From 4c3f6fa14d7ff188ca303bf10be4e0522c5745c3 Mon Sep 17 00:00:00 2001
From: sorrel <sorrel@bunk.computer>
Date: Wed, 11 Mar 2026 15:55:53 -0400
Subject: [PATCH] add command for initializing user_oidc

---
 abra.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/abra.sh b/abra.sh
index f4b12f2..af39f71 100644
--- a/abra.sh
+++ b/abra.sh
@@ -159,6 +159,23 @@ set_authentik() {
     run_occ 'config:system:set lost_password_link --value=disabled'
 }
 
+set_user_oidc() {
+    install_apps user_oidc
+    USER_OIDC_SECRET=$(cat /run/secrets/user_oidc_secret)
+    run_occ "user_oidc:provider \
+            --clientid=${USER_OIDC_ID} \
+            --clientsecret=${USER_OIDC_SECRET} \
+            --discoveryuri=${USER_OIDC_DISCOVERY_URI} \
+            --endsessionendpointuri=${USER_OIDC_END_SESSION_URI} \
+            --postlogouturi=https://${DOMAIN} \
+            --scope='openid email profile' \
+            ${USER_OIDC_PROVIDER}"
+    # disable non user_oidc login
+    if [[ ${USER_OIDC_LOGIN_ONLY:-false} = "true" ]]; then
+        run_occ "config:app:set --value=0 user_oidc allow_multiple_user_backends"
+    fi
+}
+
 disable_skeletondirectory() {
     run_occ "config:system:set skeletondirectory --value ''"
 }