feat: Moved open_id configuration from core to rozier bundle

composer.json

@@ -86,21 +86,21 @@
         "symfony/phpunit-bridge": "5.4.*",
         "symfony/web-profiler-bundle": "5.4.*",
         "roadiz/doc-generator": "~2.0.0",
-        "roadiz/rozier":                           "dev-develop",
+        "roadiz/rozier": "dev-develop",
         "roadiz/dts-generator": "~2.0.0",
-        "roadiz/openid":                           "dev-develop",
-        "roadiz/documents":                        "dev-develop",
-        "roadiz/entity-generator":                 "dev-main",
-        "roadiz/markdown":                         "dev-develop",
-        "roadiz/models":                           "dev-develop",
-        "roadiz/random":                           "dev-main",
-        "roadiz/jwt":                              "dev-main",
-        "roadiz/nodetype-contracts":               "~1.1.0 || dev-main",
-        "rezozero/crypto":                         "^1.0.0",
-        "phpoffice/phpspreadsheet":                "^1.15",
-        "rezozero/intervention-request-bundle":    "~2.0.0",
-        "symfony/rate-limiter":                    "5.4.*",
-        "rezozero/tree-walker":                    "^1.1.0",
+        "roadiz/openid": "dev-develop",
+        "roadiz/documents": "dev-develop",
+        "roadiz/entity-generator": "~2.0.1",
+        "roadiz/markdown": "dev-develop",
+        "roadiz/models": "dev-develop",
+        "roadiz/random": "dev-main",
+        "roadiz/jwt": "~2.0.0",
+        "roadiz/nodetype-contracts": "~1.1.2",
+        "rezozero/crypto": "^1.0.0",
+        "phpoffice/phpspreadsheet": "^1.15",
+        "rezozero/intervention-request-bundle": "~2.0.0",
+        "symfony/rate-limiter": "5.4.*",
+        "rezozero/tree-walker": "^1.1.0",
         "pimple/pimple": "*"
     },
     "config": {

config/packages/roadiz_core.yaml

@@ -23,20 +23,5 @@ roadiz_core:
                 core: '%env(string:SOLR_CORE_NAME)%'
                 port: '%env(string:SOLR_PORT)%'
                 path: /
-    open_id:
-        # Verify User info in JWT at each login
-        verify_user_info: true
-        # Standard OpenID autodiscovery URL, required to enable OpenId login in Roadiz CMS.
-        discovery_url: '%env(string:OPEN_ID_DISCOVERY_URL)%'
-        # For public identity providers (such as Google), restrict users emails by their domain.
-        hosted_domain: '%env(string:OPEN_ID_HOSTED_DOMAIN)%'
-        # OpenID identity provider OAuth2 client ID
-        oauth_client_id: '%env(string:OPEN_ID_CLIENT_ID)%'
-        # OpenID identity provider OAuth2 client secret
-        oauth_client_secret: '%env(string:OPEN_ID_CLIENT_SECRET)%'
-        granted_roles:
-            - ROLE_USER
-            - ROLE_BACKEND_USER
-            - ROLE_SUPERADMIN
 
 

config/packages/roadiz_rozier.yaml

@@ -1,5 +1,21 @@
 ---
 roadiz_rozier:
+    open_id:
+        # Verify User info in JWT at each login
+        verify_user_info: false
+        # Standard OpenID autodiscovery URL, required to enable OpenId login in Roadiz CMS.
+        discovery_url: '%env(string:OPEN_ID_DISCOVERY_URL)%'
+        # For public identity providers (such as Google), restrict users emails by their domain.
+        hosted_domain: '%env(string:OPEN_ID_HOSTED_DOMAIN)%'
+        # OpenID identity provider OAuth2 client ID
+        oauth_client_id: '%env(string:OPEN_ID_CLIENT_ID)%'
+        # OpenID identity provider OAuth2 client secret
+        oauth_client_secret: '%env(string:OPEN_ID_CLIENT_SECRET)%'
+        granted_roles:
+            - ROLE_USER
+            - ROLE_BACKEND_USER
+            - ROLE_SUPERADMIN
+
     entries:
         dashboard:
             name: dashboard

config/packages/security.yaml

@@ -68,7 +68,7 @@ security:
                     - lexik_jwt_authentication.jwt_token_authenticator
             custom_authenticator:
                 - RZ\Roadiz\RozierBundle\Security\RozierAuthenticator
-                - roadiz_rozier.authenticator.open_id
+                - roadiz_rozier.open_id.authenticator
 
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used