From ec5934e1913e610d812a89bdad7c7cc8f9be2835 Mon Sep 17 00:00:00 2001
From: sorrel <sorrel@bunk.computer>
Date: Wed, 11 Mar 2026 15:56:11 -0400
Subject: [PATCH] document user_oidc setup

---
 README.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/README.md b/README.md
index 7478cd6..5be0370 100644
--- a/README.md
+++ b/README.md
@@ -188,6 +188,31 @@ We've been able to get this setup by using the [social login](https://apps.nextc
 
 If using Keycloak, you'll want to do [this trick](https://janikvonrotz.ch/2020/10/20/openid-connect-with-nextcloud-and-keycloak/) also.
 
+## How do I enable OpenID Connect (OIDC) providers?
+[user_oidc](https://github.com/nextcloud/user_oidc) is the recommended way to integrate Nextcloud with OIDC providers.
+
+Run `abra app config <app-name>`
+
+Set the following envs:
+```env
+COMPOSE_FILE="$COMPOSE_FILE:compose.user_oidc.yml"
+APPS="$APPS user_oidc"
+USER_OIDC_PROVIDER=example-provider # this has been tested with keycloak
+USER_OIDC_ID=example-client-id # get this from your oidc provider
+USER_OIDC_DISCOVERY_URI=example-oidc-provider.com/.well-known/openid-configuration # get this from your oidc provider
+USER_OIDC_END_SESSION_URI=example-oidc-provider.com/protocol/openid-connect/logout # get this from your oidc provider
+USER_OIDC_LOGIN_ONLY=false # set this to true to automatically redirect all logins to your oidc provider
+SECRET_USER_OIDC_SECRET_VERSION=v1
+```
+
+Then insert the client secret from your OIDC provider:
+```sh
+abra app secret insert <app-name> user_oidc_secret v1 <client-secret from oidc provider>
+```
+
+After you deploy (or redeploy), run the following to set up the user_oidc Nextcloud app:
+`abra app cmd <app-name> app set_user_oidc`
+
 ## How can I customise the CSS?
 
 There is some basic stuff in the admin settings.