auth module: add originLanding option

2025-03-26 15:57:59 +04:00
parent 838b5dc204
commit 3f95b80c3c
1 changed files with 11 additions and 2 deletions
--- a/auth/auth-module.nix
+++ b/auth/auth-module.nix
@@ -122,6 +122,11 @@ in
                "Name of users group in Kanidm, whose members have user level access to resources (service) associated with OAuth2 client authorization.";
              default = null;
            };
+            originLanding = mkOption {
+              type = types.nullOr lib.types.str;
+              description =
+                "The origin landing of the service for OAuth2 redirects.";
+            };
            originUrl = mkOption {
              type = types.nullOr lib.types.str;
              description =
@@ -238,6 +243,10 @@ in
            if attrs.linuxGroupOfClient == null
            then clientID
            else attrs.linuxGroupOfClient;
+          originLanding =
+            if attrs.originLanding == null
+            then "https://${attrs.subdomain}.${config.selfprivacy.domain}/"
+            else attrs.originLanding;
          scopeMaps =
            if attrs.scopeMaps == null
            then { "${usersGroup}" = [ "email" "openid" "profile" ]; }
@@ -282,6 +291,7 @@ in
         , clientID
         , displayName
         , enablePkce
+         , originLanding
         , originUrl
         , scopeMaps
         , useShortPreferredUsername
@@ -301,10 +311,9 @@ in
              claimMaps
              displayName
              originUrl
+              originLanding
              scopeMaps
              ;
-            originLanding =
-              "https://${subdomain}.${config.selfprivacy.domain}/";
            preferShortUsername = useShortPreferredUsername;
            allowInsecureClientDisablePkce = ! enablePkce;
            removeOrphanedClaimMaps = true;