Add ecosplay_code OIDC client for Gitea SSO

New confidential client 'ecosplay_code' with PKCE S256, declared in the realm import JSON for fresh installs and reconciled via sync.sh (ensure_client + set_client_uris) for existing installs. Redirect URIs match the Gitea OAuth2 callback format for the esy_lock provider: https://code.e-cosplay.fr/user/oauth2/esy_lock/callback https://cos.local/user/oauth2/esy_lock/callback Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 16:24:28 +02:00
parent 5af94062d2
commit cad8f5bb91
2 changed files with 38 additions and 0 deletions
--- a/realms/ecosplay-realm.json
+++ b/realms/ecosplay-realm.json
@@ -117,6 +117,32 @@
        "pkce.code.challenge.method": "S256"
      }
    },
+    {
+      "clientId": "ecosplay_code",
+      "name": "E-Cosplay Code",
+      "description": "Forge de code (Gitea) - login SSO via esy_lock provider",
+      "enabled": true,
+      "publicClient": false,
+      "secret": "change-me-in-admin-console",
+      "redirectUris": [
+        "https://code.e-cosplay.fr/user/oauth2/esy_lock/callback",
+        "https://cos.local/user/oauth2/esy_lock/callback"
+      ],
+      "webOrigins": [
+        "https://code.e-cosplay.fr",
+        "https://cos.local"
+      ],
+      "protocol": "openid-connect",
+      "standardFlowEnabled": true,
+      "implicitFlowEnabled": false,
+      "directAccessGrantsEnabled": false,
+      "serviceAccountsEnabled": false,
+      "frontchannelLogout": true,
+      "attributes": {
+        "post.logout.redirect.uris": "https://code.e-cosplay.fr/*##https://cos.local/*",
+        "pkce.code.challenge.method": "S256"
+      }
+    },
    {
      "clientId": "eticket",
      "name": "E-Ticket",