Moritz
8edbbac95f
- Add oidc_* attributes to Setting, migration and Config helpers - Secrets and OidcRoleSyncConfig read from Config (ENV overrides DB) - GlobalSettingsLive: OIDC section with disabled fields when ENV set - OIDC role sync tests use DataCase for DB access
20 lines
822 B
Elixir
20 lines
822 B
Elixir
defmodule Mv.OidcRoleSyncConfig do
|
||
@moduledoc """
|
||
Runtime configuration for OIDC group → role sync (e.g. admin group → Admin role).
|
||
|
||
Reads from Mv.Config (ENV first, then Settings):
|
||
- `oidc_admin_group_name/0` – OIDC group name that maps to Admin role (optional; when nil, no sync).
|
||
- `oidc_groups_claim/0` – JWT/user_info claim name for groups (default: `"groups"`).
|
||
|
||
Set via ENV: OIDC_ADMIN_GROUP_NAME, OIDC_GROUPS_CLAIM; or via Settings (Basic settings → OIDC).
|
||
"""
|
||
@doc "Returns the OIDC group name that maps to Admin role, or nil if not configured."
|
||
def oidc_admin_group_name do
|
||
Mv.Config.oidc_admin_group_name()
|
||
end
|
||
|
||
@doc "Returns the JWT/user_info claim name for groups; defaults to \"groups\"."
|
||
def oidc_groups_claim do
|
||
Mv.Config.oidc_groups_claim() || "groups"
|
||
end
|
||
end
|