diff --git a/data/common/common.yaml b/data/common/common.yaml
index a46bc0fc9f1e54b259080c57065a772ac4472648..98e769867f91bef04a32f704b08d8149ee9d2073 100644
--- a/data/common/common.yaml
+++ b/data/common/common.yaml
@@ -3106,6 +3106,12 @@ keycloak::resources::realms:
protocol_mappers:
- "%{alias('keycloak::resources::protocol_mappers::audience')}"
- "%{alias('keycloak::resources::protocol_mappers::groups')}"
+ hedgedoc:
+ settings:
+ redirect_uris:
+ # Should match letsencrypt::certificates.hedgedoc.domains
+ - https://hedgedoc.softwareheritage.org/*
+ secret: "%{alias('keycloak::clients::hedgedoc::secret')}"
SoftwareHeritageStaging:
settings:
display_name: Software Heritage (Staging)
diff --git a/site-modules/profile/manifests/keycloak/resources.pp b/site-modules/profile/manifests/keycloak/resources.pp
index 84caa91e2e5ec85d85336c0374dcd8fdf2442da3..3228f51d8128863cc4ee1d3e0977215f3b2124ea 100644
--- a/site-modules/profile/manifests/keycloak/resources.pp
+++ b/site-modules/profile/manifests/keycloak/resources.pp
@@ -66,6 +66,24 @@ class profile::keycloak::resources {
}
}
+ $client_scopes = pick($realm_data['client_scopes'], {})
+ $realm_client_scope_common_settings = deep_merge(
+ $client_scope_common_settings,
+ pick($realm_data['client_scope_settings'], {})
+ )
+ $client_scopes.each |$client_scope_name, $client_scope_data| {
+ $_local_client_scope_settings = pick($client_scope_data['settings'], {})
+ $_full_client_scope_settings = deep_merge($realm_client_scope_common_settings, $_local_client_scope_settings)
+
+ $client_scope_id = fqdn_uuid("${realm_name}.${client_scope_name}")
+
+ keycloak_client_scope {"${client_scope_name} on ${realm_name}":
+ ensure => present,
+ id => $client_scope_id,
+ * => $_full_client_scope_settings,
+ }
+ }
+
$clients = pick($realm_data['clients'], {})
$realm_client_common_settings = deep_merge($client_common_settings,
pick($realm_data['client_settings'], {}))