feat: move OIDC settings to env vars and add debug logging
OIDC configuration now comes from environment variables instead of the database settings table. This is more natural for Docker/compose deployments where secrets live in .env files. Env vars: OIDC_ENABLED, OIDC_DISCOVERY_URL, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_REDIRECT_URI, OIDC_BUTTON_LABEL. Also adds detailed [oidc] console logging throughout the authorize, callback, and link flows to aid debugging connection issues. Removes the OIDC settings UI section from the admin modal and the GET/PUT /api/settings/oidc endpoints.
This commit is contained in:
+7
-3
@@ -6,6 +6,10 @@ SESSION_MAX_AGE_HOURS=168 # default: 168 (7 days)
|
||||
PORT=3000
|
||||
DB_PATH=/app/data/check-printing.db
|
||||
|
||||
# OIDC settings are configured in the admin UI (Manage Users > Single Sign-On).
|
||||
# No environment variables needed — discovery URL, client ID/secret, and
|
||||
# redirect URI are stored in the database settings table.
|
||||
# OIDC / SSO (optional — omit or leave blank to disable)
|
||||
OIDC_ENABLED=false
|
||||
OIDC_DISCOVERY_URL=https://auth.example.com/.well-known/openid-configuration
|
||||
OIDC_CLIENT_ID=
|
||||
OIDC_CLIENT_SECRET=
|
||||
OIDC_REDIRECT_URI=https://checks.example.com/api/auth/oidc/callback
|
||||
OIDC_BUTTON_LABEL=Sign in with SSO
|
||||
|
||||
Reference in New Issue
Block a user