fix: read oidc configuration from env then config

app/routes/login.tsx

@@ -7,6 +7,7 @@ import Card from '~/components/Card'
 import Code from '~/components/Code'
 import Input from '~/components/Input'
 import { type Key } from '~/types'
+import { getContext } from '~/utils/config'
 import { pull } from '~/utils/headscale'
 import { startOidc } from '~/utils/oidc'
 import { commitSession, getSession } from '~/utils/sessions'
@@ -22,9 +23,10 @@ export async function loader({ request }: LoaderFunctionArgs) {
 		})
 	}
 
-	const issuer = process.env.OIDC_ISSUER
-	const id = process.env.OIDC_CLIENT_ID
-	const secret = process.env.OIDC_CLIENT_SECRET
+	const context = await getContext()
+	const issuer = context.oidcConfig?.issuer
+	const id = context.oidcConfig?.client
+	const secret = context.oidcConfig?.secret
 	const normal = process.env.DISABLE_API_KEY_LOGIN
 
 	if (issuer && (!id || !secret)) {
@@ -51,9 +53,13 @@ export async function loader({ request }: LoaderFunctionArgs) {
 export async function action({ request }: ActionFunctionArgs) {
 	const formData = await request.formData()
 	const oidcStart = String(formData.get('oidc-start'))
+
 	if (oidcStart) {
-		const issuer = process.env.OIDC_ISSUER
-		const id = process.env.OIDC_CLIENT_ID
+		const context = await getContext()
+		const issuer = context.oidcConfig?.issuer
+		const id = context.oidcConfig?.client
+
+		// We know it exists here because this action only happens on OIDC
 		// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
 		return startOidc(issuer!, id!, request)
 	}

app/routes/oidc.callback.tsx

@@ -1,15 +1,15 @@
 import { type LoaderFunctionArgs } from '@remix-run/node'
 
+import { getContext } from '~/utils/config'
 import { finishOidc } from '~/utils/oidc'
 
 export async function loader({ request }: LoaderFunctionArgs) {
-	const issuer = process.env.OIDC_ISSUER
-	const id = process.env.OIDC_CLIENT_ID
-	const secret = process.env.OIDC_CLIENT_SECRET
+	const context = await getContext()
+	const oidc = context.oidcConfig
 
-	if (!issuer || !id || !secret) {
+	if (!oidc) {
 		throw new Error('An invalid OIDC configuration was provided')
 	}
 
-	return finishOidc(issuer, id, secret, request)
+	return finishOidc(oidc.issuer, oidc.client, oidc.secret, request)
 }

app/utils/config.ts

@@ -162,6 +162,11 @@ type Context = {
 	hasAcl: boolean;
 	hasAclWrite: boolean;
 	headscaleUrl: string;
+	oidcConfig?: {
+		issuer: string;
+		client: string;
+		secret: string;
+	};
 }
 
 export let context: Context
@@ -174,13 +179,39 @@ export async function getContext() {
 			hasConfigWrite: await hasConfigW(),
 			hasAcl: await hasAcl(),
 			hasAclWrite: await hasAclW(),
-			headscaleUrl: await getHeadscaleUrl()
+			headscaleUrl: await getHeadscaleUrl(),
+			oidcConfig: await getOidcConfig()
 		}
 	}
 
 	return context
 }
 
+async function getOidcConfig() {
+	// Check for the OIDC environment variables first
+	let issuer = process.env.OIDC_ISSUER
+	let client = process.env.OIDC_CLIENT
+	let secret = process.env.OIDC_SECRET
+
+	if (!issuer || !client || !secret) {
+		const config = await getConfig()
+		issuer = config.oidc?.issuer
+		client = config.oidc?.client_id
+		secret = config.oidc?.client_secret
+	}
+
+	// If atleast one is defined but not all 3, throw an error
+	if ((issuer || client || secret) && !(issuer && client && secret)) {
+		throw new Error('OIDC configuration is incomplete')
+	}
+
+	if (!issuer || !client || !secret) {
+		return
+	}
+
+	return { issuer, client, secret }
+}
+
 async function getHeadscaleUrl() {
 	if (process.env.HEADSCALE_URL) {
 		return process.env.HEADSCALE_URL