add command for initializing user_oidc

2026-03-11 15:55:53 -04:00
parent eb3816b9c2
commit 4c3f6fa14d
1 changed files with 17 additions and 0 deletions
--- a/abra.sh
+++ b/abra.sh
@ -159,6 +159,23 @@ set_authentik() {
    run_occ 'config:system:set lost_password_link --value=disabled'
 }

+set_user_oidc() {
+    install_apps user_oidc
+    USER_OIDC_SECRET=$(cat /run/secrets/user_oidc_secret)
+    run_occ "user_oidc:provider \
+            --clientid=${USER_OIDC_ID} \
+            --clientsecret=${USER_OIDC_SECRET} \
+            --discoveryuri=${USER_OIDC_DISCOVERY_URI} \
+            --endsessionendpointuri=${USER_OIDC_END_SESSION_URI} \
+            --postlogouturi=https://${DOMAIN} \
+            --scope='openid email profile' \
+            ${USER_OIDC_PROVIDER}"
+    # disable non user_oidc login
+    if [[ ${USER_OIDC_LOGIN_ONLY:-false} = "true" ]]; then
+        run_occ "config:app:set --value=0 user_oidc allow_multiple_user_backends"
+    fi
+}
+
 disable_skeletondirectory() {
    run_occ "config:system:set skeletondirectory --value ''"
 }