steve/check-printing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: move OIDC settings to env vars and add debug logging

Browse Source 
OIDC configuration now comes from environment variables instead of
the database settings table. This is more natural for Docker/compose
deployments where secrets live in .env files.

Env vars: OIDC_ENABLED, OIDC_DISCOVERY_URL, OIDC_CLIENT_ID,
OIDC_CLIENT_SECRET, OIDC_REDIRECT_URI, OIDC_BUTTON_LABEL.

Also adds detailed [oidc] console logging throughout the authorize,
callback, and link flows to aid debugging connection issues.

Removes the OIDC settings UI section from the admin modal and the
GET/PUT /api/settings/oidc endpoints.
This commit is contained in:
Steve Dogiakos
2026-04-09 16:34:14 -06:00
parent dff5fd4156
commit da5d436432
6 changed files with 48 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/index.html
-42
View File
@@ -734,48 +734,6 @@
<div id="smtp-success" class="import-result" hidden></div>
<button id="btn-save-smtp" class="btn-secondary" style="margin-top:8px">Save Email Settings</button>
</div>
<!-- OIDC settings (admin only) -->
<div id="oidc-settings-section" style="margin-top:16px;border-top:1px solid var(--border);padding-top:16px">
<h3 style="font-size:13px;font-weight:600;margin-bottom:10px">Single Sign-On (OIDC)</h3>
<div class="form-row">
<div class="form-group" style="max-width:100px">
<label for="oidc-enabled">Enabled</label>
<select id="oidc-enabled">
<option value="0">No</option>
<option value="1">Yes</option>
</select>
</div>
<div class="form-group">
<label for="oidc-button-label">Button Label</label>
<input type="text" id="oidc-button-label" placeholder="Sign in with SSO">
</div>
</div>
<div class="form-row">
<div class="form-group">
<label for="oidc-discovery-url">Discovery URL</label>
<input type="url" id="oidc-discovery-url" placeholder="https://auth.example.com/.well-known/openid-configuration">
</div>
</div>
<div class="form-row">
<div class="form-group">
<label for="oidc-client-id">Client ID</label>
<input type="text" id="oidc-client-id" autocomplete="off">
</div>
<div class="form-group">
<label for="oidc-client-secret">Client Secret <span class="field-hint" id="oidc-secret-hint"></span></label>
<input type="password" id="oidc-client-secret" autocomplete="new-password">
</div>
</div>
<div class="form-row">
<div class="form-group">
<label for="oidc-redirect-uri">Redirect URI <span class="field-hint">(full external callback URL)</span></label>
<input type="url" id="oidc-redirect-uri" placeholder="https://checks.example.com/api/auth/oidc/callback">
</div>
</div>
<div id="oidc-error" class="wizard-error" hidden></div>
<div id="oidc-success" class="import-result" hidden></div>
<button id="btn-save-oidc" class="btn-secondary" style="margin-top:8px">Save OIDC Settings</button>
</div>
<!-- Change own password -->
<div style="margin-top:16px;border-top:1px solid var(--border);padding-top:16px">
<h3 style="font-size:13px;font-weight:600;margin-bottom:10px">Change My Password</h3>
public/js/app.js
-44
View File
@@ -201,12 +201,10 @@ function openUsersModal() {
document.getElementById('users-list').hidden = !isAdmin;
document.getElementById('user-form-section').hidden = !isAdmin;
document.getElementById('smtp-settings-section').hidden = !isAdmin;
document.getElementById('oidc-settings-section').hidden = !isAdmin;
if (isAdmin) {
loadUsers();
renderUfAccountCheckboxes();
loadSmtpSettings();
loadOidcSettings();
}
loadOidcLinkStatus();
}
@@ -1659,47 +1657,6 @@ async function saveSmtpSettings() {
}
}
// ── OIDC settings ────────────────────────────────────────────────────────────
async function loadOidcSettings() {
try {
const s = await apiFetch('GET', '/api/settings/oidc');
if (!s) return;
document.getElementById('oidc-enabled').value = s.enabled ? '1' : '0';
document.getElementById('oidc-discovery-url').value = s.discovery_url;
document.getElementById('oidc-client-id').value = s.client_id;
document.getElementById('oidc-redirect-uri').value = s.redirect_uri;
document.getElementById('oidc-button-label').value = s.button_label;
document.getElementById('oidc-secret-hint').textContent = s.has_secret ? '(leave blank to keep)' : '';
} catch (_) {}
}
async function saveOidcSettings() {
const errEl = document.getElementById('oidc-error');
const successEl = document.getElementById('oidc-success');
const btn = document.getElementById('btn-save-oidc');
errEl.hidden = true; successEl.hidden = true;
btn.disabled = true;
try {
await apiFetch('PUT', '/api/settings/oidc', {
enabled: document.getElementById('oidc-enabled').value === '1',
discovery_url: document.getElementById('oidc-discovery-url').value.trim(),
client_id: document.getElementById('oidc-client-id').value.trim(),
client_secret: document.getElementById('oidc-client-secret').value,
redirect_uri: document.getElementById('oidc-redirect-uri').value.trim(),
button_label: document.getElementById('oidc-button-label').value.trim(),
});
successEl.textContent = 'Saved.'; successEl.hidden = false;
document.getElementById('oidc-client-secret').value = '';
await loadOidcSettings();
setTimeout(() => { successEl.hidden = true; }, 3000);
} catch (err) {
errEl.textContent = err.message; errEl.hidden = false;
} finally {
btn.disabled = false;
}
}
// ── OIDC self-service linking ────────────────────────────────────────────────
async function loadOidcLinkStatus() {
@@ -1943,7 +1900,6 @@ async function init() {
document.getElementById('uf-role').addEventListener('change', renderUfAccountCheckboxes);
document.getElementById('btn-change-password').addEventListener('click', changeOwnPassword);
document.getElementById('btn-save-smtp').addEventListener('click', saveSmtpSettings);
document.getElementById('btn-save-oidc').addEventListener('click', saveOidcSettings);
document.getElementById('btn-oidc-unlink').addEventListener('click', unlinkOidc);
// Add checking account