spring:
  security:
    oauth2:
      client:
        registration:
          keycloak:
            provider: keycloak # this must match the provider below
            client-id: komga
            client-secret: changeme
            client-name: keycloak
            scope: openid,email
            authorization-grant-type: authorization_code
            # the placeholders in {} will be replaced automatically, you don't need to change this line
            redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
        provider:
          keycloak: # this must match the provider above
            user-name-attribute: sub
            # either set the issuer-uri, in which case the app will lookup the configuration for you automatically
            issuer-uri: https://nine.local/auth/realms/nine
            # or set all of the following
            authorization-uri: https://nine.local/auth/realms/nine/protocol/openid-connect/auth
            token-uri: https://nine.local/auth/realms/nine/protocol/openid-connect/token
            jwk-set-uri: https://nine.local/auth/realms/nine/protocol/openid-connect/certs
            user-info-uri: https://nine.local/auth/realms/nine/protocol/openid-connect/userinfo
  ssl:
    enabled: false
  webclient:
    ssl:
      trust-all: true            
komga:
  oauth2-account-creation: true