Solved OIDC sociallogin bug

2025-03-31 14:24:16 +02:00 · 2025-02-26 09:49:32 +01:00 · 2025-02-26 09:49:32 +01:00 · ae1d7c785f
commit ae1d7c785f
parent 61eb9a3aed
4 changed files with 12 additions and 6 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -252,7 +252,7 @@ defaults_applications:
      # Available options: oidc_login, sociallogin
      # @see https://apps.nextcloud.com/apps/oidc_login
      # @see https://apps.nextcloud.com/apps/sociallogin
-      flavor:               "oidc_login"                          # Keeping on sociallogin because the other option is not implemented yet                                             
+      flavor:               "sociallogin"                          # Keeping on sociallogin because the other option is not implemented yet                                             
    force_import:           False                                 # Forces the import of the LDIF files
    database:
      central_storage:      True
--- a/roles/docker-nextcloud/README.md
+++ b/roles/docker-nextcloud/README.md
@ -94,6 +94,11 @@ docker-compose exec -it -u www-data application /var/www/html/occ
 ```
 ### User Administration 

+#### Create user via CLI
+```bash
+docker compose exec -it -u www-data application php occ user:add {{username}}
+```
+
 #### Make user admin via cli
 ```bash
 docker compose exec -it -u www-data application php occ group:adduser admin {{username}}
--- a/roles/docker-nextcloud/tasks/sociallogin.yml
+++ b/roles/docker-nextcloud/tasks/sociallogin.yml
@ -3,7 +3,7 @@
 - name: Flush all handlers immediately so that occ can be used
  meta: flush_handlers

- name: enable oidc_login plugin
+- name: disable oidc_login plugin
  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:disable oidc_login"
  ignore_errors: true
  when: 
@ -22,6 +22,7 @@

 - name: Configure Sociallogin
  loop: "{{ nextcloud_sociallogin_configuration}}"
+  # The | to_json function is necessary to escape custom_providers correct.
  command: >
    docker exec -u www-data {{ nextcloud_application_container_name }}
-    php occ config:app:set {{ item.appid }} {{ item.configkey }} --value "{{ item.configvalue }}"
+    php occ config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'
--- a/roles/docker-nextcloud/templates/oidc.config.php.j2
+++ b/roles/docker-nextcloud/templates/oidc.config.php.j2
@ -14,7 +14,7 @@ return array (
    'oidc_login_client_secret' => '{{oidc.client.secret}}',

    // Automatically redirect the login page to the provider
-    'oidc_login_auto_redirect' => false,
+    'oidc_login_auto_redirect' => true,

    // Redirect to this page after logging out the user
    'oidc_login_logout_url' => 'https://{{domains[application_id]}}',
@ -23,7 +23,7 @@ return array (
    // logout endpoint of the OIDC provider after logout
    // in Nextcloud. After successfull logout the OIDC
    // provider will redirect back to 'oidc_login_logout_url' (MUST be set).
-    'oidc_login_end_session_redirect' => false,
+    'oidc_login_end_session_redirect' => true,

    // Quota to assign if no quota is specified in the OIDC response (bytes)
    //
@ -38,7 +38,7 @@ return array (
    'oidc_login_hide_password_form' => true,

    // Use ID Token instead of UserInfo
-    'oidc_login_use_id_token' => false,
+    'oidc_login_use_id_token' => true,

    // Attribute map for OIDC response. Available keys are:
    //   * id:           Unique identifier for username