19 lines
809 B
Markdown
19 lines
809 B
Markdown
# Authentik OIDC client registration sweep
|
|
|
|
This directory holds the FlowerCore per-service OIDC client secret references
|
|
for the ADR-093 / ADR-124 Phase 1 step 8 sweep.
|
|
|
|
The `clients/*-oidc-client.yaml` manifests are intentionally only
|
|
`OnePasswordItem` CRDs. The actual 1Password items are created by an operator in
|
|
the `IAmWorkin` vault with these fields:
|
|
|
|
| Field | Purpose |
|
|
| --- | --- |
|
|
| `client_id` | Authentik provider client id, default `<slug>` |
|
|
| `client_secret` | Authentik provider client secret |
|
|
| `issuer_url` | `https://id.iamworkin.lan/application/o/<slug>/` |
|
|
|
|
Run `scripts/authentik-bulk-client-create.py` in dry-run mode first. Live REST
|
|
mutation requires `--apply`, `AUTHENTIK_TOKEN`, and an operator-provided
|
|
client-secret JSON file. The script redacts secrets in all normal output.
|