OIDC: Improve CLI commands and add AuthIssuer to users and sessions #782

Signed-off-by: Michael Mayer <michael@photoprism.app>
2025-12-12 08:44:04 +01:00 · 2024-07-09 11:01:59 +02:00
parent e87f32fa5c
commit fe9caaa83b
26 changed files with 200 additions and 68 deletions
--- a/internal/commands/users.go
+++ b/internal/commands/users.go
@@ -4,14 +4,17 @@ import (
 	"github.com/urfave/cli"

 	"github.com/photoprism/photoprism/internal/auth/acl"
+	"github.com/photoprism/photoprism/pkg/authn"
 )

 // Usage hints for the user management subcommands.
 const (
 	UserNameUsage     = "full `NAME` for display in the interface"
 	UserEmailUsage    = "unique `EMAIL` address of the user"
-	UserPasswordUsage = "`PASSWORD` for local authentication"
-	UserRoleUsage     = "user role `NAME` (leave blank for default)"
+	UserPasswordUsage = "`PASSWORD` for local authentication (8-72 characters)"
+	UserRoleUsage     = "user account `ROLE` (admin or guest)"
+	UserAuthUsage     = "authentication `PROVIDER` (default, local, oidc or none)"
+	UserAuthIDUsage   = "authentication `ID` e.g. Subject ID or Distinguished Name (DN)"
 	UserAdminUsage    = "make user super admin with full access"
 	UserNoLoginUsage  = "disable login on the web interface"
 	UserWebDAVUsage   = "allow to sync files via WebDAV"
@@ -53,6 +56,16 @@ var UserFlags = []cli.Flag{
 		Usage: UserRoleUsage,
 		Value: acl.RoleAdmin.String(),
 	},
+	cli.StringFlag{
+		Name:  "auth, A",
+		Usage: UserAuthUsage,
+		Value: authn.ProviderDefault.String(),
+	},
+	cli.StringFlag{
+		Name:  "auth-id",
+		Usage: UserAuthIDUsage,
+		Value: "",
+	},
 	cli.BoolFlag{
 		Name:  "superadmin, s",
 		Usage: UserAdminUsage,