From 72b787814e5621aef0a5ecf2b03b1a3a425a53c1 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Tue, 25 Feb 2025 19:35:48 +0100
Subject: [PATCH] Optimized OIDC Login for Nextcloud
---
group_vars/all/01_modes.yml | 2 +-
group_vars/all/07_applications.yml | 6 +-
...f_deactivated => 01_nextcloud.schema.ldif} | 3 -
roles/docker-nextcloud/tasks/config.yml | 10 +--
roles/docker-nextcloud/tasks/ldap.yml | 9 +++
.../tasks/legacy_login_mask.yml | 5 ++
roles/docker-nextcloud/tasks/main.yml | 20 +++++-
roles/docker-nextcloud/tasks/oidc_login | 1 -
roles/docker-nextcloud/tasks/oidc_login.yml | 13 ++++
.../tasks/oidc_sociallogin.yml | 36 ----------
roles/docker-nextcloud/tasks/sociallogin.yml | 27 +++++++
.../templates/docker-compose.yml.j2 | 13 ++--
.../{oidc.php.j2 => oidc.config.php.j2} | 11 +--
roles/docker-nextcloud/vars/ldap.yml | 9 +--
roles/docker-nextcloud/vars/main.yml | 19 ++---
roles/docker-nextcloud/vars/sociallogin.yml | 72 +++++++++++++++++++
16 files changed, 181 insertions(+), 75 deletions(-)
rename roles/docker-ldap/templates/ldif/schema/{01_nextcloud.schema.ldif_deactivated => 01_nextcloud.schema.ldif} (69%)
create mode 100644 roles/docker-nextcloud/tasks/legacy_login_mask.yml
delete mode 100644 roles/docker-nextcloud/tasks/oidc_login
create mode 100644 roles/docker-nextcloud/tasks/oidc_login.yml
delete mode 100644 roles/docker-nextcloud/tasks/oidc_sociallogin.yml
create mode 100644 roles/docker-nextcloud/tasks/sociallogin.yml
rename roles/docker-nextcloud/templates/{oidc.php.j2 => oidc.config.php.j2} (97%)
create mode 100644 roles/docker-nextcloud/vars/sociallogin.yml
diff --git a/group_vars/all/01_modes.yml b/group_vars/all/01_modes.yml
index 59a04716..f07f02d1 100644
--- a/group_vars/all/01_modes.yml
+++ b/group_vars/all/01_modes.yml
@@ -5,4 +5,4 @@ mode_reset: false # Cleans up all CyMaIS files. It's necessary to run to whole
mode_test: false # Executes test routines instead of productive routines
mode_update: true # Executes updates
mode_backup: true # Activates the backup before the update procedure
-mode_cleanup: false # Cleanup unused files and configurations
\ No newline at end of file
+mode_cleanup: true # Cleanup unused files and configurations
\ No newline at end of file
diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml
index 9c32a697..e0bf8e0b 100644
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@@ -245,11 +245,11 @@ defaults_applications:
nextcloud:
version: "production" # @see https://nextcloud.com/blog/nextcloud-release-channels-and-how-to-track-them/
ldap:
- enabled: True # Enables LDAP by default, missing ansible setup tasks @todo setup
+ enabled: True # Enables LDAP by default
oidc:
enabled: true # Activate OIDC for Nextcloud
# floavor decides which OICD plugin should be used.
- # Available options: login, sociallogin
+ # Available options: oidc_login, sociallogin
# @see https://apps.nextcloud.com/apps/oidc_login
# @see https://apps.nextcloud.com/apps/sociallogin
flavor: "sociallogin" # Keeping on sociallogin because the other option is not implemented yet
@@ -263,6 +263,8 @@ defaults_applications:
username: "{{users.administrator.username}}"
initial_password: "{{users.administrator.initial_password}}"
default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes)
+ legacy_login_mask:
+ enabled: False # If true, then legacy login mask is shown. Otherwise just SSO
## OAuth2 Proxy
oauth2_proxy:
diff --git a/roles/docker-ldap/templates/ldif/schema/01_nextcloud.schema.ldif_deactivated b/roles/docker-ldap/templates/ldif/schema/01_nextcloud.schema.ldif
similarity index 69%
rename from roles/docker-ldap/templates/ldif/schema/01_nextcloud.schema.ldif_deactivated
rename to roles/docker-ldap/templates/ldif/schema/01_nextcloud.schema.ldif
index 23b99a25..aa562319 100644
--- a/roles/docker-ldap/templates/ldif/schema/01_nextcloud.schema.ldif_deactivated
+++ b/roles/docker-ldap/templates/ldif/schema/01_nextcloud.schema.ldif
@@ -1,7 +1,4 @@
# nextcloud.schema
-# This schema is deactivated, because with keycloak it's impossible to set schemas to new created users
-# Until then the managament is done over keycloak
-# @todo activate in ldap
dn: cn=nextcloud,cn=schema,cn=config
objectClass: olcSchemaConfig
diff --git a/roles/docker-nextcloud/tasks/config.yml b/roles/docker-nextcloud/tasks/config.yml
index 0ac4389d..a34de1f2 100644
--- a/roles/docker-nextcloud/tasks/config.yml
+++ b/roles/docker-nextcloud/tasks/config.yml
@@ -1,18 +1,18 @@
-- name: "Substitute http with https in {{ nextcloud_config_file_path }}"
+- name: "Substitute http with https in {{ nextcloud_config_file_host_path }}"
replace:
- path: "{{ nextcloud_config_file_path }}"
+ path: "{{ nextcloud_config_file_host_path }}"
regexp: "http://{{ domain | regex_escape }}"
replace: "https://{{ domain }}"
notify:
- docker compose restart
-#- name: Ensure 'overwriteprotocol' is set to 'https' in Nextcloud {{ nextcloud_config_file_path }}
+#- name: Ensure 'overwriteprotocol' is set to 'https' in Nextcloud {{ nextcloud_config_file_host_path }}
# block:
# Deactivated because it was really heavy to fix.
# @todo implement
# - name: Check if 'overwriteprotocol' is already set
# lineinfile:
-# path: "{{ nextcloud_config_file_path }}"
+# path: "{{ nextcloud_config_file_host_path }}"
# regexp: "^\s*overwriteprotocol\s*=>\s*http"
# line: "overwriteprotocol => 'https',"
# backrefs: yes
@@ -22,7 +22,7 @@
#
# - name: Add 'overwriteprotocol' => 'https' if not present
# lineinfile:
-# path: "{{ nextcloud_config_file_path }}"
+# path: "{{ nextcloud_config_file_host_path }}"
# regexp: "^\s*\);$"
# line: "overwriteprotocol => 'https',"
# insertafter: "^\s*\);$"
diff --git a/roles/docker-nextcloud/tasks/ldap.yml b/roles/docker-nextcloud/tasks/ldap.yml
index 640588cf..9d4a87b5 100644
--- a/roles/docker-nextcloud/tasks/ldap.yml
+++ b/roles/docker-nextcloud/tasks/ldap.yml
@@ -2,6 +2,10 @@
# @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
# @todo implement
+- name: install LDAP plugin
+ command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install user_ldap"
+ ignore_errors: true
+
- name: Activate Nextcloud LDAP App
command: "docker exec -u www-data {{ nextcloud_application_container_name }} php occ app:enable user_ldap"
@@ -14,3 +18,8 @@
command: >
docker exec -u www-data {{ nextcloud_application_container_name }}
php occ config:app:set {{ item.appid }} {{ item.configkey }} --value "{{ item.configvalue }}"
+
+- name: Set Nextcloud LDAP bind password
+ command: >
+ docker exec -u www-data {{ nextcloud_application_container_name }}
+ php occ ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"
diff --git a/roles/docker-nextcloud/tasks/legacy_login_mask.yml b/roles/docker-nextcloud/tasks/legacy_login_mask.yml
new file mode 100644
index 00000000..0f8f9bef
--- /dev/null
+++ b/roles/docker-nextcloud/tasks/legacy_login_mask.yml
@@ -0,0 +1,5 @@
+- name: Set hide_login_form to true
+ command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{ (not applications[application_id].legacy_login_mask.enabled) | lower }} hide_login_form"
+
+- name: "Set auth.webauthn.enabled to false"
+ command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{applications[application_id].legacy_login_mask.enabled | lower}} auth.webauthn.enabled"
\ No newline at end of file
diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml
index 0611464c..f51d08d0 100644
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@@ -3,6 +3,19 @@
include_role:
name: docker-central-database
+- name: copy oidc.config.php
+ template:
+ src: oidc.config.php.j2
+ dest: "{{nextcloud_host_oidc_login_path}}"
+ owner: 82 # User www-data in Nextcloud container
+ group: 82 # User www-data in Nextcloud container
+ when: applications[application_id].oidc.flavor == "oidc_login"
+
+- name: Remove OIDC configuration lines from config.php if present (container)
+ command: >
+ docker exec -u www-data {{ nextcloud_application_container_name }} sh -c "sed -i '/CONFIG_EXTRA = include.*oidc\.config\.php/d' /var/www/html/config/config.php && sed -i '/CONFIG = array_merge(\\$CONFIG, \\$CONFIG_EXTRA)/d' /var/www/html/config/config.php"
+ when: applications[application_id].oidc.flavor == "sociallogin" and mode_cleanup | bool
+
- name: "include role for {{application_id}} to recieve certs & do modification routines"
include_role:
name: nginx-https-get-cert-modify-all
@@ -23,7 +36,7 @@
include_tasks: copy-docker-compose-and-env.yml
- name: "Include OIDC-specific tasks with flavor {{applications[application_id].oidc.flavor}}"
- include_tasks: "oidc_{{applications[application_id].oidc.flavor}}.yml"
+ include_tasks: "{{applications[application_id].oidc.flavor}}.yml"
when: applications[application_id].oidc.enabled | bool
- name: Include LDAP specific tasks
@@ -31,4 +44,7 @@
when: applications[application_id].ldap.enabled | bool
- name: Include Config specific tasks
- include_tasks: config.yml
\ No newline at end of file
+ include_tasks: config.yml
+
+- name: De\Activate legacy login mask
+ include_tasks: legacy_login_mask.yml
\ No newline at end of file
diff --git a/roles/docker-nextcloud/tasks/oidc_login b/roles/docker-nextcloud/tasks/oidc_login
deleted file mode 100644
index 0f30b364..00000000
--- a/roles/docker-nextcloud/tasks/oidc_login
+++ /dev/null
@@ -1 +0,0 @@
-# @todo implement this flavor
\ No newline at end of file
diff --git a/roles/docker-nextcloud/tasks/oidc_login.yml b/roles/docker-nextcloud/tasks/oidc_login.yml
new file mode 100644
index 00000000..bc79cc86
--- /dev/null
+++ b/roles/docker-nextcloud/tasks/oidc_login.yml
@@ -0,0 +1,13 @@
+- name: enable sociallogin plugin
+ command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:disable sociallogin"
+ ignore_errors: true
+ when:
+ - mode_cleanup | bool
+
+- name: install oidc_login plugin
+ command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install oidc_login"
+ ignore_errors: true
+
+- name: Add OIDC configuration if not implemented yet
+ command: >
+ docker exec -u www-data {{ nextcloud_application_container_name }} sh -c 'grep -q "CONFIG_EXTRA = include" ./config/config.php || echo -e "\n\$CONFIG_EXTRA = include '\''{{nextcloud_docker_oidc_login_config_path}}'\'';\n\$CONFIG = array_merge(\$CONFIG, \$CONFIG_EXTRA);" >> ./config/config.php'
diff --git a/roles/docker-nextcloud/tasks/oidc_sociallogin.yml b/roles/docker-nextcloud/tasks/oidc_sociallogin.yml
deleted file mode 100644
index da5113d7..00000000
--- a/roles/docker-nextcloud/tasks/oidc_sociallogin.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-# @See https://chatgpt.com/share/6798189e-9c00-800f-923c-5ce3cfbdf405
-
-- name: Flush all handlers immediately so that occ can be used
- meta: flush_handlers
-
-- name: Set hide_login_form to true
- command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:system:set --type boolean --value true hide_login_form"
-
-- name: "Set auth.webauthn.enabled to false"
- command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:system:set --type boolean --value false auth.webauthn.enabled"
-
-- name: Set allow_login_connect to 1
- command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:app:set sociallogin allow_login_connect --value='1'"
- # This configuration allows users to connect multiple accounts to their Nextcloud profile
- # using the sociallogin app.
-
-- name: install sociallogin plugin
- command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:install sociallogin"
- ignore_errors: true
-
-- name: enable sociallogin plugin
- command: "docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ app:enable sociallogin"
-
-- name: Set custom_providers
- command: >
- docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ
- config:app:set sociallogin custom_providers
- --value='{"custom_oidc":[{"name":"{{domains.keycloak}}","title":"keycloak","style":"keycloak","authorizeUrl":"{{oidc.client.authorize_url}}","tokenUrl":"{{oidc.client.toke_url}}","displayNameClaim":"","userInfoUrl":"{{oidc.client.user_info_url}}","logoutUrl":"{{oidc.client.logout_url}}","clientId":"{{oidc.client.id}}","clientSecret":"{{oidc.client.secret}}","scope":"openid","groupsClaim":"","style":"","defaultGroup":""}]}'
- # This configuration defines custom OpenID Connect (OIDC) providers for authentication.
- # In this case, it sets up a Keycloak provider with details like URLs for authorization,
- # token retrieval, user info, and logout, as well as the client ID and secret.
-
-- name: Set prevent_create_email_exists to 1
- command: 'docker exec -u www-data {{nextcloud_application_container_name}} /var/www/html/occ config:app:set sociallogin prevent_create_email_exists --value="1"'
- # This configuration prevents the creation of new Nextcloud users if an account with the
- # same email address already exists in the system. It helps avoid duplicate accounts.
\ No newline at end of file
diff --git a/roles/docker-nextcloud/tasks/sociallogin.yml b/roles/docker-nextcloud/tasks/sociallogin.yml
new file mode 100644
index 00000000..9e6776d3
--- /dev/null
+++ b/roles/docker-nextcloud/tasks/sociallogin.yml
@@ -0,0 +1,27 @@
+# @See https://chatgpt.com/share/6798189e-9c00-800f-923c-5ce3cfbdf405
+
+- name: Flush all handlers immediately so that occ can be used
+ meta: flush_handlers
+
+- name: enable oidc_login plugin
+ command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:disable oidc_login"
+ ignore_errors: true
+ when:
+ - mode_cleanup | bool
+
+- name: install sociallogin plugin
+ command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install sociallogin"
+ ignore_errors: true
+
+- name: enable sociallogin plugin
+ command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:enable sociallogin"
+
+- name: Load Sociallogin configuration variables
+ include_vars:
+ file: sociallogin.yml
+
+- name: Configure Sociallogin
+ loop: "{{ nextcloud_sociallogin_configuration}}"
+ command: >
+ docker exec -u www-data {{ nextcloud_application_container_name }}
+ php occ config:app:set {{ item.appid }} {{ item.configkey }} --value "{{ item.configvalue }}"
\ No newline at end of file
diff --git a/roles/docker-nextcloud/templates/docker-compose.yml.j2 b/roles/docker-nextcloud/templates/docker-compose.yml.j2
index 4a9bacb7..c9504921 100644
--- a/roles/docker-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2
@@ -6,11 +6,14 @@ services:
application:
image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
- container_name: {{nextcloud_application_container_name}}
+ container_name: {{nextcloud_application_container_name}}
volumes:
- - data:/var/www/html
+ - data:{{nextcloud_docker_path}}
+{% if applications[application_id].oidc.flavor == "login" %}
+ - {{nextcloud_host_oidc_login_path}}:{{nextcloud_docker_oidc_login_config_path}}:ro
+{% endif %}
healthcheck:
- test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php /var/www/html/occ status"]
+ test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_path}}occ status"]
interval: 1m
timeout: 10s
retries: 3
@@ -47,10 +50,10 @@ services:
logging:
driver: journald
volumes:
- - data:/var/www/html
+ - data:{{nextcloud_docker_path}}
entrypoint: /cron.sh
healthcheck:
- test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php /var/www/html/occ status"]
+ test: ["CMD", "su", "www-data", "-s", "/bin/sh", "-c", "php {{nextcloud_docker_path}}occ status"]
interval: 1m
timeout: 10s
retries: 3
diff --git a/roles/docker-nextcloud/templates/oidc.php.j2 b/roles/docker-nextcloud/templates/oidc.config.php.j2
similarity index 97%
rename from roles/docker-nextcloud/templates/oidc.php.j2
rename to roles/docker-nextcloud/templates/oidc.config.php.j2
index 4d524629..aed085b1 100644
--- a/roles/docker-nextcloud/templates/oidc.php.j2
+++ b/roles/docker-nextcloud/templates/oidc.config.php.j2
@@ -1,12 +1,13 @@
+<?php
# Check out: https://github.com/pulsejet/nextcloud-oidc-login
-$CONFIG = array (
+return array (
// Some Nextcloud options that might make sense here
'allow_user_to_change_display_name' => false,
'lost_password_link' => 'disabled',
// URL of provider. All other URLs are auto-discovered from .well-known
- 'oidc_login_provider_url' => 'https://{{domains.keycloak}}',
+ 'oidc_login_provider_url' => 'https://{{oidc.client.issuer_url}}',
// Client ID and secret registered with the provider
'oidc_login_client_id' => '{{oidc.client.id}}',
@@ -95,10 +96,10 @@ $CONFIG = array (
'id' => 'username',
'name' => 'name',
'mail' => 'email',
- 'quota' => 'nextcloudQuota',
- 'home' => 'homeDirectory',
+ # 'quota' => 'nextcloudQuota', # Not implemented yet
+ # 'home' => 'homeDirectory', # Not implemented yet
'ldap_uid' => 'uid',
- 'groups' => 'ownCloudGroups',
+ # 'groups' => 'ownCloudGroups', # Not implemented yet
'login_filter' => 'realm_access_roles',
// 'photoURL' => 'picture',
// 'is_admin' => 'ownCloudAdmin',
diff --git a/roles/docker-nextcloud/vars/ldap.yml b/roles/docker-nextcloud/vars/ldap.yml
index 4bfc60a7..152f1eb9 100644
--- a/roles/docker-nextcloud/vars/ldap.yml
+++ b/roles/docker-nextcloud/vars/ldap.yml
@@ -24,11 +24,6 @@ nextcloud_ldap_configuration:
configkey: "s01last_jpegPhoto_lookup"
configvalue: 0
- -
- appid: "user_ldap"
- configkey: "s01ldap_agent_password"
- configvalue: "{{ldap.bind_credential}}"
-
-
appid: "user_ldap"
configkey: "s01ldap_backup_port"
@@ -42,12 +37,12 @@ nextcloud_ldap_configuration:
-
appid: "user_ldap"
configkey: "s01ldap_base_groups"
- configvalue: "{{ldap.dn.groups}}"
+ configvalue: "{{ldap.dn.root}}"
-
appid: "user_ldap"
configkey: "s01ldap_base_users"
- configvalue: "{{ldap.dn.users}}"
+ configvalue: "{{ldap.dn.root}}}"
-
appid: "user_ldap"
diff --git a/roles/docker-nextcloud/vars/main.yml b/roles/docker-nextcloud/vars/main.yml
index 4241c56c..30479fae 100644
--- a/roles/docker-nextcloud/vars/main.yml
+++ b/roles/docker-nextcloud/vars/main.yml
@@ -1,9 +1,12 @@
---
-application_id: "nextcloud"
-database_password: "{{applications.nextcloud.credentials.database_password}}"
-database_type: "mariadb"
-nextcloud_application_container_name: "nextcloud-application"
-nextcloud_nginx_container_name: "nextcloud-web"
-nextcloud_config_file_path: "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
-domain: "{{domains[application_id]}}"
-http_port: "{{ ports.localhost.http[application_id] }}"
\ No newline at end of file
+application_id: "nextcloud"
+database_password: "{{applications.nextcloud.credentials.database_password}}"
+database_type: "mariadb"
+nextcloud_application_container_name: "nextcloud-application"
+nextcloud_nginx_container_name: "nextcloud-web"
+nextcloud_config_file_host_path: "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
+domain: "{{domains[application_id]}}"
+http_port: "{{ ports.localhost.http[application_id] }}"
+nextcloud_docker_path: "/var/www/html/"
+nextcloud_docker_oidc_login_config_path: "{{nextcloud_docker_path}}config/oidc.config.php"
+nextcloud_host_oidc_login_path: "{{docker_compose.directories.volumes}}/oidc.config.php"
\ No newline at end of file
diff --git a/roles/docker-nextcloud/vars/sociallogin.yml b/roles/docker-nextcloud/vars/sociallogin.yml
new file mode 100644
index 00000000..6ff34fd8
--- /dev/null
+++ b/roles/docker-nextcloud/vars/sociallogin.yml
@@ -0,0 +1,72 @@
+nextcloud_sociallogin_configuration:
+ -
+ appid: "sociallogin"
+ # This configuration allows users to connect multiple accounts to their Nextcloud profile
+ # using the sociallogin app.
+ configkey: "allow_login_connect"
+ configvalue: 1
+ -
+ appid: "sociallogin"
+ configkey: "auto_create_groups"
+ configvalue: ""
+ -
+ appid: "sociallogin"
+ configkey: "button_text_wo_prefix"
+ configvalue: ""
+ -
+ appid: "sociallogin"
+ configkey: "create_disabled_users"
+ configvalue: ""
+ -
+ appid: "sociallogin"
+ # This configuration defines custom OpenID Connect (OIDC) providers for authentication.
+ # In this case, it sets up a Keycloak provider with details like URLs for authorization,
+ # token retrieval, user info, and logout, as well as the client ID and secret.
+ configkey: "custom_providers"
+ configvalue: '{"custom_oidc":[{"name":"{{domains.keycloak}}","title":"keycloak","style":"keycloak","authorizeUrl":"{{oidc.client.authorize_url}}","tokenUrl":"{{oidc.client.toke_url}}","displayNameClaim":"","userInfoUrl":"{{oidc.client.user_info_url}}","logoutUrl":"{{oidc.client.logout_url}}","clientId":"{{oidc.client.id}}","clientSecret":"{{oidc.client.secret}}","scope":"openid","groupsClaim":"","style":"","defaultGroup":""}]}'
+ -
+ appid: "sociallogin"
+ configkey: "disable_notify_admins"
+ configvalue: ""
+ -
+ appid: "sociallogin"
+ configkey: "disable_registration"
+ configvalue: ""
+ -
+ appid: "sociallogin"
+ configkey: "enabled"
+ configvalue: "yes"
+ -
+ appid: "sociallogin"
+ configkey: "hide_default_login"
+ configvalue: ""
+ -
+ appid: "sociallogin"
+ configkey: "no_prune_user_groups"
+ configvalue: ""
+ -
+ appid: "sociallogin"
+ configkey: "oauth_providers"
+ configvalue: "null"
+ -
+ appid: "sociallogin"
+ # This configuration prevents the creation of new Nextcloud users if an account with the
+ # same email address already exists in the system. It helps avoid duplicate accounts.
+ configkey: "prevent_create_email_exists"
+ configvalue: 1
+ -
+ appid: "sociallogin"
+ configkey: "restrict_users_wo_assigned_groups"
+ configvalue: ""
+ -
+ appid: "sociallogin"
+ configkey: "restrict_users_wo_mapped_groups"
+ configvalue: ""
+ -
+ appid: "sociallogin"
+ configkey: "types"
+ configvalue: ""
+ -
+ appid: "sociallogin"
+ configkey: "update_profile_on_login"
+ configvalue: 1
\ No newline at end of file