc_id, [:oidc_id]
  end

  # You can customize this if you wish, but this is a safe default that