Add ecosplay_code OIDC client for Gitea SSO
New confidential client 'ecosplay_code' with PKCE S256, declared in the realm import JSON for fresh installs and reconciled via sync.sh (ensure_client + set_client_uris) for existing installs. Redirect URIs match the Gitea OAuth2 callback format for the esy_lock provider: https://code.e-cosplay.fr/user/oauth2/esy_lock/callback https://cos.local/user/oauth2/esy_lock/callback Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
12
init/sync.sh
12
init/sync.sh
@@ -333,6 +333,18 @@ if realm_exists ecosplay; then
|
|||||||
'["https://ticket.e-cosplay.fr/api/auth/login/sso/validate","https://cos.local/api/auth/login/sso/validate","https://ticket.e-cosplay.fr/connection/sso/check","https://cos.local/connection/sso/check"]' \
|
'["https://ticket.e-cosplay.fr/api/auth/login/sso/validate","https://cos.local/api/auth/login/sso/validate","https://ticket.e-cosplay.fr/connection/sso/check","https://cos.local/connection/sso/check"]' \
|
||||||
'["https://ticket.e-cosplay.fr","https://cos.local"]' \
|
'["https://ticket.e-cosplay.fr","https://cos.local"]' \
|
||||||
'https://ticket.e-cosplay.fr/*##https://cos.local/*'
|
'https://ticket.e-cosplay.fr/*##https://cos.local/*'
|
||||||
|
|
||||||
|
log "Reconciling ecosplay_code client"
|
||||||
|
ensure_client ecosplay ecosplay_code "E-Cosplay Code" \
|
||||||
|
"Forge de code (Gitea) - login SSO via esy_lock provider" \
|
||||||
|
"change-me-in-admin-console" \
|
||||||
|
'["https://code.e-cosplay.fr/user/oauth2/esy_lock/callback","https://cos.local/user/oauth2/esy_lock/callback"]' \
|
||||||
|
'["https://code.e-cosplay.fr","https://cos.local"]' \
|
||||||
|
'https://code.e-cosplay.fr/*##https://cos.local/*'
|
||||||
|
set_client_uris ecosplay ecosplay_code \
|
||||||
|
'["https://code.e-cosplay.fr/user/oauth2/esy_lock/callback","https://cos.local/user/oauth2/esy_lock/callback"]' \
|
||||||
|
'["https://code.e-cosplay.fr","https://cos.local"]' \
|
||||||
|
'https://code.e-cosplay.fr/*##https://cos.local/*'
|
||||||
else
|
else
|
||||||
warn "ecosplay realm not found — will be imported on next boot"
|
warn "ecosplay realm not found — will be imported on next boot"
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -117,6 +117,32 @@
|
|||||||
"pkce.code.challenge.method": "S256"
|
"pkce.code.challenge.method": "S256"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"clientId": "ecosplay_code",
|
||||||
|
"name": "E-Cosplay Code",
|
||||||
|
"description": "Forge de code (Gitea) - login SSO via esy_lock provider",
|
||||||
|
"enabled": true,
|
||||||
|
"publicClient": false,
|
||||||
|
"secret": "change-me-in-admin-console",
|
||||||
|
"redirectUris": [
|
||||||
|
"https://code.e-cosplay.fr/user/oauth2/esy_lock/callback",
|
||||||
|
"https://cos.local/user/oauth2/esy_lock/callback"
|
||||||
|
],
|
||||||
|
"webOrigins": [
|
||||||
|
"https://code.e-cosplay.fr",
|
||||||
|
"https://cos.local"
|
||||||
|
],
|
||||||
|
"protocol": "openid-connect",
|
||||||
|
"standardFlowEnabled": true,
|
||||||
|
"implicitFlowEnabled": false,
|
||||||
|
"directAccessGrantsEnabled": false,
|
||||||
|
"serviceAccountsEnabled": false,
|
||||||
|
"frontchannelLogout": true,
|
||||||
|
"attributes": {
|
||||||
|
"post.logout.redirect.uris": "https://code.e-cosplay.fr/*##https://cos.local/*",
|
||||||
|
"pkce.code.challenge.method": "S256"
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"clientId": "eticket",
|
"clientId": "eticket",
|
||||||
"name": "E-Ticket",
|
"name": "E-Ticket",
|
||||||
|
|||||||
Reference in New Issue
Block a user