Chris Coutinho
804480836e
Fixes NC PHP app (Astrolabe) OAuth integration by making token validation more lenient for management API access. Problem: - Astrolabe calls Nextcloud OIDC token endpoint via internal URL (http://localhost) - Tokens are issued with iss: http://localhost (internal) - MCP server expects iss: http://localhost:8080 (external) - Token validation failed with "Invalid issuer" Solution: - Add skip_issuer_check parameter to _verify_jwt_signature() - verify_token_for_management_api() now skips both audience and issuer checks - Security maintained: signature still verified, authorization checked by API Also includes related fixes from previous session: - Update test selectors for Vue 3 UI ("Enable Semantic Search") - Fix OIDC discovery URL transformation in OAuthController.php - Add overwrite.cli.url to setup hook for proper external URLs 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
12 lines
543 B
Bash
Executable File
12 lines
543 B
Bash
Executable File
#!/bin/bash
|
|
|
|
set -euox pipefail
|
|
|
|
php /var/www/html/occ config:system:set trusted_domains 2 --value=host.docker.internal
|
|
|
|
# Set overwrite.cli.url to the external URL for OIDC discovery
|
|
# This ensures OAuth flows redirect to the correct external URL
|
|
# Important: The Astrolabe OAuth controller makes internal HTTP requests to /.well-known/openid-configuration
|
|
# which needs to return URLs reachable by external browsers (localhost:8080, not localhost:80)
|
|
php /var/www/html/occ config:system:set overwrite.cli.url --value="http://localhost:8080"
|