Moritz
8edbbac95f
- Add oidc_* attributes to Setting, migration and Config helpers - Secrets and OidcRoleSyncConfig read from Config (ENV overrides DB) - GlobalSettingsLive: OIDC section with disabled fields when ENV set - OIDC role sync tests use DataCase for DB access
58 lines
1.5 KiB
Elixir
58 lines
1.5 KiB
Elixir
defmodule Mv.Secrets do
|
|
@moduledoc """
|
|
Secret provider for AshAuthentication.
|
|
|
|
## Purpose
|
|
Provides runtime configuration secrets for Ash Authentication strategies,
|
|
particularly for OIDC (Rauthy) authentication.
|
|
|
|
## Configuration Source
|
|
Secrets are read via `Mv.Config` which prefers environment variables and
|
|
falls back to Settings from the database:
|
|
- OIDC_CLIENT_ID / settings.oidc_client_id
|
|
- OIDC_CLIENT_SECRET / settings.oidc_client_secret
|
|
- OIDC_BASE_URL / settings.oidc_base_url
|
|
- OIDC_REDIRECT_URI / settings.oidc_redirect_uri
|
|
|
|
## Usage
|
|
This module is automatically called by AshAuthentication when resolving
|
|
secrets for the User resource's OIDC strategy.
|
|
"""
|
|
use AshAuthentication.Secret
|
|
|
|
def secret_for(
|
|
[:authentication, :strategies, :oidc, :client_id],
|
|
Mv.Accounts.User,
|
|
_opts,
|
|
_meth
|
|
) do
|
|
{:ok, Mv.Config.oidc_client_id()}
|
|
end
|
|
|
|
def secret_for(
|
|
[:authentication, :strategies, :oidc, :redirect_uri],
|
|
Mv.Accounts.User,
|
|
_opts,
|
|
_meth
|
|
) do
|
|
{:ok, Mv.Config.oidc_redirect_uri()}
|
|
end
|
|
|
|
def secret_for(
|
|
[:authentication, :strategies, :oidc, :client_secret],
|
|
Mv.Accounts.User,
|
|
_opts,
|
|
_meth
|
|
) do
|
|
{:ok, Mv.Config.oidc_client_secret()}
|
|
end
|
|
|
|
def secret_for(
|
|
[:authentication, :strategies, :oidc, :base_url],
|
|
Mv.Accounts.User,
|
|
_opts,
|
|
_meth
|
|
) do
|
|
{:ok, Mv.Config.oidc_base_url()}
|
|
end
|
|
end
|