24 lines
885 B
Elixir
24 lines
885 B
Elixir
defmodule Mv.OidcRoleSyncConfig do
|
||
@moduledoc """
|
||
Runtime configuration for OIDC group → role sync (e.g. admin group → Admin role).
|
||
|
||
Reads from Application config `:mv, :oidc_role_sync`:
|
||
- `:admin_group_name` – OIDC group name that maps to Admin role (optional; when nil, no sync).
|
||
- `:groups_claim` – JWT/user_info claim name for groups (default: `"groups"`).
|
||
|
||
Set via ENV in production: OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM (see config/runtime.exs).
|
||
"""
|
||
@doc "Returns the OIDC group name that maps to Admin role, or nil if not configured."
|
||
def oidc_admin_group_name do
|
||
get(:admin_group_name)
|
||
end
|
||
|
||
@doc "Returns the JWT/user_info claim name for groups; defaults to \"groups\"."
|
||
def oidc_groups_claim do
|
||
get(:groups_claim) || "groups"
|
||
end
|
||
|
||
defp get(key) do
|
||
Application.get_env(:mv, :oidc_role_sync, []) |> Keyword.get(key)
|
||
end
|
||
end
|