From 7eb6900129d5bd358af2928155d9d6471b94e0db Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sun, 1 Sep 2024 15:38:38 +0300 Subject: [PATCH] fix(ops/keycloak): update client ID and client secret This points to a "GitHub App" now ("https://github.com/organizations/tvlfyi/settings/apps"), rather than an "OAuth App" ("https://github.com/organizations/tvlfyi/settings/applications"). Apparently this makes a big difference, and we should be using a "GitHub App", not an "OAuth App". The defails on why are in https://github.com/keycloak/keycloak/issues/9429#issuecomment-1578953468 The App can be configured at https://github.com/organizations/tvlfyi/settings/apps/tvl-keycloak . With this, we should get rid of spurious Exceptions with some GitHub users trying to log in, hopefully fixing https://b.tvl.fyi/issues/201. Change-Id: I25d0d6cd1b05ad54ed3d760d3a48ce1f430c0e7d Reviewed-on: https://cl.tvl.fyi/c/depot/+/12413 Autosubmit: flokli Reviewed-by: tazjin Tested-by: BuildkiteCI --- ops/keycloak/user_sources.tf | 2 +- ops/secrets/tf-keycloak.age | Bin 962 -> 1135 bytes 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/ops/keycloak/user_sources.tf b/ops/keycloak/user_sources.tf index f4207ba87..7fa71e36f 100644 --- a/ops/keycloak/user_sources.tf +++ b/ops/keycloak/user_sources.tf @@ -36,7 +36,7 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" { resource "keycloak_oidc_identity_provider" "github" { alias = "github" provider_id = "github" - client_id = "6d7f8bb2e82bb6739556" + client_id = "Iv23liXfGNIr7InMg5Uo" client_secret = var.github_client_secret realm = keycloak_realm.tvl.id backchannel_supported = false diff --git a/ops/secrets/tf-keycloak.age b/ops/secrets/tf-keycloak.age index 237b9377bd79e12ef426add4834066e98892a6e1..7d470a6a304e232106c20835e816140c32258cb3 100644 GIT binary patch delta 1049 zcmX@a{+?rkPQ6<|h-YxHi=|h%d#+E4WmRZudS;-bbGTWUad5V;WqyUbabaO$g{zNa zC|8bCPGm};kzHMv|YGNwR-|aY&wJYMFmkxJ6WOI+w1ULUD11 zZfc5=si~o*LRGSJX@;XhYPMThPFQA6NR*$SpOJ;RSAA+?VVP&Sqp53ZQF(c}pL23{ zXh^o7MWnkUS6W(TQMpf8re|qIs;`e{h^uLcOQctrVWppUfn$o7PeoBsl!1j&fp1DS zx^;%Z6&XQ}3Zbt4CWiV|Zee-F&Vi){B~fOkp{AiZ0U`O8rOpv2fiNWa>7H-8BL50SZk?7VXXXsm& zlq+O7CVGb$=9?s$mxTCeYwMR9dWM+!Mul4F2Uet)W_l+jdKtKR7x_E7M{@Z@rd4=n z>#Jl`m8a$UWCau!Cl)z5MwOMAnz&>Yn0iE&>w6h`m^ypqq$W@NC?1|umKm7l;}zhS z7nbK8UX-Y9n4azFte=#W7f_Pw;$NDV<7Q|PQRr-$>B{9-P-Gk#?rBz7W?`9ITw#(J zmS*W$neI`jT^ix#=W1!5o1R{tshwBmZZJ8XQ9Rt&+0rS@-=es*D5}ukT;Jcg$UVy3 z*Qwkzx!gU_#VId4Jha?DDmgzm&ylOxInlDrE5+46JEfwiIHk(mza-hs$I?Js-!DDF zG|a=?$2}>;EIB7Kz<2UlM)CScvx+qBz#zxGA}13I!;;b}x8S6J3jYYFRL7h`k39XH zWWxgIvZ#E&uu!gwq@vtJAAjeRY*RDSET{6ayuu*glu-SuAg>%RgTkQP$Y2BGeD`dp ziexTbU0sD#bN3Q+{gP7Cq-=8oGw-r0N54q_G&3Xf3}64yRMSkCl(hPE|E%(GL-%Yh z$MD5wl6Tjx%XpGyv}%SE=YplnrMzzb+P`;=eNb@tr>QFpG@E@t2(74+y>!=L)%5C@ z<#%jn8@{gzX3 z$Xr%zo&EI2_H%`*c~hS~no_NPJn)m4@yo&~yFX8KDOjM_H(|!@OY-Z#&1z%ZdVpWx zubsVs0e`6`*VBUSteTBIkGC1|hHtz7Yr0;fmrqZ;gnYs6O^$u@opTHNOIrSXEWWE~ zWb^1{-F?om@7~XLA7EIa>3E;#?#7?ty9Kp&G`(Mt=wr_=bc11w; zT>44D zPNnYNi6x$SB~C%^zUEP3C24uZ71E$N*&W3Il1(|vI=w3;T@ODp5S12&^ z_cSo{4vx$W46e$_)%K`Q4$brruS^OxizqP2@eDBYF3+tBi3|>pDCbJ9$o6$HuFP_= z&<@EnD=o-2jC4$Pcl0iF%?e7l3^z6@a`K2sip=&m#<0%Ws46_qQ6baRCCn>BKcXTy z#lWvBxTwI}}1w(tyU@I=e zz~F$uN`r{x(nKe1kDTJ%iXbyCU0q#;vf@I^zzqFh|DcFcBlp0Rw4$=I0>Any_e|f+ z;wta5q9{+_h^j#ED8q0IuDJ8r^P;oYnN4KKX1LF9BRHd3DADD0!6Y{ORbBi%?7g$X zU8jD&uDa$0kN=&D#EV(sD|(NHuZYd4NDVQOpJw;f`{&+?iZ=Un&+xNujr)80m)$Xc zd1dPjmk&B$p7lm}@^fXSQsuNWmWto%KYJfs&6nd=w94#t-u;JtIk#VjGtX4iyYZ@JBbU=