From fc16f1e467918b7bff59e0a18a32622e2571fead Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Sun, 26 Dec 2021 19:08:14 +0300
Subject: fix(ops/keycloak): set up client for usage with oauth2_proxy

This will be useful for things like panettone, pending a NixOS module
for oauth2-proxy (the upstream one is too complicated and doesn't
support what we need).

Change-Id: I4ca193e10a94a29b1fb9003e945896ff8eb61116
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4662
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Autosubmit: tazjin <mail@tazj.in>
---
 ops/keycloak/main.tf | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'ops/keycloak')

diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf
index d6c01442ecd3..05398a866cee 100644
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@@ -49,14 +49,14 @@ resource "keycloak_openid_client" "oauth2_proxy" {
   standard_flow_enabled = true
 
   valid_redirect_uris = [
-    "https://login.tvl.fyi/oauth2/callback"
+    "https://login.tvl.fyi/oauth2/callback",
+    "http://localhost:4774/oauth2/callback",
   ]
 }
 
-resource "keycloak_openid_audience_protocol_mapper" "panettone_audience" {
-  realm_id  = keycloak_realm.tvl.id
-  client_id = keycloak_openid_client.oauth2_proxy.id
-  name      = "panettone-audience"
-
-  included_custom_audience = "b"
+resource "keycloak_openid_audience_protocol_mapper" "oauth2_proxy_audience" {
+  realm_id                 = keycloak_realm.tvl.id
+  client_id                = keycloak_openid_client.oauth2_proxy.id
+  name                     = "oauth2-proxy-audience"
+  included_custom_audience = keycloak_openid_client.oauth2_proxy.client_id
 }
-- 
cgit 1.4.1