d7c62b15f1
- Declare a new confidential client 'eticket' (PKCE S256, standard
flow only) in the realm import JSON for fresh installs.
- Add a generic ensure_client helper to sync.sh that creates a
client with sane defaults if missing, then applies the URIs via
set_client_uris on every run for idempotent reconciliation.
- Wire the new client up with its four redirect URIs:
https://ticket.e-cosplay.fr/api/auth/login/sso/validate
https://cos.local/api/auth/login/sso/validate
https://ticket.e-cosplay.fr/connection/sso/check
https://cos.local/connection/sso/check
and matching webOrigins / post-logout URIs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>