From a66b370e84f1240e9274dbfc9ba3de8e4865c0f9 Mon Sep 17 00:00:00 2001
From: Viyurz <viyurz@viyurz.fr>
Date: Sat, 11 May 2024 10:58:34 +0200
Subject: [PATCH] Move Synapse OIDC client id/secret from synapse_secrets to
 authelia_secrets.

---
 roles/authelia/templates/configuration.yml | 4 ++--
 roles/synapse/templates/homeserver.yaml    | 4 ++--
 secrets.yml.example                        | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/roles/authelia/templates/configuration.yml b/roles/authelia/templates/configuration.yml
index fe2550f..7f95011 100644
--- a/roles/authelia/templates/configuration.yml
+++ b/roles/authelia/templates/configuration.yml
@@ -86,9 +86,9 @@ identity_providers:
           - 'email'
         token_endpoint_auth_method: client_secret_post
 
-      - client_id: '{{ synapse_secrets["oidc_client_id"] }}'
+      - client_id: '{{ authelia_secrets["synapse_client_id"] }}'
         client_name: Synapse
-        client_secret: '{{ synapse_secrets["oidc_client_secret_hash"] }}'
+        client_secret: '{{ authelia_secrets["synapse_client_secret_hash"] }}'
         redirect_uris: 'https://matrix.{{ domain }}/_synapse/client/oidc/callback'
         scopes:
           - 'openid'
diff --git a/roles/synapse/templates/homeserver.yaml b/roles/synapse/templates/homeserver.yaml
index e1326df..7cb0cc8 100644
--- a/roles/synapse/templates/homeserver.yaml
+++ b/roles/synapse/templates/homeserver.yaml
@@ -113,8 +113,8 @@ oidc_providers:
     idp_icon: "mxc://authelia.com/cKlrTPsGvlpKxAYeHWJsdVHI"
     discover: false
     issuer: "https://auth.{{ domain }}"
-    client_id: '{{ synapse_secrets["oidc_client_id"] }}'
-    client_secret: '{{ synapse_secrets["oidc_client_secret"] }}'
+    client_id: '{{ authelia_secrets["synapse_client_id"] }}'
+    client_secret: '{{ authelia_secrets["synapse_client_secret"] }}'
     scopes: ["openid", "profile", "email"]
     authorization_endpoint: 'https://auth.{{ domain }}/api/oidc/authorization'
     token_endpoint: 'https://auth.{{ domain }}/api/oidc/token'
diff --git a/secrets.yml.example b/secrets.yml.example
index 1a55e43..ee14a0c 100644
--- a/secrets.yml.example
+++ b/secrets.yml.example
@@ -18,6 +18,9 @@ authelia_secrets:
   hedgedoc_client_id:
   hedgedoc_client_secret:
   hedgedoc_client_secret_hash:
+  synapse_client_id:
+  synapse_client_secret:
+  synapse_client_secret_hash:
 
   hmac_secret:
   jwks_key: | # openssl genrsa 4096
@@ -61,9 +64,6 @@ searxng_secrets:
   searxng_secret:
 
 synapse_secrets:
-  oidc_client_id:
-  oidc_client_secret:
-  oidc_client_secret_hash:
   smtp_user:
   smtp_pass:
   postgres_user: