From 2cbc596566bcef0c6ebb9faa163842cb94f20f06 Mon Sep 17 00:00:00 2001
From: Fenris Wolf <fenris@folksprak.org>
Date: Sat, 26 Oct 2024 10:43:57 +0200
Subject: [PATCH] [task-183] [mod] authelia-for-zeitbild_backend

---
 roles/authelia-for-zeitbild_backend/tasks/main.json    | 10 +++++++++-
 .../templates/authelia-client-conf.json.j2             |  6 +++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/roles/authelia-for-zeitbild_backend/tasks/main.json b/roles/authelia-for-zeitbild_backend/tasks/main.json
index e7fb6e0..801a8ab 100644
--- a/roles/authelia-for-zeitbild_backend/tasks/main.json
+++ b/roles/authelia-for-zeitbild_backend/tasks/main.json
@@ -1,10 +1,18 @@
 [
+	{
+		"name": "configuration | compute client secret hash",
+		"become": true,
+		"ansible.builtin.shell": {
+			"cmd": "authelia crypto hash generate bcrypt --password {{var_authelia_for_zeitbild_backend_client_secret}} | cut --delimiter=' ' --fields='2-'"
+		},
+		"register": "temp_authelia_for_zeitbild_backend_client_secret_hashed"
+	},
 	{
 		"name": "configuration | emplace",
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "authelia-client-conf.json.j2",
-			"dest": "/etc/authelia/conf.d/clients/zeitbild_backend.json"
+			"dest": "/etc/authelia/conf.d/clients/zeitbild.json"
 		}
 	},
 	{
diff --git a/roles/authelia-for-zeitbild_backend/templates/authelia-client-conf.json.j2 b/roles/authelia-for-zeitbild_backend/templates/authelia-client-conf.json.j2
index a7b13b8..692d452 100644
--- a/roles/authelia-for-zeitbild_backend/templates/authelia-client-conf.json.j2
+++ b/roles/authelia-for-zeitbild_backend/templates/authelia-client-conf.json.j2
@@ -1,11 +1,11 @@
 {
 	"client_id": "{{var_authelia_for_zeitbild_backend_client_id}}",
-	"client_secret": "{{var_authelia_for_zeitbild_backend_client_secret}}",
-	"client_name": "Forgejo",
+	"client_secret": "{{temp_authelia_for_zeitbild_backend_client_secret_hashed.stdout}}",
+	"client_name": "Zeitbild",
 	"public": false,
 	"authorization_policy": "one_factor",
 	"redirect_uris": [
-		"{{var_authelia_for_zeitbild_backend_zeitbild_backend_url_base}}/user/oauth2/authelia/callback"
+		"{{var_authelia_for_zeitbild_backend_zeitbild_backend_url_base}}/session/oidc"
 	],
 	"scopes": [
 		"openid",