{t("Security")} - {getAppName()}

import { Alert, Badge, Code, Divider, Stack, Text, Title } from "@mantine/core"; import { IconInfoCircle, IconLock, IconShieldCheck } from "@tabler/icons-react"; import { Helmet } from "react-helmet-async"; import { useTranslation } from "react-i18next"; import SettingsTitle from "@/components/settings/settings-title"; import { getAppName } from "@/lib/config"; import { useOidcStatusQuery } from "../queries/oidc-status.queries"; import useUserRole from "@/hooks/use-user-role"; export default function AcadeniceSecurityPage() { const { t } = useTranslation(); const { isAdmin } = useUserRole(); const { data: oidc, isLoading } = useOidcStatusQuery(); if (!isAdmin) { return ( {t("You do not have permission to view security settings.")} ); } return ( <> {t("Security")} - {getAppName()} } color="blue" variant="light" mb="lg" > {t( "Security settings are configured server-side via environment variables. Contact your system administrator to modify them.", )} <IconShieldCheck size={18} style={{ marginRight: 6, verticalAlign: "middle" }} /> {t("Single Sign-On (OIDC)")} {isLoading ? ( {t("Loading...")} ) : ( {t("Status")}:{" "} {oidc?.enabled ? t("Enabled") : t("Disabled")} {oidc?.enabled && ( <> {oidc.providerName && ( {t("Provider")}: {oidc.providerName} )} {oidc.issuer && ( {t("Issuer")}: {oidc.issuer} )} {oidc.scopes && ( {t("Scopes")}: {oidc.scopes} )} {oidc.redirectUri && ( {t("Redirect URI")}: {oidc.redirectUri} )} {oidc.loginUrl && ( {t("Login URL")}:{" "}


                    {typeof window !== "undefined"
                      ? window.location.origin + oidc.loginUrl
                      : oidc.loginUrl}

)} )} )} {t("Configuration")} {t( "OIDC is configured via environment variables on the server. The following variables are supported:", )} {[ { key: "OIDC_ENABLED", desc: t("Enable OIDC login (true/false)") }, { key: "OIDC_ISSUER", desc: t("Provider discovery URL") }, { key: "OIDC_CLIENT_ID", desc: t("OAuth2 client ID") }, { key: "OIDC_CLIENT_SECRET", desc: t("OAuth2 client secret (server-only, never exposed)"), }, { key: "OIDC_REDIRECT_URI", desc: t("Callback URL (optional)") }, { key: "OIDC_SCOPES", desc: t("OAuth2 scopes (default: openid email profile)"), }, { key: "OIDC_PROVIDER_NAME", desc: t("Label shown on login button"), }, { key: "OIDC_AUTO_PROVISION", desc: t("Auto-create user on first login (true/false)"), }, ].map(({ key, desc }) => ( {key} — {desc} ))} <IconLock size={16} style={{ marginRight: 4, verticalAlign: "middle" }} /> {t("API keys")} {t( "Personal API keys can be managed from Account > API keys. Rotate them every 90 days. Never commit tokens to source control.", )} ); }