data "aws_cognito_user_pools" "thomasklein_infra" {
  name = "thomasklein-infra"
}

resource "aws_cognito_user_pool_client" "gitea" {
  name = "gitea"

  user_pool_id = data.aws_cognito_user_pools.thomasklein_infra.ids[0]

  allowed_oauth_flows_user_pool_client = true
  allowed_oauth_flows                  = ["code"]
  allowed_oauth_scopes                 = ["profile", "email", "openid"]

  supported_identity_providers = ["COGNITO"]

  generate_secret = true
  callback_urls   = ["https://${local.ingress_domain}/user/oauth2/Cognito/callback"]
}