software-engineering/policy-ui
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

create oidcapp
All checks were successful
Build and Publish / build-release (push) Successful in 1m1s
Details

Browse Source
This commit is contained in:
HaimKortovich
2026-05-14 15:19:53 -05:00
parent bb6ee40741
commit 2ed75599bc
2 changed files with 77 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
ops/chart/values.yaml
View File

@@ -27,14 +27,25 @@ controllers:
value: "https://dev.api.corredorconect.com/workload/api/v1" value: "https://dev.api.corredorconect.com/workload/api/v1"
- name: NUXT_PUBLIC_DOCUMENT_API_BASE - name: NUXT_PUBLIC_DOCUMENT_API_BASE
value: "https://dev.api.corredorconect.com/document/api/v1" value: "https://dev.api.corredorconect.com/document/api/v1"
- name: AUTH_SECRET
value: 0d85a9ed917254fc14c51a7e57e58f515574938d81f5a5146d407284c020b541
- name: AUTH_ORIGIN - name: AUTH_ORIGIN
value: https://dev.corredorconect.com/api/auth value: https://dev.corredorconect.com/api/auth
- name: ZITADEL_DOMAIN - name: ZITADEL_DOMAIN
value: https://id.corredorconect.com value: https://id.corredorconect.com
- name: ZITADEL_CLIENT_ID - name: ZITADEL_CLIENT_ID
value: 371939070261068337 valueFrom:
secretKeyRef:
name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-oidcapp-client-secret'
key: clientId
- name: ZITADEL_PROJECT_ID
valueFrom:
secretKeyRef:
name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-oidcapp-client-secret'
key: projectId
- name: AUTH_SECRET
valueFrom:
secretKeyRef:
name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-secrets'
key: auth-secret
ports: ports:
- name: http - name: http
containerPort: 3000 containerPort: 3000
@@ -71,3 +82,65 @@ service:
ingress: ingress:
main: main:
enabled: false enabled: false
rawResources:
password-generator:
enabled: true
apiVersion: generators.external-secrets.io/v1alpha1
kind: Password
suffix: password-generator
spec:
spec:
length: 32
noUpper: false
allowRepeat: true
secretKeys:
- auth-secret
external-secret:
enabled: true
apiVersion: external-secrets.io/v1
kind: ExternalSecret
suffix: secrets
spec:
spec:
refreshInterval: 0s
secretStoreRef:
name: cluster-secrets-store
kind: ClusterSecretStore
target:
name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-secrets'
creationPolicy: Owner
dataFrom:
- sourceRef:
generatorRef:
apiVersion: generators.external-secrets.io/v1alpha1
kind: Password
name: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}-password-generator'
oidcapp:
apiVersion: zitadel.github.com/v1alpha1
kind: OIDCApp
suffix: oidcapp
spec:
spec:
oidcAppName: policy-ui
projectRef:
name: seguros-dev
namespace: zitadel-resources-operator
appType: OIDC_APP_TYPE_WEB
authMethodType: OIDC_AUTH_METHOD_TYPE_NONE
redirectUris:
- https://dev.corredorconect.com/api/auth/callback/zitadel
postLogoutRedirectUris:
- https://dev.corredorconect.com/
responseTypes:
- OIDC_RESPONSE_TYPE_CODE
grantTypes:
- OIDC_GRANT_TYPE_AUTHORIZATION_CODE
accessTokenRoleAssertion: true
accessTokenType: OIDC_TOKEN_TYPE_JWT
idTokenRoleAssertion: true
idTokenUserinfoAssertion: true
clockSkew: 5s
devMode: false
skipNativeAppSuccessPage: false

2
server/api/auth/[...].ts
View File

@@ -9,7 +9,7 @@ export default NuxtAuthHandler({
issuer: process.env.ZITADEL_DOMAIN, issuer: process.env.ZITADEL_DOMAIN,
authorization: { authorization: {
params: { params: {
scope: 'openid email profile offline_access urn:zitadel:iam:org:project:371479849505653263:aud' scope: `openid email profile offline_access urn:zitadel:iam:org:project:${process.env.ZITADEL_PROJECT_ID}:aud`
} }
} }
}) })