e486e92f91
Previously, the multi-user BasicAuth mode attempted to retrieve app passwords
via OAuth client_credentials grant, which Nextcloud OIDC doesn't support.
This fix implements local storage for app passwords:
- Add app_passwords table via Alembic migration (002)
- Add store/get/delete methods to RefreshTokenStorage
- Add management API endpoints for app password provisioning:
- POST /api/v1/users/{user_id}/app-password
- GET /api/v1/users/{user_id}/app-password
- DELETE /api/v1/users/{user_id}/app-password
- Update oauth_sync.py to read from local storage
- Update Astrolabe to send app passwords to MCP server after validation
- Add app-hook to configure mcp_server_url in Nextcloud
The flow is now:
1. User creates app password in Nextcloud Security settings
2. User enters it in Astrolabe Personal Settings
3. Astrolabe validates against Nextcloud, then sends to MCP server
4. MCP server stores encrypted app password locally
5. Background sync uses locally stored password
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
17 lines
596 B
Bash
Executable File
17 lines
596 B
Bash
Executable File
#!/bin/bash
|
|
# Configure MCP server URL for Astrolabe background sync
|
|
# This URL is used by Astrolabe to send app passwords to the MCP server
|
|
|
|
set -e
|
|
|
|
# The MCP multi-user BasicAuth service runs on port 8000 inside the container
|
|
# From Nextcloud's perspective (inside Docker network), we reach it via service name
|
|
MCP_SERVER_URL="${MCP_SERVER_URL:-http://mcp-multi-user-basic:8000}"
|
|
|
|
echo "Configuring MCP server URL: $MCP_SERVER_URL"
|
|
|
|
# Set the mcp_server_url in config.php via occ
|
|
php occ config:system:set mcp_server_url --value="$MCP_SERVER_URL"
|
|
|
|
echo "MCP server URL configured successfully"
|