From efe2bccb1171ca4fd5efee2892e29d50c5046bc5 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Mon, 24 Nov 2025 08:57:51 -0800
Subject: [PATCH] tiddlywiki: Use OpenID Connect instead of pubtkt based SSO

Tests:

- Functional tests work.

- Admin user is able to access the application

- User belonging to special group is able to access the application

- Regular user is not able to access the application

- Anonymous user is not able to access the application

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 .../etc/apache2/conf-available/tiddlywiki-freedombox.conf   | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/plinth/modules/tiddlywiki/data/usr/share/freedombox/etc/apache2/conf-available/tiddlywiki-freedombox.conf b/plinth/modules/tiddlywiki/data/usr/share/freedombox/etc/apache2/conf-available/tiddlywiki-freedombox.conf
index a69f78417..6afaa0e38 100644
--- a/plinth/modules/tiddlywiki/data/usr/share/freedombox/etc/apache2/conf-available/tiddlywiki-freedombox.conf
+++ b/plinth/modules/tiddlywiki/data/usr/share/freedombox/etc/apache2/conf-available/tiddlywiki-freedombox.conf
@@ -6,10 +6,8 @@ Alias /tiddlywiki /var/lib/tiddlywiki
 
 <Location /tiddlywiki>
     SetEnvIf Request_Method HEAD no-gzip
-    Include includes/freedombox-single-sign-on.conf
-    <IfModule mod_auth_pubtkt.c>
-        TKTAuthToken "admin" "wiki"
-    </IfModule>
+    Use AuthOpenIDConnect
+    Use RequireGroup wiki
 
     # Disable caching
     <IfModule mod_headers.c>