local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 60 Pull requests 4 Projects 2 Releases Packages 1 Activity Actions

feat: rename OIDC strategy, fix sidebar, UI improvements closes #271 #444

Merged
moritz merged 12 commits from feat/ux_polishment into main 2026-02-24 13:05:11 +01:00
Conversation 0 Commits 12 Files changed 36 +8 -8
4 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 12419c5237 - Show all commits

8
CODE_GUIDELINES.md
View file

@ -983,9 +983,9 @@ defmodule Mv.Accounts.User do
hashed_password_field :hashed_password hashed_password_field :hashed_password
end end
oauth2 :rauthy do oidc :oidc do
client_id fn _, _ -> client_id fn _, _ ->
Application.fetch_env!(:mv, :rauthy)[:client_id] Application.fetch_env!(:mv, :oidc)[:client_id]
end end
# ... other config # ... other config
end end
@ -1866,7 +1866,7 @@ authentication do
hashed_password_field :hashed_password hashed_password_field :hashed_password
end end
oauth2 :rauthy do oidc :oidc do
# OIDC configuration # OIDC configuration
end end
end end
@ -2093,7 +2093,7 @@ plug :protect_from_forgery
```elixir ```elixir
# config/runtime.exs # config/runtime.exs
config :mv, :rauthy, config :mv, :oidc,
client_id: System.get_env("OIDC_CLIENT_ID") || "mv", client_id: System.get_env("OIDC_CLIENT_ID") || "mv",
client_secret: System.get_env("OIDC_CLIENT_SECRET"), client_secret: System.get_env("OIDC_CLIENT_SECRET"),
base_url: System.get_env("OIDC_BASE_URL") base_url: System.get_env("OIDC_BASE_URL")

2
README.md
View file

@ -153,7 +153,7 @@ Now you can log in to Mila via OIDC!
### OIDC with other providers (Authentik, Keycloak, etc.) ### OIDC with other providers (Authentik, Keycloak, etc.)
Mila works with any OIDC-compliant provider. The internal strategy is named `:rauthy`, but this is just a name — it works with any provider. Mila works with any OIDC-compliant provider. The internal strategy is named `:oidc` — it works with any OIDC-compliant provider.
**Important:** The redirect URI must always end with `/auth/user/oidc/callback`. **Important:** The redirect URI must always end with `/auth/user/oidc/callback`.

4
docs/feature-roadmap.md
View file

@ -515,9 +515,9 @@ Since this is a **Phoenix LiveView** application with **Ash Framework**, we have
| Resource | Action | Purpose | Auth | Input | Output | | Resource | Action | Purpose | Auth | Input | Output |
|----------|--------|---------|------|-------|--------| |----------|--------|---------|------|-------|--------|
| `User` | `:sign_in_with_password` | Password authentication | 🔓 | `{email, password}` | `{:ok, user}` or `{:error, reason}` | | `User` | `:sign_in_with_password` | Password authentication | 🔓 | `{email, password}` | `{:ok, user}` or `{:error, reason}` |
| `User` | `:sign_in_with_rauthy` | OIDC authentication | 🔓 | `{oidc_id, email, user_info}` | `{:ok, user}` or `{:error, reason}` | | `User` | `:sign_in_with_oidc` | OIDC authentication | 🔓 | `{oidc_id, email, user_info}` | `{:ok, user}` or `{:error, reason}` |
| `User` | `:register_with_password` | Create user with password | 🔓 | `{email, password}` | `{:ok, user}` | | `User` | `:register_with_password` | Create user with password | 🔓 | `{email, password}` | `{:ok, user}` |
| `User` | `:register_with_rauthy` | Create user via OIDC | 🔓 | `{oidc_id, email}` | `{:ok, user}` | | `User` | `:register_with_oidc` | Create user via OIDC | 🔓 | `{oidc_id, email}` | `{:ok, user}` |
| `User` | `:request_password_reset` | Generate reset token | 🔓 | `{email}` | `{:ok, token}` | | `User` | `:request_password_reset` | Generate reset token | 🔓 | `{email}` | `{:ok, token}` |
| `User` | `:reset_password` | Reset password with token | 🔓 | `{token, password}` | `{:ok, user}` | | `User` | `:reset_password` | Reset password with token | 🔓 | `{token, password}` | `{:ok, user}` |
| `Token` | `:revoke` | Revoke authentication token | 🔐 | `{jti}` | `{:ok, token}` | | `Token` | `:revoke` | Revoke authentication token | 🔐 | `{jti}` | `{:ok, token}` |

2
lib/mv/oidc_role_sync.ex
View file

@ -2,7 +2,7 @@ defmodule Mv.OidcRoleSync do
@moduledoc """ @moduledoc """
Syncs user role from OIDC user_info (e.g. groups claim Admin role). Syncs user role from OIDC user_info (e.g. groups claim Admin role).
Used after OIDC registration (register_with_rauthy) and on sign-in so that Used after OIDC registration (register_with_oidc) and on sign-in so that
users in the configured admin group get the Admin role; others get Mitglied. users in the configured admin group get the Admin role; others get Mitglied.
Configure via OIDC_ADMIN_GROUP_NAME and OIDC_GROUPS_CLAIM (see OidcRoleSyncConfig). Configure via OIDC_ADMIN_GROUP_NAME and OIDC_GROUPS_CLAIM (see OidcRoleSyncConfig).