{{- if index .Values.ocAuth.enabled }}
apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
  name: open-cloud-client
spec:
  grantTypes:
    - refresh_token
    - authorization_code
    - client_credentials
    - implicit
  responseTypes:
    - id_token
    - token
    - code
  scope: openid profile email roles
  secretName: oc-oauth2-client-secret
  redirectUris:
    - https://{{ .Values.host }}/auth/callback
  postLogoutRedirectUris:
    - https://{{ .Values.host }}/auth/logout/
  tokenEndpointAuthMethod: client_secret_post
  allowedCorsOrigins:
    -  "http://0.0.0.0"
#---
#apiVersion: v1
#kind: Secret
#metadata:
#  name: oc-auth-got-secret
#  namespace: dev
#stringData:
#  CLIENT_ID: {{ .Values.ocAuth.hydra.clientId }}
#  CLIENT_SECRET: {{ .Values.ocAuth.hydra.clientSecret }}

{{- end }}