terraform-provider-zitadel icon indicating copy to clipboard operation
terraform-provider-zitadel copied to clipboard

Published 20 hours ago verified publisher icon zitadel

unable to obtain client_id/ client_secret from zitadel_org_oidc_idp

Open pva2007 opened this issue 1 year ago • 0 comments

Preflight Checklist

  • [X] I could not find a solution in the documentation, the existing issues or discussions
  • [ ] I have joined the ZITADEL chat

Version

1.7.0

ZITADEL Version

v2.43.3

Describe the problem caused by this bug

I'm creating an application in a project which work as expected with OIDC_GRANT_TYPE_AUTHORIZATION_CODE, but I'm unable to obtain the client_id/ client_secret from the created application for further usage. Neither data sources zitadel_org_oidc_idp nor zitadel_application_oidc.

Documentatio satte these are available read_only: https://registry.terraform.io/providers/zitadel/zitadel/latest/docs/data-sources/org_oidc_idp#client_id

To reproduce

Creation of a zitadel_application_oidc ressource:

resource "zitadel_application_oidc" "proxy_app" {
  org_id        = var.zitadel_org_id
  project_id    = var.zitadel_project_id
  name          = var.zitadel_application_name
  redirect_uris = length(var.zitadel_redirect_uris) != 0 ? var.zitadel_redirect_uris : ["http://${local.container_name}:4180/oauth2/callback"]

  # currently I'm using only OIDC_GRANT_TYPE_AUTHORIZATION_CODE
  response_types              = [var.zitadel_response_types]
  grant_types                 = [var.zitadel_grant_types]
  post_logout_redirect_uris   = var.zitadel_post_logout_redirect_uris
  app_type                    = var.zitadel_app_type
  auth_method_type            = var.zitadel_auth_method_type
  clock_skew                  = var.zitadel_clock_skew
  access_token_type           = var.zitadel_access_token_type
  access_token_role_assertion = var.zitadel_access_token_role_assertion
  id_token_role_assertion     = var.zitadel_id_token_role_assertion
  id_token_userinfo_assertion = var.zitadel_id_token_userinfo_assertion
}

creating data resources:

data "zitadel_application_oidc" "proxy_app" {
  org_id     = var.zitadel_org_id
  project_id = var.zitadel_project_id
  app_id     = zitadel_application_oidc.proxy_app.id
}

data "zitadel_org_oidc_idp" "proxy_app" {
  org_id = var.zitadel_org_id
  id     = data.zitadel_application_oidc.proxy_app.id
}

All below options don't provide values and throw errors:

env = {
  "OAUTH2_PROXY_CLIENT_ID=${data.zitadel_application_oidc.proxy_app.client_id}",
  "OAUTH2_PROXY_CLIENT_ID=${data.zitadel_org_oidc_idp.proxy_app.client_id}",

Screenshots

No response

Expected behavior

Either data ressource zitadel_org_oidc_idp or zitadel_application_oidc abel to provide the sensitive values.

Relevant Configuration

No response

Additional Context

No response

pva2007 avatar Jan 20 '24 21:01 pva2007