infrastructure/tf-stage-1/service_synapse.tf

module "synapseclient" {
  source = "./modules/kc-client"

  realm                              = var.realm
  client_id                          = "synapse"
  client_name                        = "Matrix - Synapse"
  client_secret                      = var.synapse_secret
  description                        = "Synapse Homeserver for unruhig.eu"
  root_url                           = "https://snapse.unruhig.eu"
  admin_url                          = ""
  base_url                           = ""
  valid_redirect_uris                = ["https://synapse.unruhig.eu/_synapse/client/oidc/callback", "https://unruhig.eu/_synapse/client/oidc/callback"]
  web_origins                        = []
  device_authorization_grant_enabled = true
  frontchannel_logout_enabled        = true
}


resource "keycloak_openid_user_attribute_protocol_mapper" "mx-localpart-mapper" {
  realm_id  = module.synapseclient.realm.id
  client_id = module.synapseclient.client.id
  name      = "mx local part"

  user_attribute      = "mx_localpart"
  claim_name          = "mx_localpart"
  add_to_id_token     = true
  add_to_access_token = true
  add_to_userinfo     = true
}