refactor: Remove unnecessary user_oidc patch - CORSMiddleware patch is sufficient
Testing confirmed that the CORSMiddleware Bearer token patch (from upstream commit 8fb5e77db82) alone is sufficient to enable Bearer token authentication for all Nextcloud APIs, including app-specific endpoints like Notes and Calendar. The user_oidc patch (which sets the app_api session flag) is not required when the CORSMiddleware patch is applied, as it fixes the root cause by allowing Bearer tokens to bypass CORS/CSRF checks at the framework level. Validation: - Restarted Nextcloud with user_oidc patch disabled - Ran all 11 Keycloak integration tests - All tests passed without the user_oidc patch Updated documentation in 10-install-user_oidc-app.sh to explain why the patch is no longer needed. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Chris Coutinho
@@ -15,4 +15,7 @@ php /var/www/html/occ config:system:set user_oidc httpclient.allowselfsigned --v
|
||||
# This enables user_oidc to fetch JWKS from internal Keycloak container
|
||||
php /var/www/html/occ config:system:set allow_local_remote_servers --value=true --type=boolean
|
||||
|
||||
patch -u /var/www/html/custom_apps/user_oidc/lib/User/Backend.php -i /docker-entrypoint-hooks.d/patches/0001-Fix-Bearer-token-authentication-causing-session-logo.patch
|
||||
# Note: The user_oidc app_api session flag patch is NOT required when using the
|
||||
# CORSMiddleware Bearer token patch (20-apply-cors-bearer-token-patch.sh).
|
||||
# The CORSMiddleware patch fixes the root cause by allowing Bearer tokens to bypass
|
||||
# CORS/CSRF checks at the framework level.
|
||||
|
||||
Reference in New Issue
Block a user