fix(ops/keycloak): update client ID and client secret

This points to a "GitHub App" now
("https://github.com/organizations/tvlfyi/settings/apps"), rather than an
"OAuth App"
("https://github.com/organizations/tvlfyi/settings/applications").

Apparently this makes a big difference, and we should be using a "GitHub
App", not an "OAuth App".

The defails on why are in
https://github.com/keycloak/keycloak/issues/9429#issuecomment-1578953468

The App can be configured at
https://github.com/organizations/tvlfyi/settings/apps/tvl-keycloak .

With this, we should get rid of spurious Exceptions with some GitHub
users trying to log in, hopefully fixing https://b.tvl.fyi/issues/201.

Change-Id: I25d0d6cd1b05ad54ed3d760d3a48ce1f430c0e7d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12413
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This commit is contained in:
Florian Klink 2024-09-01 15:38:38 +03:00 committed by clbot
parent ebf4647976
commit 7eb6900129
2 changed files with 1 additions and 1 deletions

View file

@ -36,7 +36,7 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" {
resource "keycloak_oidc_identity_provider" "github" { resource "keycloak_oidc_identity_provider" "github" {
alias = "github" alias = "github"
provider_id = "github" provider_id = "github"
client_id = "6d7f8bb2e82bb6739556" client_id = "Iv23liXfGNIr7InMg5Uo"
client_secret = var.github_client_secret client_secret = var.github_client_secret
realm = keycloak_realm.tvl.id realm = keycloak_realm.tvl.id
backchannel_supported = false backchannel_supported = false

Binary file not shown.