Rename ecosplay client, fix redirect URIs, set admin user real name

- Rename OIDC client ecosplay-web -> ecosplay_web in the realm import
  JSON. The client is used by the internal e-cosplay site for OAuth.
- Replace wildcard redirect URIs with the two exact callbacks:
  https://www.e-cosplay.fr/oauth/keycloak and
  https://cos.local/oauth/keycloak. webOrigins and post-logout URIs
  follow the same hosts.
- Add helpers to sync.sh (client_internal_id, rename_client,
  set_client_uris) and a reconciliation step that renames any legacy
  ecosplay-web -> ecosplay_web and idempotently re-applies the URIs
  on every run, so live installs are migrated automatically.
- Set the bootstrap admin user's real first/last name (jovann Serreau)
  in both the env vars and the realm import JSON.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

init/sync.sh

@@ -112,6 +112,38 @@ ensure_user_client_role() {
     info "  $2 -> client role $3/$4 ($1)"
 }
 
+client_internal_id() {
+    # $1=realm $2=clientId
+    $KC get clients -r "$1" -q clientId="$2" --fields id 2>/dev/null \
+        | sed -n 's/.*"id"[ ]*:[ ]*"\([^"]*\)".*/\1/p' \
+        | head -n1
+}
+
+rename_client() {
+    # $1=realm $2=oldClientId $3=newClientId
+    local cid
+    cid=$(client_internal_id "$1" "$2")
+    if [ -n "$cid" ]; then
+        $KC update "clients/$cid" -r "$1" -s "clientId=$3" >/dev/null
+        info "  renamed client $2 -> $3 ($1)"
+    fi
+}
+
+set_client_uris() {
+    # $1=realm $2=clientId $3=redirectUris(json) $4=webOrigins(json) $5=postLogoutUris(##-separated)
+    local cid
+    cid=$(client_internal_id "$1" "$2")
+    if [ -z "$cid" ]; then
+        warn "client $2 not found in $1, skipping URI sync"
+        return
+    fi
+    $KC update "clients/$cid" -r "$1" \
+        -s "redirectUris=$3" \
+        -s "webOrigins=$4" \
+        -s "attributes.\"post.logout.redirect.uris\"=$5" >/dev/null
+    info "  client $2 URIs synced ($1)"
+}
+
 # =============================================================
 # Master realm: SMTP, theme, locale
 # =============================================================
@@ -153,6 +185,14 @@ if realm_exists ecosplay; then
     ensure_user_client_role ecosplay "$ADMIN_USER_USERNAME" realm-management realm-admin
     ensure_user_in_group  ecosplay "$ADMIN_USER_USERNAME" super_admin_asso
     ensure_user_in_group  ecosplay "$ADMIN_USER_USERNAME" superadmin
+
+    log "Reconciling ecosplay_web client"
+    # Legacy rename: dash -> underscore (if migrated from older import)
+    rename_client ecosplay ecosplay-web ecosplay_web
+    set_client_uris ecosplay ecosplay_web \
+        '["https://www.e-cosplay.fr/oauth/keycloak","https://cos.local/oauth/keycloak"]' \
+        '["https://www.e-cosplay.fr","https://cos.local"]' \
+        'https://www.e-cosplay.fr/*##https://cos.local/*'
 else
     warn "ecosplay realm not found — will be imported on next boot"
 fi