feat: allow custom hydra clients generation

defaults/main.yml

@@ -17,6 +17,13 @@ hydra_database_port: 3306
 public_scheme: http
 public_host: "{{ ansible_default_ipv4.address | default(ansible_all_ipv4_addresses[0]) }}"
 
+# Hydra clients
+
+hydra_clients:
+  - client_id: default-client
+    client_name: Default client
+    redirect_uris: ["{{ public_scheme }}://{{ public_host }}"]
+
 # Hydra Passwordless configuration
 
 enable_hydra_passwordless: yes

tasks/main.yml

@@ -51,6 +51,15 @@
     - Restart HAProxy
   become: true
 
+- name: Create hydra-clients
+  template:
+    src: hydra-client.json.j2
+    dest: "/etc/hydra/clients.d/{{ item.client_id }}.json"
+  with_items: "{{ hydra_clients }}"
+  notify:
+    - Restart cadoles-pod-hydra-v1
+  become: true
+
 - name: Configure cadoles-pod-hydra-v1
   template:
     src: "{{ item.src }}"

tasks/oidc-test.yml

@@ -2,11 +2,16 @@
 
 - name: Create oidc-test OpenID Connect client configuration
   template:
-    src: "{{ item.src }}"
+    src: hydra-client.json.j2
-    dest: "{{ item.dest }}"
+    dest: "/etc/hydra/clients.d/{{ item.client_id }}.json"
   with_items:
-    - src: oidc-test-client.json.j2
+    - client_id: "{{ oidc_test_app_client_id }}"
-      dest: /etc/hydra/clients.d/oidc-test.json
+      client_secret: "{{ oidc_test_app_client_secret }}"
+      client_name: "OIDC Test"
+      redirect_uris: ["{{ public_scheme }}://{{ public_host }}:8080/oauth2/callback"]
+      post_logout_redirect_uris: ["{{ public_scheme }}://{{ public_host }}:8080"]
+      logo_uri: https://www.cadoles.com/images/logo.svg
+
   notify:
     - Restart cadoles-pod-hydra-v1
   become: true

templates/hydra-client.json.j2

@@ -0,0 +1,14 @@
+{
+	"client_id": {{ item.client_id | to_json }},
+	"client_name": {{ item.client_name | default(item.client_id) | to_json }},
+	"client_secret": {{ item.client_secret | default(lookup('ansible.builtin.password', '/dev/null chars=ascii_lowercase,digits length=32')) | to_json }},
+	"grant_types": {{ item.grant_types | default(["authorization_code","refresh_token"]) | to_json }},
+	"jwks": {},
+	"metadata": {},
+	"post_logout_redirect_uris": {{ item.post_logout_redirect_uris | default([]) | to_json }},
+	"redirect_uris": {{ item.redirect_uris | default([]) | to_json }},
+	"response_types": {{ item.response_types | default(["code"]) | to_json }},
+	"logo_uri": {{ item.logo_uri | default("") | to_json }},
+	"scope": {{ item.scope | default("openid profile email") | to_json }},
+	"token_endpoint_auth_method": {{ item.token_endpoint_auth_method | default("client_secret_post") | to_json }}
+}

templates/oidc-test-client.json.j2

@@ -1,19 +0,0 @@
-{
-	"client_id": "{{ oidc_test_app_client_id }}",
-	"client_name": "OIDC Test",
-	"client_secret": "{{ oidc_test_app_client_secret }}",
-	"grant_types": [
-		"authorization_code",
-		"refresh_token"
-	],
-	"jwks": {},
-	"metadata": {},
-	"post_logout_redirect_uris": ["{{ public_scheme }}://{{ public_host }}:8080"],
-	"redirect_uris": ["{{ public_scheme }}://{{ public_host }}:8080/oauth2/callback"],
-	"response_types": [
-		"code"
-	],
-	"logo_uri": "https://www.cadoles.com/images/logo.svg",
-	"scope": "openid profile email",
-	"token_endpoint_auth_method": "client_secret_post"
-}