From e4b517cc6c365f6089d5511720ca22096a90ad42 Mon Sep 17 00:00:00 2001
From: Jens Schneider <jens.schneider.ac@posteo.de>
Date: Thu, 10 Aug 2023 14:57:04 +0200
Subject: [PATCH 1/9] feat: add oidc integration example for nextcloud (#252)

Signed-off-by: Jens Schneider <jens.schneider.ac@posteo.de>
---
 deploy/crd/nextclouds.glasskube.eu-v1.yml             | 11 +++++++++++
 .../operator/apps/nextcloud/NextcloudAppsSpec.kt      |  9 ++++++++-
 .../apps/nextcloud/dependent/NextcloudDeployment.kt   |  6 ++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/deploy/crd/nextclouds.glasskube.eu-v1.yml b/deploy/crd/nextclouds.glasskube.eu-v1.yml
index 0011ea4d..564ea1da 100644
--- a/deploy/crd/nextclouds.glasskube.eu-v1.yml
+++ b/deploy/crd/nextclouds.glasskube.eu-v1.yml
@@ -29,6 +29,17 @@ spec:
                       host:
                         type: string
                     type: object
+                  oidc:
+                    properties:
+                      name:
+                        type: string
+                      clientId:
+                        type: string
+                      clientSecret:
+                        type: string
+                      discoveryEndpoint:
+                        type: string
+                    type: object
                 type: object
               resources:
                 properties:
diff --git a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
index e830c1a9..373fa68c 100644
--- a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
+++ b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
@@ -4,9 +4,16 @@ import io.fabric8.generator.annotation.Nullable
 
 data class NextcloudAppsSpec(
     @field:Nullable
-    val office: Office? = null
+    val office: Office? = null,
+    val oidc: Oidc? = null
 ) {
     data class Office(
         val host: String
     )
+    data class Oidc(
+        val name: String,
+        val clientId: String,
+        val clientSecret: String,
+        val discoveryEndpoint: String,
+    )
 }
diff --git a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt
index 2c7269b8..3d77a997 100644
--- a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt
+++ b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt
@@ -112,6 +112,12 @@ class NextcloudDeployment : CRUDKubernetesDependentResource<Deployment, Nextclou
                                     php $OCC_PATH app:install richdocuments
                                     php $OCC_PATH app:install contacts
                                     php $OCC_PATH app:install calendar
+                                    php $OCC_PATH app:install user_oidc
+                                    php ./occ user_oidc:provider ${primary.spec.apps.oidc?.name} \
+                                        --clientid=${primary.spec.apps.oidc?.clientId} \
+                                        --clientsecret=${primary.spec.apps.oidc?.clientSecret} \
+                                        --discoveryuri=${primary.spec.apps.oidc?.discoveryEndpoint} \
+                                        --unique-uid=0
                                     true
                                 """.trimIndent()
                             )

From abee1cc2cc05eaa97e5f3430c3fc7175066bbdd7 Mon Sep 17 00:00:00 2001
From: Jens Schneider <jens.schneider.ac@posteo.de>
Date: Thu, 10 Aug 2023 15:50:21 +0200
Subject: [PATCH 2/9] style: remove redundant comma (#252)

Signed-off-by: Jens Schneider <jens.schneider.ac@posteo.de>
---
 .idea/vcs.xml                                                   | 2 +-
 .../eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.idea/vcs.xml b/.idea/vcs.xml
index 94a25f7f..35eb1ddf 100644
--- a/.idea/vcs.xml
+++ b/.idea/vcs.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
   <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+    <mapping directory="" vcs="Git" />
   </component>
 </project>
\ No newline at end of file
diff --git a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
index 373fa68c..c4b143e2 100644
--- a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
+++ b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
@@ -14,6 +14,6 @@ data class NextcloudAppsSpec(
         val name: String,
         val clientId: String,
         val clientSecret: String,
-        val discoveryEndpoint: String,
+        val discoveryEndpoint: String
     )
 }

From a24e2da7f69855e461991da9fed4abe37543c7a3 Mon Sep 17 00:00:00 2001
From: Jens Schneider <jens.schneider.ac@posteo.de>
Date: Fri, 8 Sep 2023 13:27:34 +0200
Subject: [PATCH 3/9] feat: use oidc_login as oidc provider for nextcloud
 (#252)

Moreover, read clientId and clientSecret from a Kubernetes secret and
feed it into the nextcloud pod as an environment variable.

Signed-off-by: Jens Schneider <jens.schneider.ac@posteo.de>
---
 deploy/crd/nextclouds.glasskube.eu-v1.yml     | 15 +++++---
 .../apps/nextcloud/NextcloudAppsSpec.kt       | 10 +++--
 .../nextcloud/dependent/NextcloudConfigMap.kt | 12 +++++-
 .../dependent/NextcloudDeployment.kt          | 37 ++++++++++++-------
 4 files changed, 52 insertions(+), 22 deletions(-)

diff --git a/deploy/crd/nextclouds.glasskube.eu-v1.yml b/deploy/crd/nextclouds.glasskube.eu-v1.yml
index 564ea1da..82f92981 100644
--- a/deploy/crd/nextclouds.glasskube.eu-v1.yml
+++ b/deploy/crd/nextclouds.glasskube.eu-v1.yml
@@ -33,12 +33,17 @@ spec:
                     properties:
                       name:
                         type: string
-                      clientId:
-                        type: string
-                      clientSecret:
-                        type: string
-                      discoveryEndpoint:
+                      oidcSecret:
+                        properties:
+                          name:
+                            type: string
+                        type: object
+                      issuerUrl:
                         type: string
+                    required:
+                    - name
+                    - oidcSecret
+                    - issuerUrl
                     type: object
                 type: object
               resources:
diff --git a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
index c4b143e2..ca32bdcc 100644
--- a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
+++ b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
@@ -1,6 +1,8 @@
 package eu.glasskube.operator.apps.nextcloud
 
 import io.fabric8.generator.annotation.Nullable
+import io.fabric8.generator.annotation.Required
+import io.fabric8.kubernetes.api.model.LocalObjectReference
 
 data class NextcloudAppsSpec(
     @field:Nullable
@@ -11,9 +13,11 @@ data class NextcloudAppsSpec(
         val host: String
     )
     data class Oidc(
+        @field:Required
         val name: String,
-        val clientId: String,
-        val clientSecret: String,
-        val discoveryEndpoint: String
+        @field:Required
+        val oidcSecret: LocalObjectReference,
+        @field:Required
+        val issuerUrl: String
     )
 }
diff --git a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt
index adf14efd..07e63922 100644
--- a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt
+++ b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt
@@ -56,7 +56,17 @@ class NextcloudConfigMap : CRUDKubernetesDependentResource<ConfigMap, Nextcloud>
                         "192.168.0.0/16"
                     ),
                     "log_type" to "errorlog",
-                    "log_level" to 2
+                    "log_level" to 2,
+                    spec.apps.oidc?.let { "oidc_login_provider_url" to it.issuerUrl },
+                    spec.apps.oidc?.let { "oidc_login_logout_url" to spec.host },
+                    spec.apps.oidc?.let { "oidc_login_button_text" to "Login with " + it.name },
+                    spec.apps.oidc?.let { "oidc_login_disable_registration" to false },
+                    spec.apps.oidc?.let { "oidc_login_scope" to "openid profile email"},
+                    spec.apps.oidc?.let { "oidc_login_attributes" to mapOf(
+                        "id" to "sub",
+                        "name" to "name",
+                        "mail" to "email",)
+                    },
                 ).toMap(),
                 listOfNotNull(
                     spec.apps.office?.let {
diff --git a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt
index 3d77a997..29636fdc 100644
--- a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt
+++ b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt
@@ -108,18 +108,15 @@ class NextcloudDeployment : CRUDKubernetesDependentResource<Deployment, Nextclou
                             command = listOf("sh")
                             args = listOf(
                                 "-c",
-                                """
-                                    php $OCC_PATH app:install richdocuments
-                                    php $OCC_PATH app:install contacts
-                                    php $OCC_PATH app:install calendar
-                                    php $OCC_PATH app:install user_oidc
-                                    php ./occ user_oidc:provider ${primary.spec.apps.oidc?.name} \
-                                        --clientid=${primary.spec.apps.oidc?.clientId} \
-                                        --clientsecret=${primary.spec.apps.oidc?.clientSecret} \
-                                        --discoveryuri=${primary.spec.apps.oidc?.discoveryEndpoint} \
-                                        --unique-uid=0
-                                    true
-                                """.trimIndent()
+                                listOf(
+                                    "php $OCC_PATH app:install richdocuments",
+                                    "php $OCC_PATH app:install contacts",
+                                    "php $OCC_PATH app:install calendar",
+                                    primary.spec.apps?.oidc.let {
+                                        "php $OCC_PATH app:install oidc_login"
+                                    },
+                                    "true"
+                                ).joinToString("\n") { it }
                             )
                             securityContext {
                                 runAsUser = 33
@@ -181,7 +178,8 @@ class NextcloudDeployment : CRUDKubernetesDependentResource<Deployment, Nextclou
                             name = Nextcloud.APP_NAME
                             image = Nextcloud.APP_IMAGE
                             resources = primary.spec.resources
-                            env = primary.defaultEnv + primary.databaseEnv + primary.smtpEnv + primary.storageEnv
+                            env =
+                                primary.defaultEnv + primary.databaseEnv + primary.smtpEnv + primary.oidcEnv + primary.storageEnv
                             volumeMounts {
                                 volumeMount {
                                     name = DATA_VOLUME
@@ -277,6 +275,19 @@ class NextcloudDeployment : CRUDKubernetesDependentResource<Deployment, Nextclou
             envVar("SMTP_PASSWORD") { secretKeyRef(authSecret.name, "password") }
         }
 
+    private val Nextcloud.oidcEnv
+        get() = createEnv {
+            spec.apps.oidc?.let { envVar("NC_oidc_login_client_id") { secretKeyRef(it.oidcSecret.name, "clientId") } }
+            spec.apps.oidc?.let {
+                envVar("NC_oidc_login_client_secret") {
+                    secretKeyRef(
+                        it.oidcSecret.name,
+                        "clientSecret"
+                    )
+                }
+            }
+        }
+
     private val Nextcloud.storageEnv
         get() = createEnv {
             spec.storage?.s3?.apply {

From 4e8feedd3de4754ed79bde09e270dc44485b0d10 Mon Sep 17 00:00:00 2001
From: Jens Schneider <jens.schneider.ac@posteo.de>
Date: Fri, 8 Sep 2023 13:40:15 +0200
Subject: [PATCH 4/9] docs: add documentation for nextcloud oidc support (#252)

Signed-off-by: Jens Schneider <jens.schneider.ac@posteo.de>
---
 docs/docs/03_crd-reference/nextcloud/index.md |  1 +
 docs/docs/03_crd-reference/nextcloud/oidc.md  | 21 +++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 docs/docs/03_crd-reference/nextcloud/oidc.md

diff --git a/docs/docs/03_crd-reference/nextcloud/index.md b/docs/docs/03_crd-reference/nextcloud/index.md
index a3c8e3bc..0d08dbc3 100644
--- a/docs/docs/03_crd-reference/nextcloud/index.md
+++ b/docs/docs/03_crd-reference/nextcloud/index.md
@@ -41,6 +41,7 @@ spec:
 | Name   | Type                   |        |
 |--------|------------------------|--------|
 | office | [OfficeSpec](./office) | `null` |
+| oidc   | [OidcSpec](./oidc)     | `null` |
 
 ### StorageSpec {#storage}
 
diff --git a/docs/docs/03_crd-reference/nextcloud/oidc.md b/docs/docs/03_crd-reference/nextcloud/oidc.md
new file mode 100644
index 00000000..741480a4
--- /dev/null
+++ b/docs/docs/03_crd-reference/nextcloud/oidc.md
@@ -0,0 +1,21 @@
+# Oidc
+
+The Glasskube operator can configure the [`oidc_login`](https://apps.nextcloud.com/apps/oidc_login) nextcloud app for you. Currently, the operator only passes the most basic configuration options throuh.
+
+## Example
+
+```yaml title=spec.apps.office
+    oidc:
+      name: my-oidc-issuer
+      issuerUrl: https://my-oidc-issuer.org
+      oidcSecret:
+        name: oidc-login
+```
+
+## Spec
+
+| Name       | Type                                                                                                                   |            |
+|------------|------------------------------------------------------------------------------------------------------------------------|------------|
+| name       | String                                                                                                                 | (required) |
+| issuerUrl  | String                                                                                                                 | (required) |
+| oidcSecret | [LocalObjectReference](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/local-object-reference/) | (required) |

From be7b634eb1749b91f698f743516c182681a6d8d6 Mon Sep 17 00:00:00 2001
From: Jens Schneider <jens.schneider.ac@posteo.de>
Date: Fri, 8 Sep 2023 13:49:19 +0200
Subject: [PATCH 5/9] style: remove redundant commas (#252)

Signed-off-by: Jens Schneider <jens.schneider.ac@posteo.de>
---
 .../apps/nextcloud/dependent/NextcloudConfigMap.kt | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt
index 07e63922..fc299787 100644
--- a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt
+++ b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt
@@ -61,12 +61,14 @@ class NextcloudConfigMap : CRUDKubernetesDependentResource<ConfigMap, Nextcloud>
                     spec.apps.oidc?.let { "oidc_login_logout_url" to spec.host },
                     spec.apps.oidc?.let { "oidc_login_button_text" to "Login with " + it.name },
                     spec.apps.oidc?.let { "oidc_login_disable_registration" to false },
-                    spec.apps.oidc?.let { "oidc_login_scope" to "openid profile email"},
-                    spec.apps.oidc?.let { "oidc_login_attributes" to mapOf(
-                        "id" to "sub",
-                        "name" to "name",
-                        "mail" to "email",)
-                    },
+                    spec.apps.oidc?.let { "oidc_login_scope" to "openid profile email" },
+                    spec.apps.oidc?.let {
+                        "oidc_login_attributes" to mapOf(
+                            "id" to "sub",
+                            "name" to "name",
+                            "mail" to "email"
+                        )
+                    }
                 ).toMap(),
                 listOfNotNull(
                     spec.apps.office?.let {

From 506a416f296552e240e13dbef635187e3a487a50 Mon Sep 17 00:00:00 2001
From: Jens Schneider <jens.schneider.ac@posteo.de>
Date: Fri, 8 Sep 2023 13:49:59 +0200
Subject: [PATCH 6/9] style: remove redundat safe call (#252)

Signed-off-by: Jens Schneider <jens.schneider.ac@posteo.de>
---
 .../operator/apps/nextcloud/dependent/NextcloudDeployment.kt    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt
index 29636fdc..0e251e8b 100644
--- a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt
+++ b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudDeployment.kt
@@ -112,7 +112,7 @@ class NextcloudDeployment : CRUDKubernetesDependentResource<Deployment, Nextclou
                                     "php $OCC_PATH app:install richdocuments",
                                     "php $OCC_PATH app:install contacts",
                                     "php $OCC_PATH app:install calendar",
-                                    primary.spec.apps?.oidc.let {
+                                    primary.spec.apps.oidc.let {
                                         "php $OCC_PATH app:install oidc_login"
                                     },
                                     "true"

From 7dc2a22900273597266d00325dd84b31d749b76f Mon Sep 17 00:00:00 2001
From: Jens Schneider <jens.schneider.ac@posteo.de>
Date: Fri, 8 Sep 2023 13:50:42 +0200
Subject: [PATCH 7/9] fix: define oidc spec as nullable (#252)

Signed-off-by: Jens Schneider <jens.schneider.ac@posteo.de>
---
 deploy/crd/nextclouds.glasskube.eu-v1.yml                        | 1 +
 .../eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/deploy/crd/nextclouds.glasskube.eu-v1.yml b/deploy/crd/nextclouds.glasskube.eu-v1.yml
index 82f92981..2fff5f89 100644
--- a/deploy/crd/nextclouds.glasskube.eu-v1.yml
+++ b/deploy/crd/nextclouds.glasskube.eu-v1.yml
@@ -30,6 +30,7 @@ spec:
                         type: string
                     type: object
                   oidc:
+                    nullable: true
                     properties:
                       name:
                         type: string
diff --git a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
index ca32bdcc..08359d2c 100644
--- a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
+++ b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/NextcloudAppsSpec.kt
@@ -7,6 +7,7 @@ import io.fabric8.kubernetes.api.model.LocalObjectReference
 data class NextcloudAppsSpec(
     @field:Nullable
     val office: Office? = null,
+    @field:Nullable
     val oidc: Oidc? = null
 ) {
     data class Office(

From ee5831de3f01263a7f4721fea0b1a8ccb5b3aee9 Mon Sep 17 00:00:00 2001
From: Jens Schneider <jens.schneider.ac@posteo.de>
Date: Fri, 15 Sep 2023 15:07:23 +0200
Subject: [PATCH 8/9] docs: add description for oidcSecret (#252)

Signed-off-by: Jens Schneider <jens.schneider.ac@posteo.de>
---
 docs/docs/03_crd-reference/nextcloud/oidc.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/docs/03_crd-reference/nextcloud/oidc.md b/docs/docs/03_crd-reference/nextcloud/oidc.md
index 741480a4..73a20ea2 100644
--- a/docs/docs/03_crd-reference/nextcloud/oidc.md
+++ b/docs/docs/03_crd-reference/nextcloud/oidc.md
@@ -19,3 +19,10 @@ The Glasskube operator can configure the [`oidc_login`](https://apps.nextcloud.c
 | name       | String                                                                                                                 | (required) |
 | issuerUrl  | String                                                                                                                 | (required) |
 | oidcSecret | [LocalObjectReference](https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/local-object-reference/) | (required) |
+
+### OidcSecret
+
+| Key          | Description                                                |            |
+|--------------|------------------------------------------------------------|------------|
+| clientId     | Id of the client/application in your OIDC provider         | (required) |
+| clientSecret | Secret corresponding to the clientId in your OIDC provider | (required) |

From e3b360f6649871653b167e9ff710793deb2e4f5a Mon Sep 17 00:00:00 2001
From: Jens Schneider <jens.schneider.ac@posteo.de>
Date: Fri, 15 Sep 2023 15:09:03 +0200
Subject: [PATCH 9/9] style: use spread operator instead of redundant safe
 calls (#252)

Signed-off-by: Jens Schneider <jens.schneider.ac@posteo.de>
---
 .../nextcloud/dependent/NextcloudConfigMap.kt | 24 ++++++++++---------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt
index fc299787..4acf284a 100644
--- a/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt
+++ b/operator/src/main/kotlin/eu/glasskube/operator/apps/nextcloud/dependent/NextcloudConfigMap.kt
@@ -57,18 +57,20 @@ class NextcloudConfigMap : CRUDKubernetesDependentResource<ConfigMap, Nextcloud>
                     ),
                     "log_type" to "errorlog",
                     "log_level" to 2,
-                    spec.apps.oidc?.let { "oidc_login_provider_url" to it.issuerUrl },
-                    spec.apps.oidc?.let { "oidc_login_logout_url" to spec.host },
-                    spec.apps.oidc?.let { "oidc_login_button_text" to "Login with " + it.name },
-                    spec.apps.oidc?.let { "oidc_login_disable_registration" to false },
-                    spec.apps.oidc?.let { "oidc_login_scope" to "openid profile email" },
-                    spec.apps.oidc?.let {
-                        "oidc_login_attributes" to mapOf(
-                            "id" to "sub",
-                            "name" to "name",
-                            "mail" to "email"
+                    *spec.apps.oidc?.let {
+                        arrayOf(
+                            "oidc_login_provider_url" to it.issuerUrl,
+                            "oidc_login_logout_url" to spec.host,
+                            "oidc_login_button_text" to "Login with " + it.name,
+                            "oidc_login_disable_registration" to false,
+                            "oidc_login_scope" to "openid profile email",
+                            "oidc_login_attributes" to mapOf(
+                                "id" to "sub",
+                                "name" to "name",
+                                "mail" to "email"
+                            )
                         )
-                    }
+                    }.orEmpty()
                 ).toMap(),
                 listOfNotNull(
                     spec.apps.office?.let {