feat(server/web): add oauth defaultStorageQuota and storageQuotaClaim (#7548)

* feat(server/web): add oauth defaultStorageQuota and storageQuotaClaim * feat(server/web): fix format and use domain.util constants * address some pr feedback * simplify oauth storage quota logic * adding tests and pr feedback * chore: cleanup --------- Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>
2025-11-14 17:36:12 +00:00 · 2024-03-01 19:46:07 -05:00 · 2024-03-01 19:46:07 -05:00 · 7303fab9d9
commit 7303fab9d9
parent 8b02f18e99
17 changed files with 208 additions and 21 deletions
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@ -67,9 +67,11 @@ Once you have a new OAuth client application configured, Immich can be configure
 | Client Secret                                        | string  | (required)           | Required. Client Secret (previous step)                                             |
 | Scope                                                | string  | openid email profile | Full list of scopes to send with the request (space delimited)                      |
 | Signing Algorithm                                    | string  | RS256                | The algorithm used to sign the id token (examples: RS256, HS256)                    |
+| Storage Label Claim                                  | string  | preferred_username   | Claim mapping for the user's storage label                                          |
+| Storage Quota Claim                                  | string  | immich_quota         | Claim mapping for the user's storage                                                |
+| Default Storage Quota (GiB)                          | number  | 0                    | Default quota for user without storage quota claim (Enter 0 for unlimited quota)    |
 | Button Text                                          | string  | Login with OAuth     | Text for the OAuth button on the web                                                |
 | Auto Register                                        | boolean | true                 | When true, will automatically register a user the first time they sign in           |
-| Storage Claim                                        | string  | preferred_username   | Claim mapping for the user's storage label                                          |
 | [Auto Launch](#auto-launch)                          | boolean | false                | When true, will skip the login page and automatically start the OAuth login process |
 | [Mobile Redirect URI Override](#mobile-redirect-uri) | URL     | (empty)              | Http(s) alternative mobile redirect URI                                             |

--- a/docs/docs/install/config-file.md
+++ b/docs/docs/install/config-file.md
@ -95,13 +95,16 @@ The default configuration looks like this:
    "issuerUrl": "",
    "clientId": "",
    "clientSecret": "",
-    "mobileOverrideEnabled": false,
-    "mobileRedirectUri": "",
    "scope": "openid email profile",
+    "signingAlgorithm": "RS256",
    "storageLabelClaim": "preferred_username",
+    "storageQuotaClaim": "immich_quota",
+    "defaultStorageQuota": 0,
    "buttonText": "Login with OAuth",
    "autoRegister": true,
-    "autoLaunch": false
+    "autoLaunch": false,
+    "mobileOverrideEnabled": false,
+    "mobileRedirectUri": ""
  },
  "passwordLogin": {
    "enabled": true