diff --git a/data/common/common.yaml b/data/common/common.yaml --- a/data/common/common.yaml +++ b/data/common/common.yaml @@ -3110,6 +3110,9 @@ - swh.web.api.throttling_exempted - swh.web.api.graph +keycloak::resources::clients::deposit:roles: + - swh.deposit.api + keycloak::resources::protocol_mappers::audience: resource_name: audience type: oidc-audience-mapper @@ -3175,6 +3178,17 @@ protocol_mappers: - "%{alias('keycloak::resources::protocol_mappers::audience')}" - "%{alias('keycloak::resources::protocol_mappers::groups')}" + swh-deposit: + settings: + redirect_uris: + # Should match letsencrypt::certificates.archive_staging.domains + - https://deposit.staging.swh.network/* + - https://deposit.internal.staging.swh.network/* + roles: "%{alias('keycloak::resources::clients::deposit:roles')}" + direct_grant_flow: direct_grant_no_otp-SoftwareHeritageStaging + protocol_mappers: + - "%{alias('keycloak::resources::protocol_mappers::audience')}" + - "%{alias('keycloak::resources::protocol_mappers::groups')}" borg::repository_user: borg borg::repository_group: borg