From 4192c153a27424306eaa97868d0dd5e7cb0716e0 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Thu, 6 Feb 2025 16:01:12 +0100
Subject: [PATCH] implemented password redirect url for mailu

---
 group_vars/all/11_iam.yml           | 1 +
 roles/docker-mailu/templates/env.j2 | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/group_vars/all/11_iam.yml b/group_vars/all/11_iam.yml
index d5d61d05..5e0e696e 100644
--- a/group_vars/all/11_iam.yml
+++ b/group_vars/all/11_iam.yml
@@ -23,6 +23,7 @@ defaults_oidc:
     toke_url:             "{{_oidc_client_issuer_url}}/protocol/openid-connect/token"
     user_info_url:        "{{_oidc_client_issuer_url}}/protocol/openid-connect/userinfo"
     logout_url:           "{{_oidc_client_issuer_url}}/protocol/openid-connect/logout"
+    change_credentials:   "{{_oidc_client_issuer_url}}account/account-security/signing-in"
 
 #############################################
 ### OAuth2-Proxy                          ###
diff --git a/roles/docker-mailu/templates/env.j2 b/roles/docker-mailu/templates/env.j2
index b27e4354..58f2d4b7 100644
--- a/roles/docker-mailu/templates/env.j2
+++ b/roles/docker-mailu/templates/env.j2
@@ -174,5 +174,5 @@ OIDC_VERIFY_SSL=True
 # Enable redirect to OIDC provider for password change. Possible values: True, False
 OIDC_CHANGE_PASSWORD_REDIRECT_ENABLED=True
 # Redirect URL for password change. Defaults to provider issuer url appended by /.well-known/change-password
-#OIDC_CHANGE_PASSWORD_REDIRECT_URL=https://oidc.example.com/pw-change
+OIDC_CHANGE_PASSWORD_REDIRECT_URL={{oidc.client.change_credentials}}
 {% endif %}
\ No newline at end of file