authelia: update stopped providing claims in response

This adds the default claim policy, which can be used to provide the
past behaviour for this. Services that require this still needs to be identified.

machines/gerd/services/authelia/authelia.nix

@@ -90,6 +90,20 @@ in {
           user = config.mine.shared.settings.ldap.bind_dn;
         };
       };
+
+      # authelia have changed how the by-default handles auth, so in theory everything
+      # should contact the `userinfo` endpoint. but not everything does, which leads to us
+      # having to create a default policy for this
+      # https://github.com/pulsejet/nextcloud-oidc-login/issues/311#issuecomment-2763239352
+      identity_providers.oidc.claims_policies.default.id_token = [
+        "rat"
+        "groups"
+        "email"
+        "email_verified"
+        "alt_emails"
+        "preferred_username"
+        "name"
+      ];
     };
   };
 

machines/gerd/services/nextcloud.nix

@@ -223,6 +223,7 @@ in {
     client_secret = "$pbkdf2-sha512$310000$kLNQ/1A.uasSN4g8q94jUQ$8OKNUNNumHCh8dVG5/QWys7u.y1guqFXlrL.bMm7/HKTsWhpib/W.8qlU6VU7V1Be/h14Y.fJi3RLvbkEdo2kA";
     consent_mode = "implicit";
     redirect_uris = [ "https://${svc_domain}/apps/oidc_login/oidc" ];
+    claims_policy = "default";
     scopes = [
       "openid"
       "profile"

machines/gerd/services/rallly/default.nix

@@ -106,6 +106,7 @@ in {
     client_secret = "$pbkdf2-sha512$310000$KB4UqeuVr86lEOoISSE92w$i2YGpz3wRwceiRfYnMUhZ0MboutkDPPYVWnXqiw6tUt./mgZ5kfV1ES.kcdsHhMdavhCrJfWvVTPQRJKImuUrQ";
     consent_mode = "implicit";
     redirect_uris = [ "https://${svc_domain}/api/auth/callback/oidc" ];
+    claims_policy = "default";
     scopes = [
       "openid"
       "email"