Open azmeuk opened 3 years ago
I have no issues with this, though I don't understand why you're deploying a new instance of the OIDC provider every time with Nextcloud.
AFAIK there is some way to update config.php
at runtime, that would be worth looking into. The client_id
and secret
should be updated only if dynamic registration is enabled AND client_id
is blank (or not present) in the configuration.
Feel free to make a PR.
I have no issues with this, though I don't understand why you're deploying a new instance of the OIDC provider every time with Nextcloud.
This is because those are different user bases, hosted at different places.
This is because those are different user bases, hosted at different places.
Regardless, why does that require you to deploy a new OIDC instance? Isn't this a one-time config?
Because the people for who I deploy nextcloud and the OIDC provider want to host their data on their own infrastructures. There is no way for me to mutualize.
It seems to be supported by OpenID-Connect-PHP
I suggest implementing the OIDC dynamic client registration protocol.
I understand that it seems in contradiction with the
one single OIDC provider
policy, but I have a concrete usecase for this feature:I have a script that automatically deploys a nextcloud instance (with nextcloud-oidc-login) and canaille OIDC provider instance. I would love nextcloud-oidc-login to be able to automatically connect to my OIDC provider.
Allowing nextcloud-oidc-login to automatically register to the provider would allow me to simply give a initial access token to both the provider and nextcloud-oidc-login, and let them plug together.
What do you think?