apiVersion: keycloak.org/v1alpha1
kind: KeycloakClient
metadata:
  name: rhacs-client
  namespace: openshift-sso
  labels:
    app: sso
spec:
  realmSelector:
     matchLabels:
      app: sso
  client:
    clientId: rhacs
    secret: averysecretsecret
    defaultClientScopes:
      - email
      - offline_access
      - profile
      - roles
    protocolMappers:
      - name: groups
        protocol: openid-connect
        protocolMapper: oidc-usermodel-client-role-mapper
        consentRequired: false
        config:
          "multivalued": "true"
          "userinfo.token.claim": "true"
          "access.token.claim": "true"
          "claim.name": "groups"
          "jsonType.label": "JSON"
          "usermodel.clientRoleMapping.clientId": "rhacs"
    implicitFlowEnabled: True
    standardFlowEnabled: True
    redirectUris:
      - https://central-rhacs.apps.ocp4.example.com/sso/providers/oidc/callback
      - https://central-rhacs.apps.ocp4.example.com/auth/response/oidc