From cad6bc8ca08b130feab154ab497c2b5b6ff22f94 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Sun, 23 Nov 2025 22:39:17 -0800
Subject: [PATCH] syncthing: Use OpenID Connect instead of pubtkt based SSO

Tests:

- Functional tests work.

- Admin user is able to access the application

- User belonging to special group is able to access the application

- Regular user is not able to access the application

- Anonymous user is not able to access the application

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 .../etc/apache2/conf-available/syncthing-plinth.conf        | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/plinth/modules/syncthing/data/usr/share/freedombox/etc/apache2/conf-available/syncthing-plinth.conf b/plinth/modules/syncthing/data/usr/share/freedombox/etc/apache2/conf-available/syncthing-plinth.conf
index 6ed5837cd..8122fa6dd 100644
--- a/plinth/modules/syncthing/data/usr/share/freedombox/etc/apache2/conf-available/syncthing-plinth.conf
+++ b/plinth/modules/syncthing/data/usr/share/freedombox/etc/apache2/conf-available/syncthing-plinth.conf
@@ -16,9 +16,7 @@
 
 
 <Location /syncthing/>
-    Include includes/freedombox-single-sign-on.conf
     ProxyPass http://localhost:8384/
-    <IfModule mod_auth_pubtkt.c>
-        TKTAuthToken "admin" "syncthing-access"
-    </IfModule>
+    Use AuthOpenIDConnect
+    Use RequireGroup syncthing-access
 </Location>