feat: add oidc provisioning for opencloud

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>

inventories/vagrant/host_vars/backend/keycloak.yml

@@ -52,6 +52,17 @@ keycloak_oidc_clients:
       - openid
       - email
       - profile
+  - client_id: opencloud
+    name: "OpenCloud"
+    client_secret: "opencloud-secret-change-in-production"
+    redirect_uris:
+      - "https://opencloud.local.test/"
+      - "https://opencloud.local.test/oidc-callback.html"
+      - "https://opencloud.local.test/oidc-silent-redirect.html"
+    default_client_scopes:
+      - openid
+      - email
+      - profile
 
 # Identity providers (external login sources)
 # Uncomment and configure for production use with real credentials

inventories/vagrant/host_vars/backend/opencloud.yml

@@ -0,0 +1,15 @@
+opencloud_domain: "opencloud.local.test"
+opencloud_admin_password: "admin"
+opencloud_extra_hosts:
+  - "opencloud.local.test:host-gateway"
+  - "keycloak.local.test:host-gateway"
+
+# OIDC configuration (Keycloak)
+opencloud_oidc_issuer: "https://keycloak.local.test/realms/vagrant"
+opencloud_oidc_client_id: "opencloud"
+opencloud_oidc_client_secret: "opencloud-secret-change-in-production"
+opencloud_oidc_account_edit_url: "https://keycloak.local.test/realms/vagrant/account"
+
+# Allow OpenCloud to connect to Keycloak for OIDC discovery
+opencloud_csp_extra_connect_src:
+  - "https://keycloak.local.test/"