1
0
Fork 0

configure nextcloud sso app with same variable

This commit is contained in:
ibizaman 2024-05-01 22:57:56 -07:00 committed by Pierre Penninckx
parent f9cb785cf8
commit e6b11a5acb

View file

@ -869,7 +869,14 @@ in
''; '';
}) })
(lib.mkIf cfg.apps.sso.enable { (let
scopes = [
"openid"
"profile"
"email"
"groups"
];
in lib.mkIf cfg.apps.sso.enable {
assertions = [ assertions = [
{ {
assertion = cfg.apps.sso.enable -> cfg.apps.ldap.enable; assertion = cfg.apps.sso.enable -> cfg.apps.ldap.enable;
@ -920,7 +927,7 @@ in
}; };
oidc_login_default_group = "oidc"; oidc_login_default_group = "oidc";
oidc_login_use_external_storage = false; oidc_login_use_external_storage = false;
oidc_login_scope = "openid profile email groups"; oidc_login_scope = lib.concatStringsSep " " scopes;
oidc_login_proxy_ldap = false; oidc_login_proxy_ldap = false;
# Enable creation of users new to Nextcloud from OIDC login. A user may be known to the # Enable creation of users new to Nextcloud from OIDC login. A user may be known to the
# IdP but not (yet) known to Nextcloud. This setting controls what to do in this case. # IdP but not (yet) known to Nextcloud. This setting controls what to do in this case.
@ -957,12 +964,7 @@ in
public = false; public = false;
authorization_policy = cfg.apps.sso.authorization_policy; authorization_policy = cfg.apps.sso.authorization_policy;
redirect_uris = [ "${protocol}://${fqdnWithPort}/apps/oidc_login/oidc" ]; redirect_uris = [ "${protocol}://${fqdnWithPort}/apps/oidc_login/oidc" ];
scopes = [ inherit scopes;
"openid"
"profile"
"email"
"groups"
];
userinfo_signing_algorithm = "none"; userinfo_signing_algorithm = "none";
} }
]; ];