init: copy from lawndale-infra
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
29
oidc.tf
Normal file
29
oidc.tf
Normal file
@@ -0,0 +1,29 @@
|
||||
|
||||
data "aws_cognito_user_pools" "thomasklein_infra" {
|
||||
name = "thomasklein-infra"
|
||||
}
|
||||
|
||||
resource "aws_cognito_user_pool_client" "this" {
|
||||
name = "grafana"
|
||||
|
||||
user_pool_id = data.aws_cognito_user_pools.thomasklein_infra.ids[0]
|
||||
|
||||
allowed_oauth_flows_user_pool_client = true
|
||||
allowed_oauth_flows = ["code"]
|
||||
allowed_oauth_scopes = ["profile", "email", "openid"]
|
||||
|
||||
supported_identity_providers = ["COGNITO"]
|
||||
|
||||
generate_secret = true
|
||||
callback_urls = ["https://${local.ingress_domain}/login/generic_oauth"]
|
||||
}
|
||||
|
||||
locals {
|
||||
# these should be available as an attribute
|
||||
cognito_base_url = "https://${data.aws_cognito_user_pools.thomasklein_infra.name}.auth.${data.aws_region.current.name}.amazoncognito.com"
|
||||
|
||||
cognito_authz_url = "${local.cognito_base_url}/oauth2/authorize"
|
||||
cognito_token_url = "${local.cognito_base_url}/oauth2/token"
|
||||
cognito_userinfo_url = "${local.cognito_base_url}/oauth2/userInfo"
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user