From d37fc03a374ecea6f2edc6e25bbaa07e8493f847 Mon Sep 17 00:00:00 2001 From: Moritz Date: Wed, 4 Feb 2026 18:02:59 +0100 Subject: [PATCH] Fix: load OIDC role sync config from ENV in all environments OIDC_ADMIN_GROUP_NAME and OIDC_GROUPS_CLAIM were only set in prod block; in dev admin_group was nil so role sync never ran. Move config outside prod block so dev/test get ENV values. --- config/runtime.exs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/config/runtime.exs b/config/runtime.exs index b0079ef..f1df5b7 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -89,6 +89,11 @@ if System.get_env("PHX_SERVER") do config :mv, MvWeb.Endpoint, server: true end +# OIDC group → Admin role sync: read from ENV in all environments (dev/test/prod) +config :mv, :oidc_role_sync, + admin_group_name: System.get_env("OIDC_ADMIN_GROUP_NAME"), + groups_claim: System.get_env("OIDC_GROUPS_CLAIM") || "groups" + if config_env() == :prod do database_url = build_database_url.() @@ -153,11 +158,6 @@ if config_env() == :prod do client_secret: client_secret, redirect_uri: System.get_env("OIDC_REDIRECT_URI") || default_redirect_uri - # OIDC group → Admin role sync (optional). Groups claim default "groups". - config :mv, :oidc_role_sync, - admin_group_name: System.get_env("OIDC_ADMIN_GROUP_NAME"), - groups_claim: System.get_env("OIDC_GROUPS_CLAIM") || "groups" - # Token signing secret from environment variable # This overrides the placeholder value set in prod.exs # Supports TOKEN_SIGNING_SECRET or TOKEN_SIGNING_SECRET_FILE for Docker secrets.