refactor: Remove NEXTCLOUD_OIDC_CLIENT_STORAGE environment variable
Remove the NEXTCLOUD_OIDC_CLIENT_STORAGE environment variable from all configuration files. OAuth client credentials are now always stored in the SQLite database, with no option to use a custom JSON file path. Changes: - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from .env.keycloak.sample - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from docker-compose.yml (mcp-oauth and mcp-keycloak services) - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from Helm deployment template - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from test_cli.py test assertions - Remove --headed flag from pytest addopts (use CLI arg instead) This simplifies configuration by enforcing a single storage mechanism (SQLite database) for OAuth client credentials. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Chris Coutinho
@@ -68,9 +68,6 @@ ENABLE_OFFLINE_ACCESS=true
|
|||||||
# Path to SQLite database for token storage
|
# Path to SQLite database for token storage
|
||||||
TOKEN_STORAGE_DB=/app/data/tokens.db
|
TOKEN_STORAGE_DB=/app/data/tokens.db
|
||||||
|
|
||||||
# OAuth client storage (for MCP internal use)
|
|
||||||
NEXTCLOUD_OIDC_CLIENT_STORAGE=/app/.oauth/keycloak_oauth_client.json
|
|
||||||
|
|
||||||
# ==============================================================================
|
# ==============================================================================
|
||||||
# DOCKER COMPOSE NOTES
|
# DOCKER COMPOSE NOTES
|
||||||
# ==============================================================================
|
# ==============================================================================
|
||||||
|
|||||||
@@ -78,8 +78,6 @@ spec:
|
|||||||
value: {{ include "nextcloud-mcp-server.mcpServerUrl" . | quote }}
|
value: {{ include "nextcloud-mcp-server.mcpServerUrl" . | quote }}
|
||||||
- name: NEXTCLOUD_PUBLIC_ISSUER_URL
|
- name: NEXTCLOUD_PUBLIC_ISSUER_URL
|
||||||
value: {{ include "nextcloud-mcp-server.publicIssuerUrl" . | quote }}
|
value: {{ include "nextcloud-mcp-server.publicIssuerUrl" . | quote }}
|
||||||
- name: NEXTCLOUD_OIDC_CLIENT_STORAGE
|
|
||||||
value: "/app/.oauth/nextcloud_oauth_client.json"
|
|
||||||
- name: NEXTCLOUD_OIDC_SCOPES
|
- name: NEXTCLOUD_OIDC_SCOPES
|
||||||
value: {{ .Values.auth.oauth.scopes | quote }}
|
value: {{ .Values.auth.oauth.scopes | quote }}
|
||||||
{{- if .Values.auth.oauth.clientId }}
|
{{- if .Values.auth.oauth.clientId }}
|
||||||
|
|||||||
@@ -94,7 +94,6 @@ services:
|
|||||||
- NEXTCLOUD_HOST=http://app:80
|
- NEXTCLOUD_HOST=http://app:80
|
||||||
- NEXTCLOUD_MCP_SERVER_URL=http://localhost:8001
|
- NEXTCLOUD_MCP_SERVER_URL=http://localhost:8001
|
||||||
- NEXTCLOUD_PUBLIC_ISSUER_URL=http://localhost:8080
|
- NEXTCLOUD_PUBLIC_ISSUER_URL=http://localhost:8080
|
||||||
- NEXTCLOUD_OIDC_CLIENT_STORAGE=/app/.oauth/nextcloud_oauth_client.json
|
|
||||||
- NEXTCLOUD_OIDC_SCOPES=openid profile email notes:read notes:write calendar:read calendar:write contacts:read contacts:write cookbook:read cookbook:write deck:read deck:write tables:read tables:write files:read files:write sharing:read sharing:write todo:read todo:write
|
- NEXTCLOUD_OIDC_SCOPES=openid profile email notes:read notes:write calendar:read calendar:write contacts:read contacts:write cookbook:read cookbook:write deck:read deck:write tables:read tables:write files:read files:write sharing:read sharing:write todo:read todo:write
|
||||||
|
|
||||||
# Refresh token storage (ADR-002 Tier 1)
|
# Refresh token storage (ADR-002 Tier 1)
|
||||||
@@ -159,7 +158,6 @@ services:
|
|||||||
- ENABLE_OFFLINE_ACCESS=true
|
- ENABLE_OFFLINE_ACCESS=true
|
||||||
- TOKEN_ENCRYPTION_KEY=ESF1BvEQdGYsCluwMx9Cxvw3uh5pFowPH7Rg_nIliyo=
|
- TOKEN_ENCRYPTION_KEY=ESF1BvEQdGYsCluwMx9Cxvw3uh5pFowPH7Rg_nIliyo=
|
||||||
- TOKEN_STORAGE_DB=/app/data/tokens.db
|
- TOKEN_STORAGE_DB=/app/data/tokens.db
|
||||||
- NEXTCLOUD_OIDC_CLIENT_STORAGE=/app/.oauth/external_idp_oauth_client.json
|
|
||||||
|
|
||||||
# OAuth scopes (optional - uses defaults if not specified)
|
# OAuth scopes (optional - uses defaults if not specified)
|
||||||
- NEXTCLOUD_OIDC_SCOPES=openid profile email offline_access notes:read notes:write calendar:read calendar:write contacts:read contacts:write cookbook:read cookbook:write deck:read deck:write tables:read tables:write files:read files:write sharing:read sharing:write todo:read todo:write
|
- NEXTCLOUD_OIDC_SCOPES=openid profile email offline_access notes:read notes:write calendar:read calendar:write contacts:read contacts:write cookbook:read cookbook:write deck:read deck:write tables:read tables:write files:read files:write sharing:read sharing:write todo:read todo:write
|
||||||
|
|||||||
+1
-1
@@ -42,7 +42,7 @@ Changelog = "https://github.com/cbcoutinho/nextcloud-mcp-server/blob/master/CHAN
|
|||||||
|
|
||||||
[tool.pytest.ini_options]
|
[tool.pytest.ini_options]
|
||||||
anyio_mode = "auto"
|
anyio_mode = "auto"
|
||||||
addopts = "-p no:asyncio -x --headed" # Disable pytest-asyncio plugin, use only anyio
|
addopts = "-p no:asyncio -x" # Disable pytest-asyncio plugin, use only anyio
|
||||||
log_cli = 1
|
log_cli = 1
|
||||||
log_cli_level = "ERROR"
|
log_cli_level = "ERROR"
|
||||||
log_level = "ERROR"
|
log_level = "ERROR"
|
||||||
|
|||||||
@@ -23,7 +23,6 @@ def clean_env(monkeypatch):
|
|||||||
"NEXTCLOUD_PASSWORD",
|
"NEXTCLOUD_PASSWORD",
|
||||||
"NEXTCLOUD_OIDC_CLIENT_ID",
|
"NEXTCLOUD_OIDC_CLIENT_ID",
|
||||||
"NEXTCLOUD_OIDC_CLIENT_SECRET",
|
"NEXTCLOUD_OIDC_CLIENT_SECRET",
|
||||||
"NEXTCLOUD_OIDC_CLIENT_STORAGE",
|
|
||||||
"NEXTCLOUD_OIDC_SCOPES",
|
"NEXTCLOUD_OIDC_SCOPES",
|
||||||
"NEXTCLOUD_OIDC_TOKEN_TYPE",
|
"NEXTCLOUD_OIDC_TOKEN_TYPE",
|
||||||
"NEXTCLOUD_MCP_SERVER_URL",
|
"NEXTCLOUD_MCP_SERVER_URL",
|
||||||
@@ -240,9 +239,6 @@ def test_default_values(runner, clean_env, monkeypatch):
|
|||||||
"NEXTCLOUD_OIDC_TOKEN_TYPE"
|
"NEXTCLOUD_OIDC_TOKEN_TYPE"
|
||||||
),
|
),
|
||||||
"NEXTCLOUD_MCP_SERVER_URL": os.environ.get("NEXTCLOUD_MCP_SERVER_URL"),
|
"NEXTCLOUD_MCP_SERVER_URL": os.environ.get("NEXTCLOUD_MCP_SERVER_URL"),
|
||||||
"NEXTCLOUD_OIDC_CLIENT_STORAGE": os.environ.get(
|
|
||||||
"NEXTCLOUD_OIDC_CLIENT_STORAGE"
|
|
||||||
),
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
raise SystemExit(0)
|
raise SystemExit(0)
|
||||||
@@ -267,9 +263,6 @@ def test_default_values(runner, clean_env, monkeypatch):
|
|||||||
)
|
)
|
||||||
assert captured_env["NEXTCLOUD_OIDC_TOKEN_TYPE"] == "bearer"
|
assert captured_env["NEXTCLOUD_OIDC_TOKEN_TYPE"] == "bearer"
|
||||||
assert captured_env["NEXTCLOUD_MCP_SERVER_URL"] == "http://localhost:8000"
|
assert captured_env["NEXTCLOUD_MCP_SERVER_URL"] == "http://localhost:8000"
|
||||||
assert (
|
|
||||||
captured_env["NEXTCLOUD_OIDC_CLIENT_STORAGE"] == ".nextcloud_oauth_client.json"
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def test_oauth_token_type_case_normalization(runner, clean_env, monkeypatch):
|
def test_oauth_token_type_case_normalization(runner, clean_env, monkeypatch):
|
||||||
|
|||||||
Reference in New Issue
Block a user