refactor: Remove NEXTCLOUD_OIDC_CLIENT_STORAGE environment variable

cbcoutinho · claude · cbcoutinho · commit efbfbce0cac2 · 2025-11-02T19:08:49.000+01:00
Remove the NEXTCLOUD_OIDC_CLIENT_STORAGE environment variable from all configuration files. OAuth client credentials are now always stored in the SQLite database, with no option to use a custom JSON file path. Changes: - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from .env.keycloak.sample - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from docker-compose.yml (mcp-oauth and mcp-keycloak services) - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from Helm deployment template - Remove NEXTCLOUD_OIDC_CLIENT_STORAGE from test_cli.py test assertions - Remove --headed flag from pytest addopts (use CLI arg instead) This simplifies configuration by enforcing a single storage mechanism (SQLite database) for OAuth client credentials. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/.env.keycloak.sample b/.env.keycloak.sample
@@ -68,9 +68,6 @@ ENABLE_OFFLINE_ACCESS=true
 # Path to SQLite database for token storage
 TOKEN_STORAGE_DB=/app/data/tokens.db
 
-# OAuth client storage (for MCP internal use)
-NEXTCLOUD_OIDC_CLIENT_STORAGE=/app/.oauth/keycloak_oauth_client.json
-
 # ==============================================================================
 # DOCKER COMPOSE NOTES
 # ==============================================================================
diff --git a/charts/nextcloud-mcp-server/templates/deployment.yaml b/charts/nextcloud-mcp-server/templates/deployment.yaml
@@ -78,8 +78,6 @@ spec:
               value: {{ include "nextcloud-mcp-server.mcpServerUrl" . | quote }}
             - name: NEXTCLOUD_PUBLIC_ISSUER_URL
               value: {{ include "nextcloud-mcp-server.publicIssuerUrl" . | quote }}
-            - name: NEXTCLOUD_OIDC_CLIENT_STORAGE
-              value: "/app/.oauth/nextcloud_oauth_client.json"
             - name: NEXTCLOUD_OIDC_SCOPES
               value: {{ .Values.auth.oauth.scopes | quote }}
             {{- if .Values.auth.oauth.clientId }}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -94,7 +94,6 @@ services:
       - NEXTCLOUD_HOST=http://app:80
       - NEXTCLOUD_MCP_SERVER_URL=http://localhost:8001
       - NEXTCLOUD_PUBLIC_ISSUER_URL=http://localhost:8080
-      - NEXTCLOUD_OIDC_CLIENT_STORAGE=/app/.oauth/nextcloud_oauth_client.json
       - NEXTCLOUD_OIDC_SCOPES=openid profile email notes:read notes:write calendar:read calendar:write contacts:read contacts:write cookbook:read cookbook:write deck:read deck:write tables:read tables:write files:read files:write sharing:read sharing:write todo:read todo:write
 
       # Refresh token storage (ADR-002 Tier 1)
@@ -159,7 +158,6 @@ services:
       - ENABLE_OFFLINE_ACCESS=true
       - TOKEN_ENCRYPTION_KEY=ESF1BvEQdGYsCluwMx9Cxvw3uh5pFowPH7Rg_nIliyo=
       - TOKEN_STORAGE_DB=/app/data/tokens.db
-      - NEXTCLOUD_OIDC_CLIENT_STORAGE=/app/.oauth/external_idp_oauth_client.json
 
       # OAuth scopes (optional - uses defaults if not specified)
       - NEXTCLOUD_OIDC_SCOPES=openid profile email offline_access notes:read notes:write calendar:read calendar:write contacts:read contacts:write cookbook:read cookbook:write deck:read deck:write tables:read tables:write files:read files:write sharing:read sharing:write todo:read todo:write
diff --git a/pyproject.toml b/pyproject.toml
@@ -42,7 +42,7 @@ Changelog = "https://github.com/cbcoutinho/nextcloud-mcp-server/blob/master/CHAN
 
 [tool.pytest.ini_options]
 anyio_mode = "auto"
-addopts = "-p no:asyncio -x --headed"  # Disable pytest-asyncio plugin, use only anyio
+addopts = "-p no:asyncio -x"  # Disable pytest-asyncio plugin, use only anyio
 log_cli = 1
 log_cli_level = "ERROR"
 log_level = "ERROR"
diff --git a/tests/test_cli.py b/tests/test_cli.py
@@ -23,7 +23,6 @@ def clean_env(monkeypatch):
         "NEXTCLOUD_PASSWORD",
         "NEXTCLOUD_OIDC_CLIENT_ID",
         "NEXTCLOUD_OIDC_CLIENT_SECRET",
-        "NEXTCLOUD_OIDC_CLIENT_STORAGE",
         "NEXTCLOUD_OIDC_SCOPES",
         "NEXTCLOUD_OIDC_TOKEN_TYPE",
         "NEXTCLOUD_MCP_SERVER_URL",
@@ -240,9 +239,6 @@ def mock_get_app(*args, **kwargs):
                     "NEXTCLOUD_OIDC_TOKEN_TYPE"
                 ),
                 "NEXTCLOUD_MCP_SERVER_URL": os.environ.get("NEXTCLOUD_MCP_SERVER_URL"),
-                "NEXTCLOUD_OIDC_CLIENT_STORAGE": os.environ.get(
-                    "NEXTCLOUD_OIDC_CLIENT_STORAGE"
-                ),
             }
         )
         raise SystemExit(0)
@@ -267,9 +263,6 @@ def mock_get_app(*args, **kwargs):
     )
     assert captured_env["NEXTCLOUD_OIDC_TOKEN_TYPE"] == "bearer"
     assert captured_env["NEXTCLOUD_MCP_SERVER_URL"] == "http://localhost:8000"
-    assert (
-        captured_env["NEXTCLOUD_OIDC_CLIENT_STORAGE"] == ".nextcloud_oauth_client.json"
-    )
 
 
 def test_oauth_token_type_case_normalization(runner, clean_env, monkeypatch):
