keycloak: clear Gitea Veles OIDC PKCE flag
This commit is contained in:
jenkins
parent
29d89880ca
commit
65903d282c
@ -1,12 +1,12 @@
|
||||
# services/keycloak/oneoffs/veles-gitea-oidc-secret-ensure-job.yaml
|
||||
# One-off job for sso/veles-gitea-oidc-secret-ensure-2.
|
||||
# One-off job for sso/veles-gitea-oidc-secret-ensure-3.
|
||||
# Purpose: create/update the Veles realm Gitea OIDC client and write the
|
||||
# matching Gitea auth-source secret to Vault.
|
||||
# Keep suspended until the Vault policy change has reconciled, then unsuspend once.
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: veles-gitea-oidc-secret-ensure-2
|
||||
name: veles-gitea-oidc-secret-ensure-3
|
||||
namespace: sso
|
||||
spec:
|
||||
suspend: true
|
||||
|
||||
@ -157,7 +157,7 @@ client_payload="$(jq -nc \
|
||||
--arg client_id "${CLIENT_ID}" \
|
||||
--arg root_url "${PUBLIC_BASE_URL}" \
|
||||
--arg callback "${PUBLIC_BASE_URL}/user/oauth2/${AUTH_SOURCE_NAME}/callback" \
|
||||
'{clientId:$client_id,enabled:true,protocol:"openid-connect",publicClient:false,standardFlowEnabled:true,implicitFlowEnabled:false,directAccessGrantsEnabled:false,serviceAccountsEnabled:false,redirectUris:[$callback],webOrigins:[$root_url],rootUrl:$root_url,baseUrl:"/",attributes:{"post.logout.redirect.uris":($root_url + "/*")}}')"
|
||||
'{clientId:$client_id,enabled:true,protocol:"openid-connect",publicClient:false,standardFlowEnabled:true,implicitFlowEnabled:false,directAccessGrantsEnabled:false,serviceAccountsEnabled:false,redirectUris:[$callback],webOrigins:[$root_url],rootUrl:$root_url,baseUrl:"/",attributes:{"pkce.code.challenge.method":"","post.logout.redirect.uris":($root_url + "/*")}}')"
|
||||
|
||||
if [ -z "$CLIENT_UUID" ] || [ "$CLIENT_UUID" = "null" ]; then
|
||||
status="$(curl -sS -o /tmp/keycloak-client-create.json -w "%{http_code}" -X POST \
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user