Reimplement UI injection (#236)

custom_components/auth_oidc/config/const.py

@@ -28,7 +28,6 @@ FEATURES_AUTOMATIC_USER_LINKING = "automatic_user_linking"
 FEATURES_AUTOMATIC_PERSON_CREATION = "automatic_person_creation"
 FEATURES_DISABLE_PKCE = "disable_rfc7636"
 FEATURES_INCLUDE_GROUPS_SCOPE = "include_groups_scope"
-FEATURES_DISABLE_FRONTEND_INJECTION = "disable_frontend_changes"
 FEATURES_FORCE_HTTPS = "force_https"
 CLAIMS = "claims"
 CLAIMS_DISPLAY_NAME = "display_name"

custom_components/auth_oidc/config/schema.py

@@ -14,7 +14,6 @@ from .const import (
     FEATURES_AUTOMATIC_PERSON_CREATION,
     FEATURES_DISABLE_PKCE,
     FEATURES_INCLUDE_GROUPS_SCOPE,
-    FEATURES_DISABLE_FRONTEND_INJECTION,
     FEATURES_FORCE_HTTPS,
     CLAIMS,
     CLAIMS_DISPLAY_NAME,
@@ -72,10 +71,6 @@ CONFIG_SCHEMA = vol.Schema(
                         vol.Optional(
                             FEATURES_INCLUDE_GROUPS_SCOPE, default=True
                         ): vol.Coerce(bool),
-                        # Disable frontend injection of OIDC login button
-                        vol.Optional(
-                            FEATURES_DISABLE_FRONTEND_INJECTION, default=False
-                        ): vol.Coerce(bool),
                         # Force HTTPS on all generated URLs (like redirect_uri)
                         vol.Optional(FEATURES_FORCE_HTTPS, default=False): vol.Coerce(
                             bool

custom_components/auth_oidc/config/ui_flow.py

@@ -621,21 +621,18 @@ class OIDCConfigFlow(config_entries.ConfigFlow, domain=DOMAIN):
             errors["client_id"] = "invalid_client_id"
             return errors, None
 
-        # Determine confidentiality by presence of client secret
-        client_secret = user_input.get(CONF_CLIENT_SECRET, "").strip()
-        # If secret is empty, keep the existing one (if any)
-        if not client_secret:
-            client_secret = entry.data.get("client_secret")
-
         # Build updated data
         data_updates = {"client_id": client_id}
 
-        if client_secret:
-            data_updates["client_secret"] = client_secret
-        elif "client_secret" in entry.data and not client_secret:
-            # Remove client secret if switching from confidential to public
-            data_updates = {**entry.data, **data_updates}
-            data_updates.pop("client_secret", None)
+        # The optional secret field is submitted explicitly when the form is used.
+        # An empty value means the user wants to keep the existing secret.
+        if CONF_CLIENT_SECRET in user_input:
+            client_secret = user_input.get(CONF_CLIENT_SECRET, "").strip()
+
+            if client_secret:
+                data_updates["client_secret"] = client_secret
+        elif "client_secret" in entry.data:
+            data_updates["client_secret"] = entry.data["client_secret"]
 
         return errors, data_updates