From 3f95b80c3c5fdc6773e69f0fe674d0fd25597ad4 Mon Sep 17 00:00:00 2001 From: Alexander Tomokhov Date: Wed, 26 Mar 2025 15:57:59 +0400 Subject: [PATCH] auth module: add originLanding option --- auth/auth-module.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/auth/auth-module.nix b/auth/auth-module.nix index 289c4eb..ffbe5d8 100644 --- a/auth/auth-module.nix +++ b/auth/auth-module.nix @@ -122,6 +122,11 @@ in "Name of users group in Kanidm, whose members have user level access to resources (service) associated with OAuth2 client authorization."; default = null; }; + originLanding = mkOption { + type = types.nullOr lib.types.str; + description = + "The origin landing of the service for OAuth2 redirects."; + }; originUrl = mkOption { type = types.nullOr lib.types.str; description = @@ -238,6 +243,10 @@ in if attrs.linuxGroupOfClient == null then clientID else attrs.linuxGroupOfClient; + originLanding = + if attrs.originLanding == null + then "https://${attrs.subdomain}.${config.selfprivacy.domain}/" + else attrs.originLanding; scopeMaps = if attrs.scopeMaps == null then { "${usersGroup}" = [ "email" "openid" "profile" ]; } @@ -282,6 +291,7 @@ in , clientID , displayName , enablePkce + , originLanding , originUrl , scopeMaps , useShortPreferredUsername @@ -301,10 +311,9 @@ in claimMaps displayName originUrl + originLanding scopeMaps ; - originLanding = - "https://${subdomain}.${config.selfprivacy.domain}/"; preferShortUsername = useShortPreferredUsername; allowInsecureClientDisablePkce = ! enablePkce; removeOrphanedClaimMaps = true;