Switch from social_login to oidc_login

README.md

@@ -131,8 +131,8 @@ These apps will then be installed when the Nextcloud pod starts. Both `default`
 ```yaml
 apps:
   default:
-    - name: sociallogin  # Installs sociallogin app
-      enabled: false     # Disables sociallogin by default
+    - name: oidc_login  # Installs oidc_login app
+      enabled: false    # Disables oidc_login by default
   custom:
     - name: polls
       enabled: false

templates/nextcloud-onlyoffice-config.yaml

@@ -144,17 +144,6 @@ data:
     # Config settings from the configmap above
     run_as "php $occ config:import /var/local/config.json"
 
-    echo "Setting custom OIDC provider data"
-
-    # Because of escape hell we can't use run_as here (unless you have amazing
-    # bash-fu)
-    su -p "www-data" -s /bin/bash -c "php $occ config:app:set sociallogin custom_providers --value='"'{"custom_oidc": [{{ .Values.sociallogin.custom_oidc | toJson }}]}'"'"
-
-    echo "Setting other sociallogin data"
-
-    run_as "php $occ config:app:set sociallogin auto_create_groups --value='{{ .Values.sociallogin.auto_create_groups }}'"
-    run_as "php $occ config:app:set sociallogin update_profile_on_login --value='{{ .Values.sociallogin.update_profile_on_login }}'"
-
     echo "disabling app store"
 
     # Disable app store again
@@ -199,6 +188,23 @@ data:
             {{- if not .Values.nextcloud.skeleton }}
             "skeletondirectory": "",
             {{- end }}
+            "oidc_login_provider_url": {{ .Values.oidc.providerUrl | quote }},
+            "oidc_login_client_id": {{ .Values.oidc.clientId | quote }},
+            "oidc_login_client_secret": {{ .Values.oidc.clientSecret | default "" | quote }},
+            "oidc_login_auto_redirect": true,
+            "oidc_login_logout_url": {{ .Values.oidc.logoutUrl | quote }},
+            "oidc_login_end_session_redirect": true,
+            "oidc_login_button_text": {{ .Values.oidc.loginButtonText | quote }},
+            "oidc_login_hide_password_form": true,
+            "oidc_login_use_id_token": true,
+            "oidc_login_attributes": {
+              "id": "stackspin_prefixed_uuid",
+              "name": "name",
+              "mail": "email",
+              "is_admin": "is_admin"
+            },
+            "oidc_login_disable_registration": false,
+            "oidc_login_webdav_enabled": true,
             "debug": {{ .Values.nextcloud.debug | quote }}
         },
         "apps":{

values-local.yaml.example

@@ -68,9 +68,9 @@ rabbitmq:
 # apps controls which apps will be installed and enabled in nextcloud
 # apps:
 #   default:
-#     - name: sociallogin
+#     - name: oidc_login
 #       # apps[0].enabled needs to be set to true if you want to enable login via an external
-#       # oauth server. In that case you need to configure all the values in `sociallogin`
+#       # oidc server. In that case you need to configure all the values in `oidc`
 #       enabled: false
 #     - name: onlyoffice
 #       enabled: true
@@ -86,34 +86,10 @@ rabbitmq:
 #       version: 3.8.1
 #       release_filename: polls-{{ .version }}.tar.gz
 #       enabled: true
-
-# sociallogin enables login via oAuth/Open-ID Connect
-# sociallogin:
-#   # Because of how we import these settings, single quotes (') are not allowed
-#   # in any of the values below
-#   custom_oidc:
-#     name: stackspin
-#     title: Stackspin
-#     # The oAuth server needs to provide the endpoints `/userinfo`,
-#     # `/oauth2/token` and `/oauth2/auth` and according to the oauth2 standard it
-#     # needs to be accessible via https with valid certificates
-#     authorizeUrl: https://sso.stackspin.example.net/oauth2/auth
-#     tokenUrl: https://sso.stackspin.example.net/oauth2/token
-#     userInfoUrl: https://sso.stackspin.example.net/userinfo
-#     logoutUrl: ""
-#     # The client name nextcloud will use to communicate with the oAuth server
-#     clientId: nextcloud
-#     # The password that nextcloud uses when communicating with the oauth server
-#     # clientSecret: YouReallyNeedToChangeThis
-#     scope: "openid profile email stackspin_roles"
-#     # The name of a claim that the nextcloud server can retrieve by querying the
-#     # userInfoUrl of the openID Connect server. For every value in the
-#     # groups_claim a corresponding group with an `stackspin_` prefix will be created
-#     # if they don't exist yet. The user will then be added to those groups.  If
-#     # the claim contains the value `admin` the user will be granted admin
-#     # privileges.
-#     groupsClaim: "stackspin_roles"
-#     style: ""
-#     defaultGroup: ""
-#     groupMapping:
-#       admin: admin
+# 
+# oidc:
+#   providerUrl: https://sso.stackspin.example.net
+#   clientId: nextcloud
+#   # clientSecret: YouReallyNeedToChangeThis
+#   logoutUrl: https://sso.stackspin.example.net/oauth2/sessions/logout
+#   loginButtonText: Log in with OIDC

values.yaml

@@ -45,22 +45,13 @@ nextcloud:
 
 apps:
   default:
-    - name: sociallogin
-      # apps[0].enabled needs to be set to true if you want to enable login via an external
-      # oauth server. In that case you need to configure all the values in `sociallogin`
-      enabled: false
-      # Line order is important here for renovatebot! first github_repository,
-      # then version
-      github_repository: zorn-v/nextcloud-social-login
-      version: v5.4.3
-      release_filename: release.tar.gz
-    - name: onlyoffice
-      # Line order is important here for renovatebot! first github_repository,
-      # then version
-      enabled: true
-      github_repository: ONLYOFFICE/onlyoffice-nextcloud
-      version: v8.2.0
-      release_filename: onlyoffice.tar.gz
+  - name: onlyoffice
+    # Line order is important here for renovatebot! first github_repository,
+    # then version
+    enabled: true
+    github_repository: ONLYOFFICE/onlyoffice-nextcloud
+    version: v8.2.0
+    release_filename: onlyoffice.tar.gz
 
 setupApps:
   # How many times the setup-apps job can try and fail before it is marked as
@@ -209,26 +200,12 @@ rabbitmq:
     # password: password
     # erlangCookie: stub
 
-sociallogin:
-  update_profile_on_login: 1
-  auto_create_groups: 1
-  # Because of how we import these settings, single quotes (') are not allowed
-  # in any of the values below
-  custom_oidc:
-    name: remote
-    title: Remote login
-    authorizeUrl: https://sso.stackspin.example.net/oauth2/auth
-    tokenUrl: https://sso.stackspin.example.net/oauth2/token
-    userInfoUrl: https://sso.stackspin.example.net/userinfo
-    logoutUrl: ""
-    clientId: nextcloud
-    # clientSecret: YouReallyNeedToChangeThis
-    scope: "openid profile email roles"
-    groupsClaim: "roles"
-    style: ""
-    defaultGroup: ""
-    groupMapping:
-      admin: admin
+oidc:
+  providerUrl: https://sso.stackspin.example.net
+  clientId: nextcloud
+  # clientSecret: YouReallyNeedToChangeThis
+  logoutUrl: https://sso.stackspin.example.net/oauth2/sessions/logout
+  loginButtonText: Log in with OIDC
 
 tests:
   image: