remove Zitadel preset mechanism

The :zitadel preset only toggled scope + PKCE, which are already
exposed as first-class config accessors (c.scope, c.pkce). The preset
added no value beyond those two lines and introduced a parallel
configuration API that was easy to forget. Drop the preset module,
the #preset dispatcher on Configuration, the template comment, the
gemspec/README mentions, and the unit/generator tests that covered
them. The pkce / pkce= accessors stay, unchanged.

Author: Fivell

README.md

@@ -6,7 +6,7 @@ OpenID Connect single sign-on for [ActiveAdmin](https://activeadmin.info/).
 
 Plugs OIDC into ActiveAdmin's existing Devise stack: JIT user provisioning, an `on_login` hook for host-owned authorization, a login-button view override, and a one-shot install generator. The OIDC protocol layer (discovery, JWKS, token verification, PKCE, nonce, state) is delegated to [`omniauth_openid_connect`](https://github.com/omniauth/omniauth_openid_connect).
 
-Used in production by the authors against [Zitadel](https://zitadel.com/); the `:zitadel` preset below covers that wiring. Other compliant OIDC providers work via the standard omniauth_openid_connect options.
+Used in production by the authors against [Zitadel](https://zitadel.com/). Other compliant OIDC providers work via the standard omniauth_openid_connect options.
 
 ## Installation
 
@@ -67,10 +67,6 @@ ActiveAdmin::Oidc.configure do |c|
   c.client_id     = ENV.fetch("OIDC_CLIENT_ID")
   c.client_secret = ENV.fetch("OIDC_CLIENT_SECRET", nil) # blank ⇒ PKCE public client
 
-  # --- Optional transport-layer preset ----------------------------------
-  # Sets scope and enables PKCE automatically when no client_secret is set.
-  # c.preset :zitadel
-
   # --- OIDC scopes ------------------------------------------------------
   # c.scope = "openid email profile"
 

activeadmin-oidc.gemspec

@@ -6,12 +6,12 @@ Gem::Specification.new do |spec|
   spec.name        = "activeadmin-oidc"
   spec.version     = ActiveAdmin::Oidc::VERSION
   spec.authors     = ["Igor Fedoronchuk"]
-  spec.summary     = "OpenID Connect SSO for ActiveAdmin with a Zitadel preset"
+  spec.summary     = "OpenID Connect SSO for ActiveAdmin"
   spec.description = <<~DESC
     activeadmin-oidc plugs generic OpenID Connect single sign-on into ActiveAdmin.
     It builds on Devise + omniauth_openid_connect and adds JIT user provisioning,
-    role mapping from provider claims, a Zitadel preset, and a single install
-    generator that wires everything up.
+    role mapping from provider claims via a host-owned on_login hook, and a
+    single install generator that wires everything up.
   DESC
   spec.license  = "MIT"
   spec.homepage = "https://github.com/fedoronchuk/activeadmin-oidc"

lib/activeadmin-oidc.rb

@@ -66,7 +66,6 @@ def default_logger
 end
 
 require "activeadmin/oidc/configuration"
-require "activeadmin/oidc/presets/zitadel"
 require "activeadmin/oidc/user_provisioner"
 require "rails/engine"
 require "activeadmin/oidc/engine"

lib/activeadmin/oidc/configuration.rb

@@ -47,16 +47,6 @@ def pkce=(value)
         @pkce_override = value
       end
 
-      def preset(name)
-        case name
-        when :zitadel
-          require "activeadmin/oidc/presets/zitadel"
-          Presets::Zitadel.apply(self)
-        else
-          raise ConfigurationError, "Unknown preset: #{name.inspect}"
-        end
-      end
-
       def validate!
         raise ConfigurationError, "issuer is required"    if issuer.blank?
         raise ConfigurationError, "client_id is required" if client_id.blank?

lib/activeadmin/oidc/presets/zitadel.rb

@@ -6,11 +6,6 @@
 # Uncomment and fill in the values for your identity provider.
 
 ActiveAdmin::Oidc.configure do |c|
-  # --- Transport-layer defaults for Zitadel ---------------------------
-  # Sets `scope = "openid email profile"` and enables PKCE automatically
-  # when no client_secret is configured (public-client mode).
-  # c.preset :zitadel
-
   # --- Provider ---------------------------------------------------------
   # c.issuer        = ENV.fetch("OIDC_ISSUER")
   # c.client_id     = ENV.fetch("OIDC_CLIENT_ID")

lib/generators/active_admin/oidc/install/templates/initializer.rb.tt

@@ -10,9 +10,9 @@
 #   bin/rails generate active_admin:oidc:install
 #
 # It must produce a working, editable starting point — initializer with
-# a commented-out Zitadel preset and sample `on_login` snippets, a
-# migration adding `provider`/`uid`/`oidc_raw_info` + a unique index to
-# `admin_users`, and a published login view override. It must be
+# sample `on_login` snippets, a migration adding
+# `provider`/`uid`/`oidc_raw_info` + a unique index to `admin_users`,
+# and a published login view override. It must be
 # idempotent (running twice does nothing bad) and refuse to run if the
 # host app doesn't have `AdminUser` or `devise`/`activeadmin`.
 RSpec.describe ActiveAdmin::Oidc::Generators::InstallGenerator do
@@ -85,10 +85,6 @@ def run_generator(args = [])
       expect(initializer).to include("ActiveAdmin::Oidc.configure do |c|")
     end
 
-    it "includes a commented-out Zitadel preset line" do
-      expect(initializer).to match(/^\s*#\s*c\.preset\s+:zitadel/)
-    end
-
     it "includes commented-out ENV reads for issuer/client_id/client_secret" do
       expect(initializer).to match(/#\s*c\.issuer\s*=\s*ENV/)
       expect(initializer).to match(/#\s*c\.client_id\s*=\s*ENV/)

spec/generators/install_generator_spec.rb

@@ -139,22 +139,6 @@
     end
   end
 
-  describe "#preset" do
-    it "applies the :zitadel preset without clobbering user-set values" do
-      config.issuer    = "https://zitadel.example.com"
-      config.client_id = "abc"
-      config.scope     = "openid custom"
-      config.preset :zitadel
-      expect(config.issuer).to eq("https://zitadel.example.com")
-      expect(config.client_id).to eq("abc")
-      expect(config.scope).to eq("openid custom")
-    end
-
-    it "raises for an unknown preset" do
-      expect { config.preset :unknown }.to raise_error(ActiveAdmin::Oidc::ConfigurationError, /unknown/i)
-    end
-  end
-
   describe "accessors" do
     it "round-trips all documented accessors" do
       config.issuer              = "https://example.com"