computer-playbook/roles/web-app-shopware/tasks/setup/oidc.yml

# Replace INFX_OIDC_PLUGIN with the actual plugin name (Composer or local)
- name: "Install OIDC plugin & activate"
  shell: |
    docker exec -i --user {{ SHOPWARE_USER }} {{ SHOPWARE_WEB_CONTAINER }} sh -lc '
      set -e
      cd {{ SHOPWARE_ROOT }}
      php bin/console plugin:refresh
      php bin/console plugin:install --activate INFX_OIDC_PLUGIN || true
      php bin/console cache:clear
    '
  args:
    chdir: "{{ docker_compose.directories.instance }}"

- name: "Configure OIDC via system:config"
  shell: |
    docker exec -i --user {{ SHOPWARE_USER }} {{ SHOPWARE_WEB_CONTAINER }} sh -lc '
      set -e
      cd {{ SHOPWARE_ROOT }}
      php bin/console system:config:set "InfxOidc.config.clientId"        "{{ OIDC.CLIENT.ID }}"
      php bin/console system:config:set "InfxOidc.config.clientSecret"    "{{ OIDC.CLIENT.SECRET }}"
      php bin/console system:config:set "InfxOidc.config.discoveryUrl"    "{{ OIDC.CLIENT.DISCOVERY_DOCUMENT }}"
      php bin/console system:config:set "InfxOidc.config.scopes"          "openid profile email"
      php bin/console cache:clear
    '
  args:
    chdir: "{{ docker_compose.directories.instance }}"