From df3f8ea06d2eda1af7d8ab751f943cc2f45546d0 Mon Sep 17 00:00:00 2001 From: Lennart <18233294+lennart-k@users.noreply.github.com> Date: Wed, 16 Apr 2025 17:28:20 +0200 Subject: [PATCH] Rename userid_claim option and document OIDC options --- README.md | 4 +++- crates/frontend/src/config.rs | 2 +- crates/frontend/src/oidc/mod.rs | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 852bdc2..77b9f09 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ a CalDAV/CardDAV server - adequately fast (I'd say blazingly fastâ„¢ :fire: if I did the benchmarks to back that claim up) - deleted calendars are recoverable - Nextcloud login flow (In DAVx5 you can login through the Nextcloud flow and automatically generate an app token) -- experimental OpenID Connect support (with option to disable password login) +- OpenID Connect support (with option to disable password login) ## Installation @@ -137,6 +137,8 @@ client_id = "rustical" client_secret = "secret" scopes = ["openid", "profile"] allow_sign_up = false +# claim_userid = "sub" or "preferred_username" +# require_group = "app/rustical" ``` On the IdP side you have to create a client with the redirect uri `/frontend/login/oidc/callback` (subject to change). diff --git a/crates/frontend/src/config.rs b/crates/frontend/src/config.rs index 6d0d22e..e7e813a 100644 --- a/crates/frontend/src/config.rs +++ b/crates/frontend/src/config.rs @@ -26,7 +26,7 @@ pub struct OidcConfig { pub allow_sign_up: bool, pub require_group: Option, #[serde(default)] - pub userid_claim: UserIdClaim, + pub claim_userid: UserIdClaim, } #[derive(Deserialize, Serialize, Clone)] diff --git a/crates/frontend/src/oidc/mod.rs b/crates/frontend/src/oidc/mod.rs index 259ca26..9d8f8aa 100644 --- a/crates/frontend/src/oidc/mod.rs +++ b/crates/frontend/src/oidc/mod.rs @@ -197,7 +197,7 @@ pub async fn route_get_oidc_callback( } } - let user_id = match oidc_config.userid_claim { + let user_id = match oidc_config.claim_userid { UserIdClaim::Sub => user_info_claims.subject().to_string(), UserIdClaim::PreferredUsername => user_info_claims .preferred_username()