From 23360485a8e2f97cf0014b0a5afabd719362241f Mon Sep 17 00:00:00 2001 From: Chris Coutinho Date: Sun, 2 Nov 2025 19:08:49 +0100 Subject: [PATCH] refactor: Remove NEXTCLOUD_OIDC_CLIENT_STORAGE environment variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove the NEXTCLOUD_OIDC_CLIENT_STORAGE environment variable from all configuration files. OAuth client credentials are now always stored in the SQLite database, with no option to use a custom JSON file path. Changes: - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from .env.keycloak.sample - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from docker-compose.yml (mcp-oauth and mcp-keycloak services) - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from Helm deployment template - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from test_cli.py test assertions - Remove --headed flag from pytest addopts (use CLI arg instead) This simplifies configuration by enforcing a single storage mechanism (SQLite database) for OAuth client credentials. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .env.keycloak.sample | 3 --- charts/nextcloud-mcp-server/templates/deployment.yaml | 2 -- docker-compose.yml | 2 -- pyproject.toml | 2 +- tests/test_cli.py | 7 ------- 5 files changed, 1 insertion(+), 15 deletions(-) diff --git a/.env.keycloak.sample b/.env.keycloak.sample index 198404b..fe9a4f4 100644 --- a/.env.keycloak.sample +++ b/.env.keycloak.sample @@ -68,9 +68,6 @@ ENABLE_OFFLINE_ACCESS=true # Path to SQLite database for token storage TOKEN_STORAGE_DB=/app/data/tokens.db -# OAuth client storage (for MCP internal use) -NEXTCLOUD_OIDC_CLIENT_STORAGE=/app/.oauth/keycloak_oauth_client.json - # ============================================================================== # DOCKER COMPOSE NOTES # ============================================================================== diff --git a/charts/nextcloud-mcp-server/templates/deployment.yaml b/charts/nextcloud-mcp-server/templates/deployment.yaml index eac0ac4..09e21b1 100644 --- a/charts/nextcloud-mcp-server/templates/deployment.yaml +++ b/charts/nextcloud-mcp-server/templates/deployment.yaml @@ -78,8 +78,6 @@ spec: value: {{ include "nextcloud-mcp-server.mcpServerUrl" . | quote }} - name: NEXTCLOUD_PUBLIC_ISSUER_URL value: {{ include "nextcloud-mcp-server.publicIssuerUrl" . | quote }} - - name: NEXTCLOUD_OIDC_CLIENT_STORAGE - value: "/app/.oauth/nextcloud_oauth_client.json" - name: NEXTCLOUD_OIDC_SCOPES value: {{ .Values.auth.oauth.scopes | quote }} {{- if .Values.auth.oauth.clientId }} diff --git a/docker-compose.yml b/docker-compose.yml index 37e6fa2..c1cb73c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -94,7 +94,6 @@ services: - NEXTCLOUD_HOST=http://app:80 - NEXTCLOUD_MCP_SERVER_URL=http://localhost:8001 - NEXTCLOUD_PUBLIC_ISSUER_URL=http://localhost:8080 - - NEXTCLOUD_OIDC_CLIENT_STORAGE=/app/.oauth/nextcloud_oauth_client.json - NEXTCLOUD_OIDC_SCOPES=openid profile email notes:read notes:write calendar:read calendar:write contacts:read contacts:write cookbook:read cookbook:write deck:read deck:write tables:read tables:write files:read files:write sharing:read sharing:write todo:read todo:write # Refresh token storage (ADR-002 Tier 1) @@ -159,7 +158,6 @@ services: - ENABLE_OFFLINE_ACCESS=true - TOKEN_ENCRYPTION_KEY=ESF1BvEQdGYsCluwMx9Cxvw3uh5pFowPH7Rg_nIliyo= - TOKEN_STORAGE_DB=/app/data/tokens.db - - NEXTCLOUD_OIDC_CLIENT_STORAGE=/app/.oauth/external_idp_oauth_client.json # OAuth scopes (optional - uses defaults if not specified) - NEXTCLOUD_OIDC_SCOPES=openid profile email offline_access notes:read notes:write calendar:read calendar:write contacts:read contacts:write cookbook:read cookbook:write deck:read deck:write tables:read tables:write files:read files:write sharing:read sharing:write todo:read todo:write diff --git a/pyproject.toml b/pyproject.toml index 1e5fb2c..e8b6317 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -42,7 +42,7 @@ Changelog = "https://github.com/cbcoutinho/nextcloud-mcp-server/blob/master/CHAN [tool.pytest.ini_options] anyio_mode = "auto" -addopts = "-p no:asyncio -x --headed" # Disable pytest-asyncio plugin, use only anyio +addopts = "-p no:asyncio -x" # Disable pytest-asyncio plugin, use only anyio log_cli = 1 log_cli_level = "ERROR" log_level = "ERROR" diff --git a/tests/test_cli.py b/tests/test_cli.py index 4404ab6..1763ba4 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -23,7 +23,6 @@ def clean_env(monkeypatch): "NEXTCLOUD_PASSWORD", "NEXTCLOUD_OIDC_CLIENT_ID", "NEXTCLOUD_OIDC_CLIENT_SECRET", - "NEXTCLOUD_OIDC_CLIENT_STORAGE", "NEXTCLOUD_OIDC_SCOPES", "NEXTCLOUD_OIDC_TOKEN_TYPE", "NEXTCLOUD_MCP_SERVER_URL", @@ -240,9 +239,6 @@ def test_default_values(runner, clean_env, monkeypatch): "NEXTCLOUD_OIDC_TOKEN_TYPE" ), "NEXTCLOUD_MCP_SERVER_URL": os.environ.get("NEXTCLOUD_MCP_SERVER_URL"), - "NEXTCLOUD_OIDC_CLIENT_STORAGE": os.environ.get( - "NEXTCLOUD_OIDC_CLIENT_STORAGE" - ), } ) raise SystemExit(0) @@ -267,9 +263,6 @@ def test_default_values(runner, clean_env, monkeypatch): ) assert captured_env["NEXTCLOUD_OIDC_TOKEN_TYPE"] == "bearer" assert captured_env["NEXTCLOUD_MCP_SERVER_URL"] == "http://localhost:8000" - assert ( - captured_env["NEXTCLOUD_OIDC_CLIENT_STORAGE"] == ".nextcloud_oauth_client.json" - ) def test_oauth_token_type_case_normalization(runner, clean_env, monkeypatch):