diff --git a/configure-user-oidc.sh b/configure-user-oidc.sh index 37cdc58..02836b2 100755 --- a/configure-user-oidc.sh +++ b/configure-user-oidc.sh @@ -11,10 +11,12 @@ configure_user_oidc() { # which leads to the user_oidc not being used during runtime. # # https://github.com/nextcloud/user_oidc/blob/v5.0.3/lib/Service/LocalIdService.php#L30 - ./occ user_oidc:provider "${ENC_OIDC_CLIENT_ID}" \ + ./occ user_oidc:provider "${ENC_OIDC_PROVIDER_IDENTIFIER}" \ --clientid="${ENC_OIDC_CLIENT_ID}" \ --clientsecret="${ENC_OIDC_SECRET}" \ --discoveryuri="${ENC_OIDC_DISCOVERY_URI}" \ + --extraClaims="${ENC_OIDC_EXTRA_CLAIMS}" \ + --mapping-uid="${ENC_OIDC_MAPPING_UID}" \ --unique-uid=0 \ --scope="${ENC_OIDC_SCOPES}" @@ -42,6 +44,10 @@ main() { fail "jq not found" fi + if [ -z "${ENC_OIDC_PROVIDER_IDENTIFIER}" ]; then + fail "ENC_OIDC_PROVIDER_IDENTIFIER not set" + fi + if [ -z "${ENC_OIDC_CLIENT_ID}" ]; then fail "ENC_OIDC_CLIENT_ID not set" fi @@ -54,11 +60,19 @@ main() { fail "ENC_OIDC_DISCOVERY_URI not set" fi + if [ -z "${ENC_OIDC_EXTRA_CLAIMS}" ]; then + fail "ENC_OIDC_EXTRA_CLAIMS not set" + fi + + if [ -z "${ENC_OIDC_MAPPING_UID}" ]; then + fail "ENC_OIDC_EXTRA_CLAIMS not set" + fi + if [ -z "${ENC_OIDC_SCOPES}" ]; then fail "ENC_OIDC_SCOPES not set" fi - provider_id="$( ./occ user_oidc:provider --output=json | jq --arg "clientId" "${ENC_OIDC_CLIENT_ID}" 'map( select(.clientId == $clientId) )[0].id' 2>/dev/null )" + provider_id="$( ./occ user_oidc:provider "${ENC_OIDC_PROVIDER_IDENTIFIER}" --output=json | jq --arg "clientId" "${ENC_OIDC_CLIENT_ID}" 'map( select(.clientId == $clientId) )[0].id' 2>/dev/null )" if [ "${provider_id}" != "null" ]; then echo "Provider already exists for client ID \"${ENC_OIDC_CLIENT_ID}\". Provider ID: ${provider_id}" @@ -69,7 +83,7 @@ main() { fail "Error creating provider with client ID \"${ENC_OIDC_CLIENT_ID}\" (occ failed)" fi - provider_id="$( ./occ user_oidc:provider --output=json | jq --arg "clientId" "${ENC_OIDC_CLIENT_ID}" 'map( select(.clientId == $clientId) )[0].id' 2>/dev/null )" + provider_id="$( ./occ user_oidc:provider "${ENC_OIDC_PROVIDER_IDENTIFIER}" --output=json | jq --arg "clientId" "${ENC_OIDC_CLIENT_ID}" 'map( select(.clientId == $clientId) )[0].id' 2>/dev/null )" if [ "${provider_id}" = "null" ]; then fail "Error creating provider with client ID \"${ENC_OIDC_CLIENT_ID}\": not found"