From 7eb6900129d5bd358af2928155d9d6471b94e0db Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 1 Sep 2024 15:38:38 +0300 Subject: [PATCH] fix(ops/keycloak): update client ID and client secret This points to a "GitHub App" now ("https://github.com/organizations/tvlfyi/settings/apps"), rather than an "OAuth App" ("https://github.com/organizations/tvlfyi/settings/applications"). Apparently this makes a big difference, and we should be using a "GitHub App", not an "OAuth App". The defails on why are in https://github.com/keycloak/keycloak/issues/9429#issuecomment-1578953468 The App can be configured at https://github.com/organizations/tvlfyi/settings/apps/tvl-keycloak . With this, we should get rid of spurious Exceptions with some GitHub users trying to log in, hopefully fixing https://b.tvl.fyi/issues/201. Change-Id: I25d0d6cd1b05ad54ed3d760d3a48ce1f430c0e7d Reviewed-on: https://cl.tvl.fyi/c/depot/+/12413 Autosubmit: flokli Reviewed-by: tazjin Tested-by: BuildkiteCI --- ops/keycloak/user_sources.tf | 2 +- ops/secrets/tf-keycloak.age | Bin 962 -> 1135 bytes 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/ops/keycloak/user_sources.tf b/ops/keycloak/user_sources.tf index f4207ba87..7fa71e36f 100644 --- a/ops/keycloak/user_sources.tf +++ b/ops/keycloak/user_sources.tf @@ -36,7 +36,7 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" { resource "keycloak_oidc_identity_provider" "github" { alias = "github" provider_id = "github" - client_id = "6d7f8bb2e82bb6739556" + client_id = "Iv23liXfGNIr7InMg5Uo" client_secret = var.github_client_secret realm = keycloak_realm.tvl.id backchannel_supported = false diff --git a/ops/secrets/tf-keycloak.age b/ops/secrets/tf-keycloak.age index 237b9377bd79e12ef426add4834066e98892a6e1..7d470a6a304e232106c20835e816140c32258cb3 100644 GIT binary patch literal 1135 zcmZ9|>xwWNXmb)Zv(@uhYvPz6OKJTh~gKW(}B7j2h%$^l{x279JfRtuO^EV zq9&LFz2E9;lU-8=Y{)mU+u!RoC&We&h9T775PCJr@h5Y|G|R?Ok|#P;1NBOx+{$A( zAK^l*l0~~N5i$(JO;A|Lr^eJuBOk<6IFFUZ_@Lw2rjc#dX)-J@dZ?(OqRn_bQf1{~ z%@c5|iTOn(X{%gIEmmoo4kA%ftQmIN!Qg~wI*vo*f>J6fG*TfjpCq+RhvHgk%N4U! zx|o2A@e0X713IH)4U%%rLKQ@UdbXhqYY^);3z)x@V8RgKB{{8!=Pj^bjldgNLJD~P_Jvb zz8GgLO-({b*}&0O!bj_7sKTcshK-<|o*S-l5}F>!DI;K&NjiZ>JF@Jw0-8;L!& zW%@#rLcst)%Vn5LMJb|Qj0kEammSvdpvP;NzY=k!K)!%!W-N?AealO-^_KZ0LNd+-g;!gd-BRMxOjB$x^w-7S?IU#o=EJQnl?_vzs~>i zdhY6L)WypOu0OE2e`k5-_-2PL4*qo(*=JdEdh6wvPu*G_lQwRCe*V|3*qx2dAKx+O zx6J2e?!5cxoc7tEY)--T(Wkv8nJkYv8Q(<@i16>IEq>=NHc$_zyAyqnQ8z literal 962 zcmZY4U1;0{0KoCV)M6}_)A{5_Q>#)rZm&?cH zlFKERiO}uIj*6RBwAc=Ov2<<-b0Ekj6()$ILpGWC!7LM;)R#G?Y~tr@egDIce@&J` zk|9`qv#Yd?{cTGQ_h2A21=@BqB#DvnaX1Nzf?b<&K^3vGFdpHvM1k*wXAG<;<(Ryv zMCPg~H?Gb)1}c-h$3Z#)XfEdT8ilSw>QIDgp#OGR%!9nL*mo&AMp0EFDfym2k%`@! zFJMkH1y<*JJ||iIOoxa@Yo^{RM3cpa7x9{O!A_Klc)LQ^^*m2_3=p0P;zXEn(n>Da z&+BFxM`krNA5GS^1f3DX90IG97gxPmb+?9@c~oXV435Jsjn_n()ibn^t3!~KP2f&B zYP)Syt7iLT6Z4CL&bdIi&Y})Z*1CkzMT(F!}ioJ+zxAH*^Ra_IGZpPqrF?J z@gy$Dpc$hH2qxKz!mz%k2Xn%lLUaB4T#Pp%jhKy*uI`sAEXTWm;Hgv^>9^8}V9AI% zrV3Y50-ho}nO0Fwa!Axdb9}v`(#ZcbEaG!U3RK3^<$N>Dd#nf*eAY5ksK-JglJsQ7 zU>J@>a^_61I!?JNKy;CeXwsURj>a3jU&Yj7GviQX1wq|(S;1Q-MWsC5;{D8jZF3!40L-wnOdsL}r-lY|nyq`q7!V4Dz@FVnGR-hc7kMXwGh)N) z^~{2gE0kjUWY4M+6z?-+73LDaq08#pi|U!!@jdFE>qC=)w~jtiOYfK`9+=)(92y*0 zTH!Lwx34|>{>?%9JFoU-i(6m1$gR&eJ*gBOesk&$dH4MBk;x08OGEdcJM`xl_ohCh zheszqxUz{|S^4GB*MAy)+8J$JN{;+?o7_D0u$HwpVmrq5?N_yLceuT8kL-VlzVYGw z(lzuTI`Kzf`11FK^Dj(qFW)+{Z|v&f`X|CUUtM@@Wy@VyoA~ji<#e7w~>xc8XX4cyRw7q4!9w21tD^y2neIB+X);tk@JpEn@n z@W8?o%;2Y{G}aHEG~S#1fqiCd-da`nN#O83og N$uDP5{W|rH`ww+FVj=(l