feat: more oidc oauth2proxy

2025-12-09 19:28:33 +01:00 · 2023-01-15 19:37:29 +01:00
parent 4fd118fde6
commit 38529a428e
5 changed files with 21 additions and 13 deletions
--- a/templates/oauth-standalone-docker-compose.yaml
+++ b/templates/oauth-standalone-docker-compose.yaml
@@ -12,17 +12,16 @@ services:
    ports:
      - {{ services[item].port }}:{{ services[item].port }}
    environment:
-      OAUTH2_PROXY_UPSTREAMS: http://{{ ansible_default_ipv4.address }}:{{ services[item].port }}/
+      OAUTH2_PROXY_UPSTREAMS: http://{{ ansible_default_ipv4.address }}:{{ services[item].port + 1000 }}/
      OAUTH2_PROXY_EMAIL_DOMAINS: '*'
      OAUTH2_PROXY_PROVIDER: oidc
-      OAUTH2_PROXY_PROVIDER_DISPLAY_NAME: "Keycloak"
-      OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: true
+      OAUTH2_PROXY_PROVIDER_DISPLAY_NAME: "AtlantisHQ Accounts"
      OAUTH2_PROXY_REDIRECT_URL: http://localhost/oauth2/callback

      OAUTH2_PROXY_OIDC_ISSUER_URL: "https://{{ keycloak_address }}/realms/master"
      OAUTH2_PROXY_CLIENT_ID: "{{ keycloak_clients[item].client_id }}"
-      OAUTH2_PROXY_CLIENT_SECRET: "{{ keycloak_clients[item].party_secret }}"
-      OAUTH2_PROXY_ALLOWED_GROUPS: "{{ keycloak_clients[item].groups }}"
+      OAUTH2_PROXY_CLIENT_SECRET: "{{ keycloak_clients[item].client_secret }}"
+      OAUTH2_PROXY_ALLOWED_ROLES: "{{ keycloak_clients[item].groups }}"

      OAUTH2_PROXY_OIDC_EMAIL_CLAIM: sub