search

mrparkers / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
MIT License
607 stars 295 forks source link

JWKS URL ON as a part of client creation #860

Open thecloudgarage opened 1 year ago

thecloudgarage commented 1 year ago

I am trying to deploy a Client in a realm via terraform modules. While this is generally successful, I am still trying to figure how do I toggle the JWKS URL setting to ON as seen in the below snip. The defaults that are used in the client creation do not turn the JWKS URL setting to ON and I do not see any options in the terraform values for the client module.

image

My config:


resource "keycloak_openid_client" "kube" {
  realm_id                     = local.realm_id
  client_id                    = "kube"
  name                         = "kube"
  enabled                      = true
  access_type                  = "CONFIDENTIAL"
  client_secret                = "kube-client-secret"
  standard_flow_enabled                     = true
  implicit_flow_enabled                     = false
  direct_access_grants_enabled              = true
  service_accounts_enabled                  = true
  valid_redirect_uris = [
    "https://test.oidc.thecloudgarage.com:10443/*",
   ]
}

thanks

Ambar.
rruxandra commented 1 month ago

We have been able to enable the "Use JWKS" flag by using this extra config on the keycloak_openid_client resource:

extra_config = {
    "token.endpoint.auth.signing.alg" = "RS256"
    "jwks.url"                        = var.jwks_url
    "use.jwks.url"                    = "true"
  }