module "gotosocialclient" {
  source = "./modules/kc-client"

  realm           = var.realm
  client_id       = "gotosocial"
  client_name     = "gotosocial"
  client_secret   = var.gotosocial_secret
  description     = "https://social.unruhig.eu"
  root_url            = "https://social.unruhig.eu"
  admin_url           = "https://social.unruhig.eu"
  base_url            = "https://social.unruhig.eu"
  valid_redirect_uris = ["https://social.unruhig.eu/auth/callback"]
  web_origins         = ["https://social.unruhig.eu"]
}

resource "keycloak_openid_group_membership_protocol_mapper" "gotosocial-membership-mapper" {
  realm_id  = module.gotosocialclient.realm.id
  client_id = module.gotosocialclient.client.id

  name                = "Group Mapper"
  claim_name          = "groups"
  full_path           = false
  add_to_userinfo     = true
  add_to_access_token = false
  add_to_id_token     = true
}

resource "keycloak_openid_user_property_protocol_mapper" "gotosocial-username-mapper" {
  realm_id  = module.gotosocialclient.realm.id
  client_id = module.gotosocialclient.client.id

  name                = "username"
  user_property       = "username"
  claim_name          = "preferred_username"
  add_to_userinfo     = true
  add_to_access_token = true
  add_to_id_token     = false
}

resource "keycloak_openid_user_client_role_protocol_mapper" "gotosocial-role-mapper" {
  realm_id            = module.gotosocialclient.realm.id
  client_id           = module.gotosocialclient.client.id
  multivalued         = true
  name                = "user-client-role-mapper"
  claim_name          = "resource_access.$${client_id}.roles"
  add_to_userinfo     = true
  add_to_access_token = true
  add_to_id_token     = false
}