about summary refs log tree commit diff
path: root/ops/keycloak/main.tf
diff options
context:
space:
mode:
Diffstat (limited to 'ops/keycloak/main.tf')
-rw-r--r--ops/keycloak/main.tf21
1 files changed, 21 insertions, 0 deletions
diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf
index 312e8ac61f..95902476bb 100644
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@@ -38,3 +38,24 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" {
     "organizationalPerson",
   ]
 }
+
+resource "keycloak_openid_client" "oauth2_proxy" {
+  realm_id              = keycloak_realm.tvl.id
+  client_id             = "oauth2-proxy"
+  name                  = "TVL OAuth2 Proxy"
+  enabled               = true
+  access_type           = "CONFIDENTIAL"
+  standard_flow_enabled = true
+
+  valid_redirect_uris = [
+    "https://login.tvl.fyi/oauth2/callback"
+  ]
+}
+
+resource "keycloak_openid_audience_protocol_mapper" "panettone_audience" {
+  realm_id  = keycloak_realm.tvl.id
+  client_id = keycloak_openid_client.oauth2_proxy.id
+  name      = "panettone-audience"
+
+  included_custom_audience = "b"
+}
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-05-18T15ยท43+0000