fix(ops/keycloak): set up client for usage with oauth2_proxy
This will be useful for things like panettone, pending a NixOS module for oauth2-proxy (the upstream one is too complicated and doesn't support what we need). Change-Id: I4ca193e10a94a29b1fb9003e945896ff8eb61116 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4662 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de> Autosubmit: tazjin <mail@tazj.in>
This commit is contained in:
parent
a8923242be
commit
fc16f1e467
1 changed files with 7 additions and 7 deletions
|
@ -49,14 +49,14 @@ resource "keycloak_openid_client" "oauth2_proxy" {
|
||||||
standard_flow_enabled = true
|
standard_flow_enabled = true
|
||||||
|
|
||||||
valid_redirect_uris = [
|
valid_redirect_uris = [
|
||||||
"https://login.tvl.fyi/oauth2/callback"
|
"https://login.tvl.fyi/oauth2/callback",
|
||||||
|
"http://localhost:4774/oauth2/callback",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "keycloak_openid_audience_protocol_mapper" "panettone_audience" {
|
resource "keycloak_openid_audience_protocol_mapper" "oauth2_proxy_audience" {
|
||||||
realm_id = keycloak_realm.tvl.id
|
realm_id = keycloak_realm.tvl.id
|
||||||
client_id = keycloak_openid_client.oauth2_proxy.id
|
client_id = keycloak_openid_client.oauth2_proxy.id
|
||||||
name = "panettone-audience"
|
name = "oauth2-proxy-audience"
|
||||||
|
included_custom_audience = keycloak_openid_client.oauth2_proxy.client_id
|
||||||
included_custom_audience = "b"
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue