computer-playbook/roles/web-app-mediawiki/templates/oidc.php.j2

<?php
// ### OIDC (PluggableAuth) – BEGIN (managed by Ansible)

{% if MEDIAWIKI_OIDC_ENABLED | bool %}

wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'OpenIDConnect' );

$wgPluggableAuth_EnableAutoLogin = true;
$wgPluggableAuth_EnableLocalLogin = false;
$wgPluggableAuth_ButtonLabel = '{{ MEDIAWIKI_OIDC_BUTTON_TEXT }}';

$wgPluggableAuth_Config = [
    [
        'plugin' => 'OpenIDConnect',
        'data' => [
            'providerURL'  => '{{ MEDIAWIKI_OIDC_ISSUER }}',
            'clientID'     => '{{ MEDIAWIKI_OIDC_CLIENT_ID }}',
            'clientsecret' => '{{ MEDIAWIKI_OIDC_CLIENT_SECRET }}',
            'scope'        => [ 'openid', 'profile', 'email' ],
        ],
    ],
];

$wgOpenIDConnect_UseEmailNameAsUserName = true;
$wgOpenIDConnect_MigrateUsers = true;
// ### OIDC (PluggableAuth) – END

{% endif %}