From 276e2653c814bd71580f8ce9f6a2c3715cfe272a Mon Sep 17 00:00:00 2001
From: Mark <mark@openappstack.net>
Date: Wed, 18 Dec 2019 16:07:06 +0100
Subject: [PATCH] Add nextcloud oauth client

---
 ansible/group_vars/all/oas.yml                |  1 +
 .../templates/single-sign-on-settings.yaml    | 41 ++++++++++++++++---
 flux/single-sign-on.yaml                      |  2 +-
 3 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index 35898d2b2..8aee6514f 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -23,6 +23,7 @@ grafana_admin_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/grafan
 
 # Single sign-on passwords
 userpanel_oauth_client_secret: "{{ lookup('password', '{{ cluster_dir }}/secrets/userpanel_oauth_client_secret chars=ascii_letters') }}"
+nextcloud_oauth_client_secret: "{{ lookup('password', '{{ cluster_dir }}/secrets/userpanel_oauth_client_secret chars=ascii_letters') }}"
 userbackend_postgres_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/userbackend_postgres_password chars=ascii_letters') }}"
 userbackend_admin_username: "admin"
 userbackend_admin_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/userbackend_admin_password chars=ascii_letters') }}"
diff --git a/ansible/roles/apps/templates/single-sign-on-settings.yaml b/ansible/roles/apps/templates/single-sign-on-settings.yaml
index 033d2b5e4..79e48aad6 100644
--- a/ansible/roles/apps/templates/single-sign-on-settings.yaml
+++ b/ansible/roles/apps/templates/single-sign-on-settings.yaml
@@ -10,17 +10,22 @@ loginProviderImage:
 singleSignOnHost: &SSO_HOST "sso.{{ domain }}"
 
 userpanel:
+  applicationName: &USER_PANEL user-panel
   image:
     << : &IMAGE_DEFAULTS_USER_PANEL { tag: "master", pullPolicy: "Always" }
     repository: "open.greenhost.net:4567/openappstack/user-panel/frontend"
   ingress:
     host: "admin.{{ domain }}"
-  oAuthClientSecret: "{{ userpanel_oauth_client_secret }}"
 
 userbackend:
   image:
     << : *IMAGE_DEFAULTS_USER_PANEL
     repository: "open.greenhost.net:4567/openappstack/user-panel/backend"
+  applications:
+    - name: *USER_PANEL
+      description: Administration interface to manage user accounts
+    - name: &NEXTCLOUD nextcloud
+      description: "Nextcloud Files offers an on-premise Universal File Access and sync platform with powerful collaboration capabilities and desktop, mobile and web interfaces."
   username: "{{ userbackend_admin_username }}"
   password: "{{ userbackend_admin_password }}"
   email: "{{ userbackend_admin_email }}"
@@ -29,10 +34,9 @@ userbackend:
   postgresPullPolicy: Always
   postgresPassword: "{{ userbackend_postgres_password }}"
   persistence:
-    enabled: false
-    annotations:
-      size: 1Gi
-      storageClass: "-"
+    enabled: true
+    size: 1Gi
+    storageClass: "-"
 
 hydra:
   hydra:
@@ -60,3 +64,30 @@ hydra:
           secretName: hydra-public.tls
     admin:
       enabled: false
+
+oAuthClients:
+- clientName: *USER_PANEL
+  clientSecret: "{{ userpanel_oauth_client_secret }}"
+  redirectUri: "https://admin.{{ domain }}/callback"
+  scopes: "openid profile email openappstack_roles"
+  clientUri: "https://admin.{{ domain }}"
+  clientLogoUri: "https://admin.{{ domain }}/favicon.ico"
+  tokenEndpointAuthMethod: "client_secret_basic"
+  responseTypes:
+    - "token"
+  grantTypes:
+    - "implicit"
+- clientName: *NEXTCLOUD
+  clientSecret: "{{ nextcloud_oauth_client_secret }}"
+  redirectUri: "https://files.{{ domain }}/apps/sociallogin/custom_oidc/oas"
+  scopes: "openid profile email openappstack_roles"
+  clientUri: "https://files.{{ domain }}"
+  clientLogoUri: "https://files.{{ domain }}/core/img/favicon-touch.png"
+  tokenEndpointAuthMethod: "client_secret_post"
+  responseTypes:
+    - "code"
+    - "id_token"
+  grantTypes:
+    - "authorization_code"
+    - "refresh_token"
+    - "client_credentials"
diff --git a/flux/single-sign-on.yaml b/flux/single-sign-on.yaml
index 7eaa9706c..632cc4057 100644
--- a/flux/single-sign-on.yaml
+++ b/flux/single-sign-on.yaml
@@ -10,7 +10,7 @@ spec:
   releaseName: single-sign-on
   chart:
     git: https://open.greenhost.net/openappstack/single-sign-on
-    ref: d3eef6dd037c6157683d7c252b693d7a14dca0b6
+    ref: 12fa36bdd29dcc4475b0870baa39e60b00d9f3b6
     path: ./helmchart/single-sign-on/
   valuesFrom:
     - secretKeyRef:
-- 
GitLab