Merge branch 'main' into feat/299_plz

2026-02-24 16:02:56 +01:00 · 2026-02-24 16:02:56 +01:00 · bfc078d5aa
commit bfc078d5aa
parent c62b105518 d060486d0d
45 changed files with 2187 additions and 425 deletions
--- a/lib/membership/setting.ex
+++ b/lib/membership/setting.ex
@ -79,7 +79,14 @@ defmodule Mv.Membership.Setting do
        :vereinfacht_api_url,
        :vereinfacht_api_key,
        :vereinfacht_club_id,
-        :vereinfacht_app_url
+        :vereinfacht_app_url,
+        :oidc_client_id,
+        :oidc_base_url,
+        :oidc_redirect_uri,
+        :oidc_client_secret,
+        :oidc_admin_group_name,
+        :oidc_groups_claim,
+        :oidc_only
      ]
    end

@ -96,7 +103,14 @@ defmodule Mv.Membership.Setting do
        :vereinfacht_api_url,
        :vereinfacht_api_key,
        :vereinfacht_club_id,
-        :vereinfacht_app_url
+        :vereinfacht_app_url,
+        :oidc_client_id,
+        :oidc_base_url,
+        :oidc_redirect_uri,
+        :oidc_client_secret,
+        :oidc_admin_group_name,
+        :oidc_groups_claim,
+        :oidc_only
      ]
    end

@ -322,6 +336,52 @@ defmodule Mv.Membership.Setting do
      description "Vereinfacht app base URL for contact view links (e.g. https://app.verein.visuel.dev)"
    end

+    # OIDC authentication (can be overridden by ENV)
+    attribute :oidc_client_id, :string do
+      allow_nil? true
+      public? true
+      description "OIDC client ID (e.g. from OIDC_CLIENT_ID)"
+    end
+
+    attribute :oidc_base_url, :string do
+      allow_nil? true
+      public? true
+      description "OIDC provider base URL (e.g. from OIDC_BASE_URL)"
+    end
+
+    attribute :oidc_redirect_uri, :string do
+      allow_nil? true
+      public? true
+      description "OIDC redirect URI for callback (e.g. from OIDC_REDIRECT_URI)"
+    end
+
+    attribute :oidc_client_secret, :string do
+      allow_nil? true
+      public? false
+      description "OIDC client secret (e.g. from OIDC_CLIENT_SECRET)"
+      sensitive? true
+    end
+
+    attribute :oidc_admin_group_name, :string do
+      allow_nil? true
+      public? true
+      description "OIDC group name that maps to Admin role (e.g. from OIDC_ADMIN_GROUP_NAME)"
+    end
+
+    attribute :oidc_groups_claim, :string do
+      allow_nil? true
+      public? true
+      description "JWT claim name for group list (e.g. from OIDC_GROUPS_CLAIM, default 'groups')"
+    end
+
+    attribute :oidc_only, :boolean do
+      allow_nil? false
+      default false
+      public? true
+
+      description "When true and OIDC is configured, sign-in shows only OIDC (password login hidden)"
+    end
+
    timestamps()
  end