From a23c9df05ad9507d1dc78e7157b0f0c6a8c81c72 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Fri, 28 Mar 2025 11:45:11 -0700
Subject: [PATCH] Make ipsilon static config file public (staging), clean it up

The only secrets in this file, AFAIK, are the client secrets.
Most of those are already defined as secret variables for the
plays in this repo that deploy the services to use.

So instead of duplicating most of the secrets, and keeping this
file in the private repo where we can't do PRs and editing it is
awkward, let's just make all the client secrets be variables,
and make this file public.

For all the cases where a secret wasn't already defined as a
variable, I've added it, so this should work as-is.

Note that the use of `flask_oidc_dev_stg_oidc_client_secret`
twice is not an error in this PR; that secret was reused for
the staging community blog client config. I have reported this
at https://pagure.io/fedora-infrastructure/issue/12161#comment-963303 .

This also removes the client configurations for several services
which no longer exist.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 roles/ipsilon/tasks/main.yml                  |   16 +
 .../templates/openidc.staging.static.j2       | 1295 +++++++++++++++++
 2 files changed, 1311 insertions(+)
 create mode 100644 roles/ipsilon/templates/openidc.staging.static.j2

diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index 303fe2fece..0e6c87aa4d 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -145,6 +145,22 @@
   - oidc-config
   notify:
   - Restart apache
+  when: "env != 'staging'"
+
+- name: Template ipsilon OIDC client config
+  ansible.builtin.template:
+    src: "openidc.{{env}}.static.j2"
+    dest: /etc/ipsilon/root/openidc.static.cfg
+    owner: ipsilon
+    group: ipsilon
+    mode: "0600"
+  tags:
+  - ipsilon
+  - config
+  - oidc-config
+  notify:
+  - Restart apache
+  when: "env == 'staging'"
 
 - name: Copy ipsilon httpd config
   ansible.builtin.template:
diff --git a/roles/ipsilon/templates/openidc.staging.static.j2 b/roles/ipsilon/templates/openidc.staging.static.j2
new file mode 100644
index 0000000000..d77af92129
--- /dev/null
+++ b/roles/ipsilon/templates/openidc.staging.static.j2
@@ -0,0 +1,1295 @@
+[client]
+python-fedora client_id=null
+python-fedora client_secret="notsecret"
+python-fedora client_name="Python-Fedora"
+python-fedora redirect_uris=["http://localhost:12345/", "http://localhost:23456/"]
+python-fedora application_type="native"
+python-fedora client_uri="https://www.github.com/fedora-infra/python-fedora/"
+python-fedora contacts=["puiterwijk@fedoraproject.org"]
+python-fedora logo_uri=null
+python-fedora policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+python-fedora tos_uri=null
+python-fedora jwks_uri=null
+python-fedora jwks=null
+python-fedora sector_identifier_uri=null
+python-fedora subject_type="public"
+python-fedora response_types="code"
+python-fedora grant_types="authorization_code"
+python-fedora request_uris=[]
+python-fedora require_auth_time=null
+python-fedora token_endpoint_auth_method="client_secret_post"
+python-fedora id_token_signed_response_alg="RS256"
+python-fedora request_object_signing_alg="none"
+python-fedora initiate_login_uri=null
+python-fedora default_max_age=null
+python-fedora default_acr_values=null
+python-fedora client_secret_expires_at=0
+python-fedora ipsilon_internal={"type":"static","client_id":"python-fedora","trusted":false}
+
+kerneltest-stg client_id=null
+kerneltest-stg client_secret="{{ stg_kerneltest_oidc_secret }}"
+kerneltest-stg client_name="kerneltest-stg"
+kerneltest-stg redirect_uris=["https://kerneltest.stg.fedoraproject.org/oidc_callback"]
+kerneltest-stg application_type="native"
+kerneltest-stg client_uri="https://kerneltest.stg.fedoraproject.org/"
+kerneltest-stg contacts=["admin@fedoraproject.org"]
+kerneltest-stg logo_uri=null
+kerneltest-stg policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+kerneltest-stg tos_uri=null
+kerneltest-stg jwks_uri=null
+kerneltest-stg jwks=null
+kerneltest-stg sector_identifier_uri=null
+kerneltest-stg subject_type="public"
+kerneltest-stg response_types="code"
+kerneltest-stg grant_types="authorization_code"
+kerneltest-stg request_uris=[]
+kerneltest-stg require_auth_time=null
+kerneltest-stg token_endpoint_auth_method="client_secret_post"
+kerneltest-stg id_token_signed_response_alg="RS256"
+kerneltest-stg request_object_signing_alg="none"
+kerneltest-stg initiate_login_uri=null
+kerneltest-stg default_max_age=null
+kerneltest-stg default_acr_values=null
+kerneltest-stg client_secret_expires_at=0
+kerneltest-stg ipsilon_internal={"type":"static","client_id":"kerneltest-stg","trusted":true}
+
+fedpkg client_id=null
+fedpkg client_secret="notsecret"
+fedpkg client_name="FedPkg"
+fedpkg redirect_uris=["http://localhost:12345/", "http://localhost:23456/"]
+fedpkg application_type="native"
+fedpkg client_uri="http://localhost:13747/"
+fedpkg contacts=["infrastructure@lists.fedoraproject.org"]
+fedpkg logo_uri=null
+fedpkg policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+fedpkg tos_uri=null
+fedpkg jwks_uri=null
+fedpkg jwks=null
+fedpkg sector_identifier_uri=null
+fedpkg subject_type="public"
+fedpkg response_types="code"
+fedpkg grant_types="authorization_code"
+fedpkg request_uris=[]
+fedpkg require_auth_time=null
+fedpkg token_endpoint_auth_method="client_secret_post"
+fedpkg id_token_signed_response_alg="RS256"
+fedpkg request_object_signing_alg="none"
+fedpkg initiate_login_uri=null
+fedpkg default_max_age=null
+fedpkg default_acr_values=null
+fedpkg client_secret_expires_at=0
+fedpkg ipsilon_internal={"type":"static","client_id":"fedpkg","trusted":false}
+
+openshift client_id=null
+openshift client_secret="{{ openshift_stg_client_secret }}"
+openshift client_name="Fedora Infra Openshift (stg)"
+openshift redirect_uris=["https://os.stg.fedoraproject.org:443/oauth2callback/fedoraidp"]
+openshift application_type="web"
+openshift client_uri="https://os.stg.fedoraproject.org/"
+openshift contacts=["admin@fedoraproject.org"]
+openshift logo_uri=null
+openshift policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+openshift tos_uri=null
+openshift jwks_uri=null
+openshift jwks=null
+openshift sector_identifier_uri=null
+openshift subject_type="public"
+openshift response_types="code"
+openshift grant_types="authorization_code"
+openshift request_uris=[]
+openshift require_auth_time=null
+openshift token_endpoint_auth_method="client_secret_post"
+openshift id_token_signed_response_alg="RS256"
+openshift request_object_signing_alg="none"
+openshift initiate_login_uri=null
+openshift default_max_age=null
+openshift default_acr_values=null
+openshift client_secret_expires_at=0
+openshift ipsilon_internal={"type":"static","client_id":"openshift","trusted":true}
+
+waiverdb-stg client_id=null
+waiverdb-stg client_secret="{{ stg_waiverdb_oidc_secret }}"
+waiverdb-stg client_name="Waiverdb (openshift stg)"
+waiverdb-stg redirect_uris=["https://waiverdb.stg.fedoraproject.org/oidc_callback"]
+waiverdb-stg application_type="web"
+waiverdb-stg client_uri="https://waiverdb.stg.fedoraproject.org/"
+waiverdb-stg contacts=["mjia@fedoraproject.org", "dcallagh@fedoraproject.org", "ralph@fedoraproject.org"]
+waiverdb-stg logo_uri=null
+waiverdb-stg policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+waiverdb-stg tos_uri=null
+waiverdb-stg jwks_uri=null
+waiverdb-stg jwks=null
+waiverdb-stg sector_identifier_uri=null
+waiverdb-stg subject_type="public"
+waiverdb-stg response_types="code"
+waiverdb-stg grant_types="authorization_code"
+waiverdb-stg request_uris=[]
+waiverdb-stg require_auth_time=null
+waiverdb-stg token_endpoint_auth_method="client_secret_post"
+waiverdb-stg id_token_signed_response_alg="RS256"
+waiverdb-stg request_object_signing_alg="none"
+waiverdb-stg initiate_login_uri=null
+waiverdb-stg default_max_age=null
+waiverdb-stg default_acr_values=null
+waiverdb-stg client_secret_expires_at=0
+waiverdb-stg ipsilon_internal={"type":"static","client_id":"waiverdb-stg","trusted":false}
+
+waiverdb-authorizer client_id=null
+waiverdb-authorizer client_secret="notsecret"
+waiverdb-authorizer client_name="WaiverDB"
+waiverdb-authorizer redirect_uris=["http://localhost:13747/", "http://localhost:12345/", "http://localhost:23456/"]
+waiverdb-authorizer application_type="native"
+waiverdb-authorizer client_uri="http://localhost:13747/"
+waiverdb-authorizer contacts=["mjia@fedoraproject.org", "dcallagh@fedoraproject.org", "ralph@fedoraproject.org"]
+waiverdb-authorizer logo_uri=null
+waiverdb-authorizer policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+waiverdb-authorizer tos_uri=null
+waiverdb-authorizer jwks_uri=null
+waiverdb-authorizer jwks=null
+waiverdb-authorizer sector_identifier_uri=null
+waiverdb-authorizer subject_type="public"
+waiverdb-authorizer response_types="code"
+waiverdb-authorizer grant_types="authorization_code"
+waiverdb-authorizer request_uris=[]
+waiverdb-authorizer require_auth_time=null
+waiverdb-authorizer token_endpoint_auth_method="client_secret_post"
+waiverdb-authorizer id_token_signed_response_alg="RS256"
+waiverdb-authorizer request_object_signing_alg="none"
+waiverdb-authorizer initiate_login_uri=null
+waiverdb-authorizer default_max_age=null
+waiverdb-authorizer default_acr_values=null
+waiverdb-authorizer client_secret_expires_at=0
+waiverdb-authorizer ipsilon_internal={"type":"static","client_id":"waiverdb-authorizer","trusted":false}
+
+fpwiki client_id=null
+fpwiki client_secret="{{ fpwiki_stg_client_secret }}"
+fpwiki client_name="FedoraProject.org wiki (STG)"
+fpwiki redirect_uris=["https://stg.fedoraproject.org/wiki/Special:PluggableAuthLogin"]
+fpwiki application_type="web"
+fpwiki client_uri="https://stg.fedoraproject.org/wiki"
+fpwiki contacts=["admin@fedoraproject.org"]
+fpwiki logo_uri=null
+fpwiki policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+fpwiki tos_uri=null
+fpwiki jwks_uri=null
+fpwiki jwks=null
+fpwiki sector_identifier_uri=null
+fpwiki subject_type="public"
+fpwiki response_types="code"
+fpwiki grant_types="authorization_code"
+fpwiki request_uris=[]
+fpwiki require_auth_time=null
+fpwiki token_endpoint_auth_method="client_secret_basic"
+fpwiki id_token_signed_response_alg="RS256"
+fpwiki request_object_signing_alg="none"
+fpwiki initiate_login_uri=null
+fpwiki default_max_age=null
+fpwiki default_acr_values=null
+fpwiki client_secret_expires_at=0
+fpwiki ipsilon_internal={"type":"static","client_id":"fpwiki","trusted":true}
+
+wikitcms client_id=null
+wikitcms client_secret="notsecret"
+wikitcms client_name="Wiki Test Control Management System"
+wikitcms redirect_uris=["http://localhost:13747/", "http://localhost:12345/", "http://localhost:23456/"]
+wikitcms application_type="native"
+wikitcms client_uri="https://pagure.io/fedora-qa/python-wikitcms"
+wikitcms contacts=["adamwill@fedoraproject.org"]
+wikitcms logo_uri=null
+wikitcms policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+wikitcms tos_uri=null
+wikitcms jwks_uri=null
+wikitcms jwks=null
+wikitcms sector_identifier_uri=null
+wikitcms subject_type="public"
+wikitcms response_types="code"
+wikitcms grant_types="authorization_code"
+wikitcms request_uris=[]
+wikitcms require_auth_time=null
+wikitcms token_endpoint_auth_method="client_secret_post"
+wikitcms id_token_signed_response_alg="RS256"
+wikitcms request_object_signing_alg="none"
+wikitcms initiate_login_uri=null
+wikitcms default_max_age=null
+wikitcms default_acr_values=null
+wikitcms client_secret_expires_at=0
+wikitcms ipsilon_internal={"type":"static","client_id":"wikitcms","trusted":false}
+
+koschei client_id=null
+koschei client_secret="{{ koschei_oidc_client_secret_stg }}"
+koschei client_name="Koschei (STG)"
+koschei redirect_uris=["https://koschei.stg.fedoraproject.org/login/redirect_uri"]
+koschei application_type="web"
+koschei client_uri="https://apps.stg.fedoraproject.org/koschei/"
+koschei contacts=["admin@fedoraproject.org"]
+koschei logo_uri=null
+koschei policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+koschei tos_uri=null
+koschei jwks_uri=null
+koschei jwks=null
+koschei sector_identifier_uri=null
+koschei subject_type="pairwise"
+koschei response_types="code"
+koschei grant_types="authorization_code"
+koschei request_uris=[]
+koschei require_auth_time=null
+koschei token_endpoint_auth_method="client_secret_basic"
+koschei id_token_signed_response_alg="RS256"
+koschei request_object_signing_alg="none"
+koschei initiate_login_uri=null
+koschei default_max_age=null
+koschei default_acr_values=null
+koschei client_secret_expires_at=0
+koschei ipsilon_internal={"type":"static","client_id":"koschei","trusted":true}
+
+src-verifier client_id=null
+src-verifier client_secret="{{ distgit_oidc_src_verifier_secret_stg }}"
+src-verifier client_name="Fedora Dist-Git Verifier"
+src-verifier redirect_uris=[]
+src-verifier application_type="web"
+src-verifier client_uri="https://src.stg.fedoraproject.org/"
+src-verifier contacts=["admin@fedoraproject.org"]
+src-verifier logo_uri=null
+src-verifier policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+src-verifier tos_uri=null
+src-verifier jwks_uri=null
+src-verifier jwks=null
+src-verifier sector_identifier_uri=null
+src-verifier subject_type="pairwise"
+src-verifier response_types="code"
+src-verifier grant_types="authorization_code"
+src-verifier request_uris=[]
+src-verifier require_auth_time=null
+src-verifier token_endpoint_auth_method="client_secret_basic"
+src-verifier id_token_signed_response_alg="RS256"
+src-verifier request_object_signing_alg="none"
+src-verifier initiate_login_uri=null
+src-verifier default_max_age=null
+src-verifier default_acr_values=null
+src-verifier client_secret_expires_at=0
+src-verifier ipsilon_internal={"type":"static","client_id":"src-verifier","trusted":true}
+
+fedpkg-authorizer client_id=null
+fedpkg-authorizer client_secret="notsecret"
+fedpkg-authorizer client_name="FedPkg"
+fedpkg-authorizer redirect_uris=["http://localhost:13747/", "http://localhost:12345/", "http://localhost:23456/"]
+fedpkg-authorizer application_type="native"
+fedpkg-authorizer client_uri="http://localhost:13747/"
+fedpkg-authorizer contacts=["admin@fedoraproject.org"]
+fedpkg-authorizer logo_uri=null
+fedpkg-authorizer policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+fedpkg-authorizer tos_uri=null
+fedpkg-authorizer jwks_uri=null
+fedpkg-authorizer jwks=null
+fedpkg-authorizer sector_identifier_uri=null
+fedpkg-authorizer subject_type="public"
+fedpkg-authorizer response_types="code"
+fedpkg-authorizer grant_types="authorization_code"
+fedpkg-authorizer request_uris=[]
+fedpkg-authorizer require_auth_time=null
+fedpkg-authorizer token_endpoint_auth_method="client_secret_post"
+fedpkg-authorizer id_token_signed_response_alg="RS256"
+fedpkg-authorizer request_object_signing_alg="none"
+fedpkg-authorizer initiate_login_uri=null
+fedpkg-authorizer default_max_age=null
+fedpkg-authorizer default_acr_values=null
+fedpkg-authorizer client_secret_expires_at=0
+fedpkg-authorizer ipsilon_internal={"type":"static","client_id":"fedpkg-authorizer","trusted":false}
+
+transtats-stg client_id=null
+transtats-stg client_secret="{{ transtats_stg_oidc_secret }}"
+transtats-stg client_name="Transtats (openshift stg)"
+transtats-stg redirect_uris=["https://transtats.stg.fedoraproject.org/oidc/callback/"]
+transtats-stg application_type="web"
+transtats-stg client_uri="https://transtats.stg.fedoraproject.org/"
+transtats-stg contacts=["suanand@redhat.com"]
+transtats-stg logo_uri=null
+transtats-stg policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+transtats-stg tos_uri=null
+transtats-stg jwks_uri=null
+transtats-stg jwks=null
+transtats-stg sector_identifier_uri=null
+transtats-stg subject_type="pairwise"
+transtats-stg response_types="code"
+transtats-stg grant_types="authorization_code"
+transtats-stg request_uris=[]
+transtats-stg require_auth_time=null
+transtats-stg token_endpoint_auth_method="client_secret_post"
+transtats-stg id_token_signed_response_alg="RS256"
+transtats-stg request_object_signing_alg="none"
+transtats-stg initiate_login_uri=null
+transtats-stg default_max_age=null
+transtats-stg default_acr_values=null
+transtats-stg client_secret_expires_at=0
+transtats-stg ipsilon_internal={"type":"static","client_id":"transtats-stg","trusted":false}
+
+elections client_id=null
+elections client_secret="{{ elections_oidc_client_secret_stg }}"
+elections client_name="Elections"
+elections redirect_uris=["https://elections.stg.fedoraproject.org/oidc_callback", "https://elections.stg.fedoraproject.org/authorize"]
+elections application_type="web"
+elections client_uri="https://elections.stg.fedoraproject.org/"
+elections contacts=["admin@fedoraproject.org"]
+elections logo_uri=null
+elections policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+elections tos_uri=null
+elections jwks_uri=null
+elections jwks=null
+elections sector_identifier_uri=null
+elections subject_type="pairwise"
+elections response_types="code"
+elections grant_types="authorization_code"
+elections request_uris=[]
+elections require_auth_time=null
+elections token_endpoint_auth_method="client_secret_post"
+elections id_token_signed_response_alg="RS256"
+elections request_object_signing_alg="none"
+elections initiate_login_uri=null
+elections default_max_age=null
+elections default_acr_values=null
+elections client_secret_expires_at=0
+elections ipsilon_internal={"type":"static","client_id":"elections","trusted":true}
+
+fedocal client_name="fedocal"
+fedocal client_secret="{{ fedocal_oidc_client_secret_stg }}"
+fedocal redirect_uris=["https://calendar.stg.fedoraproject.org/oidc_callback"]
+fedocal client_uri="https://calendar.stg.fedoraproject.org/"
+fedocal ipsilon_internal={"type":"static","client_id":"fedocal","trusted":true}
+fedocal contacts=["admin@fedoraproject.org"]
+fedocal client_id=null
+fedocal policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+fedocal grant_types="authorization_code"
+fedocal response_types="code"
+fedocal application_type="web"
+fedocal logo_uri=null
+fedocal tos_uri=null
+fedocal jwks_uri=null
+fedocal jwks=null
+fedocal sector_identifier_uri=null
+fedocal subject_type="pairwise"
+fedocal request_uris=[]
+fedocal require_auth_time=null
+fedocal token_endpoint_auth_method="client_secret_post"
+fedocal id_token_signed_response_alg="RS256"
+fedocal request_object_signing_alg="none"
+fedocal initiate_login_uri=null
+fedocal default_max_age=null
+fedocal default_acr_values=null
+fedocal client_secret_expires_at=0
+
+osci-jenkins-1-stage client_name="osci-jenkins-1-stage"
+osci-jenkins-1-stage client_secret="{{ osci_jenkins_1_stage_oidc_secret }}"
+osci-jenkins-1-stage redirect_uris=["https://osci-jenkins-1-stage.ci.fedoraproject.org/securityRealm/finishLogin"]
+osci-jenkins-1-stage client_uri="https://osci-jenkins-1-stage.ci.fedoraproject.org/"
+osci-jenkins-1-stage ipsilon_internal={"type":"static","client_id":"osci-jenkins-1-stage","trusted":true}
+osci-jenkins-1-stage contacts=["ci@lists.fedoraproject.org", "admin@fedoraproject.org"]
+osci-jenkins-1-stage client_id=null
+osci-jenkins-1-stage policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+osci-jenkins-1-stage grant_types="authorization_code"
+osci-jenkins-1-stage response_types="code"
+osci-jenkins-1-stage application_type="web"
+osci-jenkins-1-stage subject_type="pairwise"
+osci-jenkins-1-stage logo_uri=null
+osci-jenkins-1-stage tos_uri=null
+osci-jenkins-1-stage jwks_uri=null
+osci-jenkins-1-stage jwks=null
+osci-jenkins-1-stage sector_identifier_uri=null
+osci-jenkins-1-stage request_uris=[]
+osci-jenkins-1-stage require_auth_time=null
+osci-jenkins-1-stage token_endpoint_auth_method="client_secret_post"
+osci-jenkins-1-stage id_token_signed_response_alg="RS256"
+osci-jenkins-1-stage request_object_signing_alg="none"
+osci-jenkins-1-stage initiate_login_uri=null
+osci-jenkins-1-stage default_max_age=null
+osci-jenkins-1-stage default_acr_values=null
+osci-jenkins-1-stage client_secret_expires_at=0
+
+osci-jenkins-2-stage client_name="osci-jenkins-2-stage"
+osci-jenkins-2-stage client_secret="{{ osci_jenkins_2_stage_oidc_secret }}"
+osci-jenkins-2-stage redirect_uris=["https://osci-jenkins-2-stage.ci.fedoraproject.org/securityRealm/finishLogin"]
+osci-jenkins-2-stage client_uri="https://osci-jenkins-2-stage.ci.fedoraproject.org/"
+osci-jenkins-2-stage ipsilon_internal={"type":"static","client_id":"osci-jenkins-2-stage","trusted":true}
+osci-jenkins-2-stage contacts=["ci@lists.fedoraproject.org", "admin@fedoraproject.org"]
+osci-jenkins-2-stage client_id=null
+osci-jenkins-2-stage policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+osci-jenkins-2-stage grant_types="authorization_code"
+osci-jenkins-2-stage response_types="code"
+osci-jenkins-2-stage application_type="web"
+osci-jenkins-2-stage subject_type="pairwise"
+osci-jenkins-2-stage logo_uri=null
+osci-jenkins-2-stage tos_uri=null
+osci-jenkins-2-stage jwks_uri=null
+osci-jenkins-2-stage jwks=null
+osci-jenkins-2-stage sector_identifier_uri=null
+osci-jenkins-2-stage request_uris=[]
+osci-jenkins-2-stage require_auth_time=null
+osci-jenkins-2-stage token_endpoint_auth_method="client_secret_post"
+osci-jenkins-2-stage id_token_signed_response_alg="RS256"
+osci-jenkins-2-stage request_object_signing_alg="none"
+osci-jenkins-2-stage initiate_login_uri=null
+osci-jenkins-2-stage default_max_age=null
+osci-jenkins-2-stage default_acr_values=null
+osci-jenkins-2-stage client_secret_expires_at=0
+
+test-auth client_id=null
+test-auth client_name="test-auth"
+test-auth client_secret="{{ test_auth_stg_oidc_client_secret }}"
+test-auth redirect_uris=["https://test-auth.app.os.stg.fedoraproject.org/oidc/oidc_callback"]
+test-auth client_uri="https://test-auth.app.os.stg.fedoraproject.org/"
+test-auth ipsilon_internal={"type":"static","client_id":"test-auth","trusted":true}
+test-auth contacts=["admin@fedoraproject.org"]
+test-auth policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+test-auth grant_types="authorization_code"
+test-auth response_types="code"
+test-auth application_type="web"
+test-auth logo_uri=null
+test-auth tos_uri=null
+test-auth jwks_uri=null
+test-auth jwks=null
+test-auth sector_identifier_uri=null
+test-auth subject_type="public"
+test-auth request_uris=[]
+test-auth require_auth_time=null
+test-auth token_endpoint_auth_method="client_secret_post"
+test-auth id_token_signed_response_alg="RS256"
+test-auth request_object_signing_alg="none"
+test-auth initiate_login_uri=null
+test-auth default_max_age=null
+test-auth default_acr_values=null
+test-auth client_secret_expires_at=0
+
+provisionfpo client_name="provisionfpo"
+provisionfpo client_secret="{{ zezere_oidc_client_secret_staging }}"
+provisionfpo redirect_uris=["https://provision.stg.fedoraproject.org/oidc/callback/"]
+provisionfpo client_uri="https://provision.stg.fedoraproject.org/portal/"
+provisionfpo ipsilon_internal={"type":"static","client_id":"provisionfpo","trusted":true}
+provisionfpo contacts=["admin@fedoraproject.org"]
+provisionfpo client_id=null
+provisionfpo policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+provisionfpo grant_types="authorization_code"
+provisionfpo response_types="code"
+provisionfpo application_type="web"
+provisionfpo logo_uri=null
+provisionfpo tos_uri=null
+provisionfpo jwks_uri=null
+provisionfpo jwks=null
+provisionfpo sector_identifier_uri=null
+provisionfpo subject_type="public"
+provisionfpo request_uris=[]
+provisionfpo require_auth_time=null
+provisionfpo token_endpoint_auth_method="client_secret_post"
+provisionfpo id_token_signed_response_alg="RS256"
+provisionfpo request_object_signing_alg="none"
+provisionfpo initiate_login_uri=null
+provisionfpo default_max_age=null
+provisionfpo default_acr_values=null
+provisionfpo client_secret_expires_at=0
+
+oraculum client_name="oraculum"
+oraculum client_secret="{{ oraculum_oidc_client_secret_stg }}"
+oraculum redirect_uris=["https://packager-dashboard.stg.fedoraproject.org/api/flask_oidc/authorize"]
+oraculum client_uri="https://oraculum.stg.fedoraproject.org/"
+oraculum ipsilon_internal={"type":"static","client_id":"oraculum","trusted":true}
+oraculum contacts=["fzatlouk@redhat.com"]
+oraculum client_id=null
+oraculum policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+oraculum grant_types="authorization_code"
+oraculum response_types="code"
+oraculum application_type="web"
+oraculum subject_type="pairwise"
+oraculum logo_uri=null
+oraculum tos_uri=null
+oraculum jwks_uri=null
+oraculum jwks=null
+oraculum sector_identifier_uri=null
+oraculum request_uris=[]
+oraculum require_auth_time=null
+oraculum token_endpoint_auth_method="client_secret_post"
+oraculum id_token_signed_response_alg="RS256"
+oraculum request_object_signing_alg="none"
+oraculum initiate_login_uri=null
+oraculum default_max_age=null
+oraculum default_acr_values=null
+oraculum client_secret_expires_at=0
+
+forum-mojefedora-cz client_name="forum-mojefedora-cz"
+forum-mojefedora-cz client_secret="{{ forum_mojefedora_cz_oidc_secret }}"
+forum-mojefedora-cz redirect_uris=["https://forum.mojefedora.cz/auth/oauth2_basic/callback"]
+forum-mojefedora-cz client_uri="https://forum-mojefedora-cz.fedoraproject.org/"
+forum-mojefedora-cz ipsilon_internal={"type":"static","client_id":"forum-mojefedora-cz","trusted":false}
+forum-mojefedora-cz contacts=["frantisekz@fedoraproject.org"]
+forum-mojefedora-cz client_id=null
+forum-mojefedora-cz policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+forum-mojefedora-cz grant_types="authorization_code"
+forum-mojefedora-cz response_types="code"
+forum-mojefedora-cz application_type="web"
+forum-mojefedora-cz subject_type="pairwise"
+forum-mojefedora-cz logo_uri=null
+forum-mojefedora-cz tos_uri=null
+forum-mojefedora-cz jwks_uri=null
+forum-mojefedora-cz jwks=null
+forum-mojefedora-cz sector_identifier_uri=null
+forum-mojefedora-cz request_uris=[]
+forum-mojefedora-cz require_auth_time=null
+forum-mojefedora-cz token_endpoint_auth_method="client_secret_basic"
+forum-mojefedora-cz id_token_signed_response_alg="RS256"
+forum-mojefedora-cz request_object_signing_alg="none"
+forum-mojefedora-cz initiate_login_uri=null
+forum-mojefedora-cz default_max_age=null
+forum-mojefedora-cz default_acr_values=null
+forum-mojefedora-cz client_secret_expires_at=0
+
+element client_name="element"
+element client_secret="{{ element_stg_oidc_secret }}"
+element redirect_uris=["https://fedora-test-sso.ems.host/_synapse/client/oidc/callback"]
+element client_uri="https://fedora.ems.host/"
+element ipsilon_internal={"type":"static","client_id":"element","trusted":true}
+element contacts=["{{ element_oidc_contact }}"]
+element client_id=null
+element policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+element grant_types="authorization_code"
+element response_types="code"
+element application_type="web"
+element subject_type="public"
+element logo_uri=null
+element tos_uri=null
+element jwks_uri=null
+element jwks=null
+element sector_identifier_uri=null
+element request_uris=[]
+element require_auth_time=null
+element token_endpoint_auth_method="client_secret_basic"
+element id_token_signed_response_alg="RS256"
+element request_object_signing_alg="none"
+element initiate_login_uri=null
+element default_max_age=null
+element default_acr_values=null
+element client_secret_expires_at=0
+
+ocp client_id=null
+ocp client_secret="{{ ocp_stg_oidc_secret }}"
+ocp client_name="Fedora Staging OCP"
+ocp redirect_uris=["https://oauth-openshift.apps.ocp.stg.fedoraproject.org/oauth2callback/fedoraidp"]
+ocp application_type="web"
+ocp client_uri="https://ocp.stg.fedoraproject.org/"
+ocp contacts=["admin@fedoraproject.org"]
+ocp logo_uri=null
+ocp policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+ocp tos_uri=null
+ocp jwks_uri=null
+ocp jwks=null
+ocp sector_identifier_uri=null
+ocp subject_type="public"
+ocp response_types="code"
+ocp grant_types="authorization_code"
+ocp request_uris=[]
+ocp require_auth_time=null
+ocp token_endpoint_auth_method="client_secret_post"
+ocp id_token_signed_response_alg="RS256"
+ocp request_object_signing_alg="none"
+ocp initiate_login_uri=null
+ocp default_max_age=null
+ocp default_acr_values=null
+ocp client_secret_expires_at=0
+ocp ipsilon_internal={"type":"static","client_id":"ocp","trusted":true}
+
+anitya client_name="anitya staging"
+anitya client_secret="{{ anitya_oidc_client_secret_stg }}"
+anitya redirect_uris=["https://stg.release-monitoring.org/auth/fedora"]
+anitya client_uri="https://srg.release-monitoring.org/"
+anitya ipsilon_internal={"type":"static","client_id":"anitya","trusted":true}
+anitya contacts=["mkonecny@fedoraproject.org"]
+anitya client_id=null
+anitya policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+anitya grant_types="authorization_code"
+anitya response_types="code"
+anitya application_type="web"
+anitya subject_type="public"
+anitya logo_uri=null
+anitya tos_uri=null
+anitya jwks_uri=null
+anitya jwks=null
+anitya sector_identifier_uri=null
+anitya request_uris=[]
+anitya require_auth_time=null
+anitya token_endpoint_auth_method="client_secret_post"
+anitya id_token_signed_response_alg="RS256"
+anitya request_object_signing_alg="none"
+anitya initiate_login_uri=null
+anitya default_max_age=null
+anitya default_acr_values=null
+anitya client_secret_expires_at=0
+
+bodhi client_name="Bodhi staging"
+bodhi client_secret="{{ bodhi2_oidc_client_secret_staging }}"
+bodhi redirect_uris=["https://bodhi.stg.fedoraproject.org/oidc/authorize"]
+bodhi client_uri="https://bodhi.stg.fedoraproject.org/"
+bodhi ipsilon_internal={"type":"static","client_id":"bodhi","trusted":true}
+bodhi contacts=["admin@fedoraproject.org"]
+bodhi client_id=null
+bodhi policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+bodhi grant_types="authorization_code"
+bodhi response_types="code"
+bodhi application_type="web"
+bodhi subject_type="public"
+bodhi logo_uri=null
+bodhi tos_uri=null
+bodhi jwks_uri=null
+bodhi jwks=null
+bodhi sector_identifier_uri=null
+bodhi request_uris=[]
+bodhi require_auth_time=null
+bodhi token_endpoint_auth_method="client_secret_post"
+bodhi id_token_signed_response_alg="RS256"
+bodhi request_object_signing_alg="none"
+bodhi initiate_login_uri=null
+bodhi default_max_age=null
+bodhi default_acr_values=null
+bodhi client_secret_expires_at=0
+
+bodhi-client client_name="Bodhi Client staging"
+bodhi-client client_secret=""
+bodhi-client redirect_uris=["urn:ietf:wg:oauth:2.0:oob"]
+bodhi-client client_uri="https://bodhi.stg.fedoraproject.org/"
+bodhi-client ipsilon_internal={"type":"static","client_id":"bodhi-client","trusted":true}
+bodhi-client contacts=["admin@fedoraproject.org"]
+bodhi-client client_id=null
+bodhi-client policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+bodhi-client grant_types="authorization_code"
+bodhi-client response_types="code"
+bodhi-client application_type="native"
+bodhi-client subject_type="public"
+bodhi-client logo_uri=null
+bodhi-client tos_uri=null
+bodhi-client jwks_uri=null
+bodhi-client jwks=null
+bodhi-client sector_identifier_uri=null
+bodhi-client request_uris=[]
+bodhi-client require_auth_time=null
+bodhi-client token_endpoint_auth_method="none"
+bodhi-client id_token_signed_response_alg="RS256"
+bodhi-client request_object_signing_alg="none"
+bodhi-client initiate_login_uri=null
+bodhi-client default_max_age=null
+bodhi-client default_acr_values=null
+bodhi-client client_secret_expires_at=0
+
+flask-oidc-dev client_id=null
+flask-oidc-dev client_secret="{{ flask_oidc_dev_stg_oidc_client_secret }}"
+flask-oidc-dev client_name="Flask OIDC dev in Staging"
+flask-oidc-dev redirect_uris=["https://app-flask-oidc-dev.apps.ocp.stg.fedoraproject.org/oidc/oidc_callback"]
+flask-oidc-dev application_type="web"
+flask-oidc-dev client_uri="https://app-flask-oidc-dev.apps.ocp.stg.fedoraproject.org/"
+flask-oidc-dev contacts=["admin@fedoraproject.org"]
+flask-oidc-dev logo_uri=null
+flask-oidc-dev policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+flask-oidc-dev tos_uri=null
+flask-oidc-dev jwks_uri=null
+flask-oidc-dev jwks=null
+flask-oidc-dev sector_identifier_uri=null
+flask-oidc-dev subject_type="public"
+flask-oidc-dev response_types="code"
+flask-oidc-dev grant_types="authorization_code"
+flask-oidc-dev request_uris=[]
+flask-oidc-dev require_auth_time=null
+flask-oidc-dev token_endpoint_auth_method="client_secret_post"
+flask-oidc-dev id_token_signed_response_alg="RS256"
+flask-oidc-dev request_object_signing_alg="none"
+flask-oidc-dev initiate_login_uri=null
+flask-oidc-dev default_max_age=null
+flask-oidc-dev default_acr_values=null
+flask-oidc-dev client_secret_expires_at=0
+flask-oidc-dev ipsilon_internal={"type":"static","client_id":"flask-oidc-dev","trusted":true}
+
+osbs client_name="OSBS staging"
+osbs client_secret=""
+osbs redirect_uris=["urn:ietf:wg:oauth:2.0:oob"]
+osbs client_uri="https://osbs.stg.fedoraproject.org/"
+osbs ipsilon_internal={"type":"static","client_id":"osbs","trusted":true}
+osbs contacts=["admin@fedoraproject.org"]
+osbs client_id=null
+osbs policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+osbs grant_types="authorization_code"
+osbs response_types="code"
+osbs application_type="native"
+osbs subject_type="public"
+osbs logo_uri=null
+osbs tos_uri=null
+osbs jwks_uri=null
+osbs jwks=null
+osbs sector_identifier_uri=null
+osbs request_uris=[]
+osbs require_auth_time=null
+osbs token_endpoint_auth_method="none"
+osbs id_token_signed_response_alg="RS256"
+osbs request_object_signing_alg="none"
+osbs initiate_login_uri=null
+osbs default_max_age=null
+osbs default_acr_values=null
+osbs client_secret_expires_at=0
+
+fmn client_id=null
+fmn client_secret="{{ fmn_stg_oidc_client_secret }}"
+fmn client_name="Fedora Messaging Notifications"
+fmn redirect_uris=["https://notifications.stg.fedoraproject.org/login/fedora", "https://fmn.apps.ocp.stg.fedoraproject.org/login/fedora"]
+fmn application_type="web"
+fmn client_uri="https://notifications.stg.fedoraproject.org/"
+fmn contacts=["admin@fedoraproject.org"]
+fmn logo_uri=null
+fmn policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+fmn tos_uri=null
+fmn jwks_uri=null
+fmn jwks=null
+fmn sector_identifier_uri=null
+fmn subject_type="public"
+fmn response_types="code"
+fmn grant_types="authorization_code"
+fmn request_uris=[]
+fmn require_auth_time=null
+fmn token_endpoint_auth_method="client_secret_post"
+fmn id_token_signed_response_alg="RS256"
+fmn request_object_signing_alg="none"
+fmn initiate_login_uri=null
+fmn default_max_age=null
+fmn default_acr_values=null
+fmn client_secret_expires_at=0
+fmn ipsilon_internal={"type":"static","client_id":"fmn","trusted":true}
+
+fmn-frontend client_name="Fedora Notifications"
+fmn-frontend client_secret=""
+fmn-frontend redirect_uris=["https://notifications.stg.fedoraproject.org/login/fedora", "https://fmn.apps.ocp.stg.fedoraproject.org/login/fedora"]
+fmn-frontend client_uri="https://notifications.stg.fedoraproject.org/"
+fmn-frontend ipsilon_internal={"type":"static","client_id":"fmn-frontend","trusted":true}
+fmn-frontend contacts=["admin@fedoraproject.org"]
+fmn-frontend client_id=null
+fmn-frontend policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+fmn-frontend grant_types="authorization_code"
+fmn-frontend response_types="code"
+fmn-frontend application_type="native"
+fmn-frontend subject_type="public"
+fmn-frontend logo_uri=null
+fmn-frontend tos_uri=null
+fmn-frontend jwks_uri=null
+fmn-frontend jwks=null
+fmn-frontend sector_identifier_uri=null
+fmn-frontend request_uris=[]
+fmn-frontend require_auth_time=null
+fmn-frontend token_endpoint_auth_method="none"
+fmn-frontend id_token_signed_response_alg="RS256"
+fmn-frontend request_object_signing_alg="none"
+fmn-frontend initiate_login_uri=null
+fmn-frontend default_max_age=null
+fmn-frontend default_acr_values=null
+fmn-frontend client_secret_expires_at=0
+
+askdiscourse client_id="askdiscourse"
+askdiscourse client_secret="{{ askdiscourse_stg_oidc_secret }}"
+askdiscourse client_name="Ask Fedora Staging"
+askdiscourse redirect_uris=["https://fedoraproject.staged-by-discourse.com/auth/oauth2_basic/callback"]
+askdiscourse application_type="web"
+askdiscourse client_uri="https://ask.fedoraproject.org/"
+askdiscourse contacts=["admin@fedoraproject.org"]
+askdiscourse logo_uri=null
+askdiscourse policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+askdiscourse tos_uri=null
+askdiscourse jwks_uri=null
+askdiscourse jwks=null
+askdiscourse sector_identifier_uri="https://fedoraproject.staged-by-discourse.com/"
+askdiscourse subject_type="pairwise"
+askdiscourse response_types="code"
+askdiscourse grant_types="authorization_code"
+askdiscourse request_uris=[]
+askdiscourse require_auth_time=null
+askdiscourse token_endpoint_auth_method="client_secret_basic"
+askdiscourse id_token_signed_response_alg="RS256"
+askdiscourse request_object_signing_alg="none"
+askdiscourse initiate_login_uri=null
+askdiscourse default_max_age=null
+askdiscourse default_acr_values=null
+askdiscourse client_secret_expires_at=0
+askdiscourse ipsilon_internal={"type":"static","client_id":"askdiscourse","trusted":true}
+
+pagure client_id="pagure"
+pagure client_secret="{{ pagure_stg_oidc_client_secret }}"
+pagure client_name="Pagure Staging"
+pagure redirect_uris=["https://stg.pagure.io/oidc_callback", "https://stg.pagure.io/authorize"]
+pagure application_type="web"
+pagure client_uri="https://stg.pagure.io/"
+pagure contacts=["admin@fedoraproject.org"]
+pagure logo_uri=null
+pagure policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+pagure tos_uri=null
+pagure jwks_uri=null
+pagure jwks=null
+pagure sector_identifier_uri="https://stg.pagure.io/"
+pagure subject_type="pairwise"
+pagure response_types="code"
+pagure grant_types="authorization_code"
+pagure request_uris=[]
+pagure require_auth_time=null
+pagure token_endpoint_auth_method="client_secret_post"
+pagure id_token_signed_response_alg="RS256"
+pagure request_object_signing_alg="none"
+pagure initiate_login_uri=null
+pagure default_max_age=null
+pagure default_acr_values=null
+pagure client_secret_expires_at=0
+pagure ipsilon_internal={"type":"static","client_id":"pagure","trusted":true}
+
+consolerhc client_id="consolerhc"
+consolerhc client_secret="{{ consolerhc_stg_oidc_secret }}"
+consolerhc client_name="Red Hat Console"
+consolerhc redirect_uris=["https://console.stg.fedorainfracloud.org/authorize"]
+consolerhc application_type="web"
+consolerhc client_uri="https://www.osbuild.org/guides/introduction.html"
+consolerhc contacts=["osbuilders@redhat.com"]
+consolerhc logo_uri="https://www.osbuild.org/images/osbuild.png"
+consolerhc policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+consolerhc tos_uri=null
+consolerhc jwks_uri=null
+consolerhc jwks=null
+consolerhc sector_identifier_uri="consolerhc"
+consolerhc subject_type="pairwise"
+consolerhc response_types="code"
+consolerhc grant_types="authorization_code"
+consolerhc request_uris=[]
+consolerhc require_auth_time=null
+consolerhc token_endpoint_auth_method="client_secret_post"
+consolerhc id_token_signed_response_alg="RS256"
+consolerhc request_object_signing_alg="none"
+consolerhc initiate_login_uri=null
+consolerhc default_max_age=null
+consolerhc default_acr_values=null
+consolerhc client_secret_expires_at=0
+consolerhc ipsilon_internal={"type":"static","client_id":"consolerhc","trusted":false}
+
+consolerhc-cli client_id="consolerhc-cli"
+consolerhc-cli client_secret="notsecret"
+consolerhc-cli client_name="Red Hat Console CLI"
+consolerhc-cli redirect_uris=["urn:ietf:wg:oauth:2.0:oob", "https://console.stg.foo.fedorainfracloud.org:1337/", "https://console.stg.fedorainfracloud.org/"]
+consolerhc-cli application_type="native"
+consolerhc-cli client_uri="https://www.osbuild.org/guides/introduction.html"
+consolerhc-cli contacts=["osbuilders@redhat.com"]
+consolerhc-cli logo_uri="https://www.osbuild.org/images/osbuild.png"
+consolerhc-cli policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+consolerhc-cli tos_uri=null
+consolerhc-cli jwks_uri=null
+consolerhc-cli jwks=null
+consolerhc-cli sector_identifier_uri="https://console.stg.fedorainfracloud.org"
+consolerhc-cli subject_type="pairwise"
+consolerhc-cli response_types="code"
+consolerhc-cli grant_types="authorization_code"
+consolerhc-cli request_uris=[]
+consolerhc-cli require_auth_time=null
+consolerhc-cli token_endpoint_auth_method="none"
+consolerhc-cli id_token_signed_response_alg="RS256"
+consolerhc-cli request_object_signing_alg="none"
+consolerhc-cli initiate_login_uri=null
+consolerhc-cli default_max_age=null
+consolerhc-cli default_acr_values=null
+consolerhc-cli client_secret_expires_at=0
+consolerhc-cli ipsilon_internal={"type":"static","client_id":"consolerhc-cli","trusted":false}
+
+mirrormanager client_name="Mirror Manager"
+mirrormanager client_id=null
+mirrormanager client_secret="{{ mirrormanager_stg_oidc_client_secret }}"
+mirrormanager redirect_uris=["https://mirrormanager.stg.fedoraproject.org/oidc/authorize", "https://mirrormanager.apps.ocp.stg.fedoraproject.org/oidc/authorize"]
+mirrormanager application_type="web"
+mirrormanager client_uri="https://mirrors.apps.ocp.stg.fedoraproject.org/"
+mirrormanager contacts=["admin@fedoraproject.org"]
+mirrormanager logo_uri=null
+mirrormanager policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+mirrormanager tos_uri=null
+mirrormanager jwks_uri=null
+mirrormanager jwks=null
+mirrormanager sector_identifier_uri=null
+mirrormanager subject_type="public"
+mirrormanager response_types="code"
+mirrormanager grant_types="authorization_code"
+mirrormanager request_uris=[]
+mirrormanager require_auth_time=null
+mirrormanager token_endpoint_auth_method="client_secret_post"
+mirrormanager id_token_signed_response_alg="RS256"
+mirrormanager request_object_signing_alg="none"
+mirrormanager initiate_login_uri=null
+mirrormanager default_max_age=null
+mirrormanager default_acr_values=null
+mirrormanager client_secret_expires_at=0
+mirrormanager ipsilon_internal={"type":"static","client_id":"mirrormanager","trusted":true}
+
+tahrir client_name="Badges Staging"
+tahrir client_secret="{{ tahrir_oidc_client_secret_staging }}"
+tahrir redirect_uris=["https://badges.stg.fedoraproject.org/oidc/authorize", "https://badges.apps.ocp.stg.fedoraproject.org/oidc/authorize"]
+tahrir client_uri="https://badges.stg.fedoraproject.org/"
+tahrir ipsilon_internal={"type":"static","client_id":"tahrir","trusted":true}
+tahrir contacts=["admin@fedoraproject.org"]
+tahrir client_id=null
+tahrir policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+tahrir grant_types="authorization_code"
+tahrir response_types="code"
+tahrir application_type="web"
+tahrir subject_type="public"
+tahrir logo_uri=null
+tahrir tos_uri=null
+tahrir jwks_uri=null
+tahrir jwks=null
+tahrir sector_identifier_uri=null
+tahrir request_uris=[]
+tahrir require_auth_time=null
+tahrir token_endpoint_auth_method="client_secret_post"
+tahrir id_token_signed_response_alg="RS256"
+tahrir request_object_signing_alg="none"
+tahrir initiate_login_uri=null
+tahrir default_max_age=null
+tahrir default_acr_values=null
+tahrir client_secret_expires_at=0
+
+mailman3 client_name="Mailman Staging"
+mailman3 client_secret="{{ mailman_stg_oidc_pass }}"
+mailman3 redirect_uris=["https://lists.stg.fedoraproject.org/accounts/fedora/login/callback/", "https://lists.stg.fedorahosted.org/accounts/fedora/login/callback/", "https://lists.stg.pagure.io/accounts/fedora/login/callback/"]
+mailman3 client_uri="https://lists.stg.fedoraproject.org/"
+mailman3 ipsilon_internal={"type":"static","client_id":"mailman3","trusted":true}
+mailman3 contacts=["admin@fedoraproject.org"]
+mailman3 client_id=null
+mailman3 policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+mailman3 grant_types="authorization_code"
+mailman3 response_types="code"
+mailman3 application_type="web"
+mailman3 subject_type="public"
+mailman3 logo_uri=null
+mailman3 tos_uri=null
+mailman3 jwks_uri=null
+mailman3 jwks=null
+mailman3 sector_identifier_uri=null
+mailman3 request_uris=[]
+mailman3 require_auth_time=null
+mailman3 token_endpoint_auth_method="client_secret_post"
+mailman3 id_token_signed_response_alg="RS256"
+mailman3 request_object_signing_alg="none"
+mailman3 initiate_login_uri=null
+mailman3 default_max_age=null
+mailman3 default_acr_values=null
+mailman3 client_secret_expires_at=0
+
+kanban-qa client_name="QA Kanban Staging"
+kanban-qa client_secret="{{ kanban_oidc_secret_stg }}"
+kanban-qa redirect_uris=["https://kanban.qa.stg.fedoraproject.org/flask_oidc/authorize"]
+kanban-qa client_uri="https://kanban.qa.stg.fedoraproject.org/"
+kanban-qa ipsilon_internal={"type":"static","client_id":"kanban-qa","trusted":true}
+kanban-qa contacts=["fzatlouk@redhat.com"]
+kanban-qa client_id=null
+kanban-qa policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+kanban-qa grant_types="authorization_code"
+kanban-qa response_types="code"
+kanban-qa application_type="web"
+kanban-qa subject_type="public"
+kanban-qa logo_uri=null
+kanban-qa tos_uri=null
+kanban-qa jwks_uri=null
+kanban-qa jwks=null
+kanban-qa sector_identifier_uri=null
+kanban-qa request_uris=[]
+kanban-qa require_auth_time=null
+kanban-qa token_endpoint_auth_method="client_secret_post"
+kanban-qa id_token_signed_response_alg="RS256"
+kanban-qa request_object_signing_alg="none"
+kanban-qa initiate_login_uri=null
+kanban-qa default_max_age=null
+kanban-qa default_acr_values=null
+kanban-qa client_secret_expires_at=0
+
+testing-farm client_name="Testing Farm (staging)"
+testing-farm client_secret="{{ testing_farm_oidc_secret_stg }}"
+testing-farm redirect_uris=["https://api.staging.testing-farm.io/login/fedora/callback"]
+testing-farm client_uri="https://api.staging.testing-farm.io/"
+testing-farm ipsilon_internal={"type":"static","client_id":"testing-farm","trusted":true}
+testing-farm contacts=["tft@redhat.com"]
+testing-farm client_id=null
+testing-farm policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+testing-farm grant_types="authorization_code"
+testing-farm response_types="code"
+testing-farm application_type="web"
+testing-farm subject_type="public"
+testing-farm logo_uri=null
+testing-farm tos_uri=null
+testing-farm jwks_uri=null
+testing-farm jwks=null
+testing-farm sector_identifier_uri=null
+testing-farm request_uris=[]
+testing-farm require_auth_time=null
+testing-farm token_endpoint_auth_method="client_secret_post"
+testing-farm id_token_signed_response_alg="RS256"
+testing-farm request_object_signing_alg="none"
+testing-farm initiate_login_uri=null
+testing-farm default_max_age=null
+testing-farm default_acr_values=null
+testing-farm client_secret_expires_at=0
+
+kerneltest-client client_id=null
+kerneltest-client client_secret="notsecret"
+kerneltest-client client_name="Kernel Tests Client"
+kerneltest-client redirect_uris=["http://localhost:13747/", "http://localhost:12345/", "http://localhost:23456/"]
+kerneltest-client application_type="native"
+kerneltest-client client_uri="https://kerneltest.fedoraproject.org/"
+kerneltest-client contacts=["admin@fedoraproject.org"]
+kerneltest-client logo_uri=null
+kerneltest-client policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+kerneltest-client tos_uri=null
+kerneltest-client jwks_uri=null
+kerneltest-client jwks=null
+kerneltest-client sector_identifier_uri=null
+kerneltest-client subject_type="public"
+kerneltest-client response_types="code"
+kerneltest-client grant_types="authorization_code"
+kerneltest-client request_uris=[]
+kerneltest-client require_auth_time=null
+kerneltest-client token_endpoint_auth_method="client_secret_post"
+kerneltest-client id_token_signed_response_alg="RS256"
+kerneltest-client request_object_signing_alg="none"
+kerneltest-client initiate_login_uri=null
+kerneltest-client default_max_age=null
+kerneltest-client default_acr_values=null
+kerneltest-client client_secret_expires_at=0
+
+konflux-ci client_name="Konflux CI"
+konflux-ci client_secret="{{ konfluxci_stg_oidc_secret }}"
+konflux-ci redirect_uris=["https://oauth-openshift.apps.kfluxfedorap01.toli.p1.openshiftapps.com/oauth2callback/OpenID"]
+konflux-ci client_uri="https://console-openshift-console.apps.kfluxfedorap01.toli.p1.openshiftapps.com"
+konflux-ci ipsilon_internal={"type":"static","client_id":"konflux-ci","trusted":true}
+konflux-ci contacts=["konflux-infra@redhat.com"]
+konflux-ci client_id=null
+konflux-ci policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+konflux-ci grant_types="authorization_code"
+konflux-ci response_types="code"
+konflux-ci application_type="web"
+konflux-ci subject_type="public"
+konflux-ci logo_uri=null
+konflux-ci tos_uri=null
+konflux-ci jwks_uri=null
+konflux-ci jwks=null
+konflux-ci sector_identifier_uri=null
+konflux-ci request_uris=[]
+konflux-ci require_auth_time=null
+konflux-ci token_endpoint_auth_method="client_secret_post"
+konflux-ci id_token_signed_response_alg="RS256"
+konflux-ci request_object_signing_alg="none"
+konflux-ci initiate_login_uri=null
+konflux-ci default_max_age=null
+konflux-ci default_acr_values=null
+konflux-ci client_secret_expires_at=0
+
+forgejo client_id=null
+forgejo client_secret="{{ forgejo_stg_oidc_secret }}"
+forgejo client_name="Forgejo"
+forgejo redirect_uris=["https://forgejo.apps.ocp.stg.fedoraproject.org/user/oauth2/FAS/callback"]
+forgejo application_type="native"
+forgejo client_uri="https://forgejo.apps.ocp.stg.fedoraproject.org/"
+forgejo contacts=["admin@fedoraproject.org"]
+forgejo logo_uri=null
+forgejo policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+forgejo tos_uri=null
+forgejo jwks_uri=null
+forgejo jwks=null
+forgejo sector_identifier_uri=null
+forgejo subject_type="public"
+forgejo response_types="code"
+forgejo grant_types="authorization_code"
+forgejo request_uris=[]
+forgejo require_auth_time=null
+forgejo token_endpoint_auth_method="client_secret_post"
+forgejo id_token_signed_response_alg="RS256"
+forgejo request_object_signing_alg="none"
+forgejo initiate_login_uri=null
+forgejo default_max_age=null
+forgejo default_acr_values=null
+forgejo client_secret_expires_at=0
+forgejo ipsilon_internal={"type":"static","client_id":"forgejo","trusted":true}
+
+webhook2fedmsg client_name="Webhook to Fedora Messaging"
+webhook2fedmsg client_secret=""
+webhook2fedmsg redirect_uris=["https://webhook2fedmsg.stg.fedoraproject.org/docs/oauth2-redirect","https://webhook2fedmsg.apps.ocp.stg.fedoraproject.org/docs/oauth2-redirect"]
+webhook2fedmsg client_uri="https://webhook2fedmsg.stg.fedoraproject.org/"
+webhook2fedmsg ipsilon_internal={"type":"static","client_id":"webhook2fedmsg","trusted":true}
+webhook2fedmsg contacts=["admin@fedoraproject.org"]
+webhook2fedmsg client_id=null
+webhook2fedmsg policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+webhook2fedmsg grant_types="authorization_code"
+webhook2fedmsg response_types="code"
+webhook2fedmsg application_type="native"
+webhook2fedmsg subject_type="public"
+webhook2fedmsg logo_uri=null
+webhook2fedmsg tos_uri=null
+webhook2fedmsg jwks_uri=null
+webhook2fedmsg jwks=null
+webhook2fedmsg sector_identifier_uri=null
+webhook2fedmsg request_uris=[]
+webhook2fedmsg require_auth_time=null
+webhook2fedmsg token_endpoint_auth_method="none"
+webhook2fedmsg id_token_signed_response_alg="RS256"
+webhook2fedmsg request_object_signing_alg="none"
+webhook2fedmsg initiate_login_uri=null
+webhook2fedmsg default_max_age=null
+webhook2fedmsg default_acr_values=null
+webhook2fedmsg client_secret_expires_at=0
+
+fedoracomstg-wpengine-com client_id=null
+fedoracomstg-wpengine-com client_secret="{{ flask_oidc_dev_stg_oidc_client_secret }}"
+fedoracomstg-wpengine-com client_name="Fedora Community Blog (staging)"
+fedoracomstg-wpengine-com redirect_uris=["https://fedoracomstg.wpengine.com/wp-admin/admin-ajax.php?action=openid-connect-authorize"]
+fedoracomstg-wpengine-com application_type="web"
+fedoracomstg-wpengine-com client_uri="https://fedoracomstg.wpengine.com/"
+fedoracomstg-wpengine-com contacts=["misc@fedoraproject.org"]
+fedoracomstg-wpengine-com logo_uri=null
+fedoracomstg-wpengine-com policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+fedoracomstg-wpengine-com tos_uri=null
+fedoracomstg-wpengine-com jwks_uri=null
+fedoracomstg-wpengine-com jwks=null
+fedoracomstg-wpengine-com sector_identifier_uri=null
+fedoracomstg-wpengine-com subject_type="public"
+fedoracomstg-wpengine-com response_types="code"
+fedoracomstg-wpengine-com grant_types="authorization_code"
+fedoracomstg-wpengine-com request_uris=[]
+fedoracomstg-wpengine-com require_auth_time=null
+fedoracomstg-wpengine-com token_endpoint_auth_method="client_secret_post"
+fedoracomstg-wpengine-com id_token_signed_response_alg="RS256"
+fedoracomstg-wpengine-com request_object_signing_alg="none"
+fedoracomstg-wpengine-com initiate_login_uri=null
+fedoracomstg-wpengine-com default_max_age=null
+fedoracomstg-wpengine-com default_acr_values=null
+fedoracomstg-wpengine-com client_secret_expires_at=0
+fedoracomstg-wpengine-com ipsilon_internal={"type":"static","client_id":"fedoracomstg-wpengine-com","trusted":true}
+
+copr client_name="Copr (staging)"
+copr client_secret="{{ copr_oidc_stg_client_secret }}"
+copr redirect_uris=["https://copr.stg.fedoraproject.org/oidc_auth/"]
+copr client_uri="https://copr.stg.fedoraproject.org/"
+copr ipsilon_internal={"type":"static","client_id":"copr","trusted":true}
+copr contacts=["admin@fedoraproject.org"]
+copr client_id=null
+copr policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+copr grant_types="authorization_code"
+copr response_types="code"
+copr application_type="web"
+copr subject_type="public"
+copr logo_uri=null
+copr tos_uri=null
+copr jwks_uri=null
+copr jwks=null
+copr sector_identifier_uri=null
+copr request_uris=[]
+copr require_auth_time=null
+copr token_endpoint_auth_method="client_secret_post"
+copr id_token_signed_response_alg="RS256"
+copr request_object_signing_alg="none"
+copr initiate_login_uri=null
+copr default_max_age=null
+copr default_acr_values=null
+copr client_secret_expires_at=0
+
+fedoramagstg-wpengine-com client_id=null
+fedoramagstg-wpengine-com client_secret="{{ fedoramag_stg_oidc_secret }}"
+fedoramagstg-wpengine-com client_name="Fedora Magazine (staging)"
+fedoramagstg-wpengine-com redirect_uris=["https://fedoramagstg.wpengine.com/wp-admin/admin-ajax.php?action=openid-connect-authorize"]
+fedoramagstg-wpengine-com application_type="web"
+fedoramagstg-wpengine-com client_uri="https://fedoramagstg.wpengine.com/"
+fedoramagstg-wpengine-com contacts=["misc@fedoraproject.org"]
+fedoramagstg-wpengine-com logo_uri=null
+fedoramagstg-wpengine-com policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+fedoramagstg-wpengine-com tos_uri=null
+fedoramagstg-wpengine-com jwks_uri=null
+fedoramagstg-wpengine-com jwks=null
+fedoramagstg-wpengine-com sector_identifier_uri=null
+fedoramagstg-wpengine-com subject_type="public"
+fedoramagstg-wpengine-com response_types="code"
+fedoramagstg-wpengine-com grant_types="authorization_code"
+fedoramagstg-wpengine-com request_uris=[]
+fedoramagstg-wpengine-com require_auth_time=null
+fedoramagstg-wpengine-com token_endpoint_auth_method="client_secret_post"
+fedoramagstg-wpengine-com id_token_signed_response_alg="RS256"
+fedoramagstg-wpengine-com request_object_signing_alg="none"
+fedoramagstg-wpengine-com initiate_login_uri=null
+fedoramagstg-wpengine-com default_max_age=null
+fedoramagstg-wpengine-com default_acr_values=null
+fedoramagstg-wpengine-com client_secret_expires_at=0
+fedoramagstg-wpengine-com ipsilon_internal={"type":"static","client_id":"fedoramagstg-wpengine-com","trusted":true}
+
+distgit client_id=""
+distgit client_secret="{{ distgit_oidc_client_secret_stg }}"
+distgit client_name="Dist-Git (staging)"
+distgit redirect_uris=["https://src.stg.fedoraproject.org/oidc_callback", "https://src.stg.fedoraproject.org/authorize"]
+distgit application_type="web"
+distgit client_uri="https://src.stg.fedoraproject.org/"
+distgit contacts=["admin@fedoraproject.org"]
+distgit logo_uri=null
+distgit policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+distgit tos_uri=null
+distgit jwks_uri=null
+distgit jwks=null
+distgit sector_identifier_uri="https://src.stg.fedoraproject.org/"
+distgit subject_type="pairwise"
+distgit response_types="code"
+distgit grant_types="authorization_code"
+distgit request_uris=[]
+distgit require_auth_time=null
+distgit token_endpoint_auth_method="client_secret_post"
+distgit id_token_signed_response_alg="RS256"
+distgit request_object_signing_alg="none"
+distgit initiate_login_uri=null
+distgit default_max_age=null
+distgit default_acr_values=null
+distgit client_secret_expires_at=0
+distgit ipsilon_internal={"type":"static","client_id":"distgit","trusted":true}
+
+anitya_stg client_id=""
+anitya_stg client_secret="{{ anitya_stg_fedora_client_secret }}"
+anitya_stg client_name="Release Monitoring (staging)"
+anitya_stg redirect_uris=["https://stg.release-monitoring.org/auth/fedora"]
+anitya_stg application_type="web"
+anitya_stg client_uri="https://stg.release-monitoring.org/"
+anitya_stg contacts=["admin@fedoraproject.org"]
+anitya_stg logo_uri=null
+anitya_stg policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+anitya_stg tos_uri=null
+anitya_stg jwks_uri=null
+anitya_stg jwks=null
+anitya_stg sector_identifier_uri="https://stg.release-monitoring.org/"
+anitya_stg subject_type="pairwise"
+anitya_stg response_types="code"
+anitya_stg grant_types="authorization_code"
+anitya_stg request_uris=[]
+anitya_stg require_auth_time=null
+anitya_stg token_endpoint_auth_method="client_secret_post"
+anitya_stg id_token_signed_response_alg="RS256"
+anitya_stg request_object_signing_alg="none"
+anitya_stg initiate_login_uri=null
+anitya_stg default_max_age=null
+anitya_stg default_acr_values=null
+anitya_stg client_secret_expires_at=0
+anitya_stg ipsilon_internal={"type":"static","client_id":"anitya_stg","trusted":true}
+
+openqa client_id=""
+openqa client_secret="{{ openqa_stg_oidc_secret }}"
+openqa client_name="OpenQA (staging)"
+openqa redirect_uris=["https://openqa.stg.fedoraproject.org/login"]
+openqa application_type="web"
+openqa client_uri="https://openqa.stg.fedoraproject.org"
+openqa contacts=["qa-tools-sig@lists.fedoraproject.org"]
+openqa logo_uri=null
+openqa policy_uri="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
+openqa tos_uri=null
+openqa jwks_uri=null
+openqa jwks=null
+openqa sector_identifier_uri="https://openqa.stg.fedoraproject.org"
+openqa subject_type="pairwise"
+openqa response_types="code"
+openqa grant_types="authorization_code"
+openqa request_uris=[]
+openqa require_auth_time=null
+openqa token_endpoint_auth_method="client_secret_post"
+openqa id_token_signed_response_alg="RS256"
+openqa request_object_signing_alg="none"
+openqa initiate_login_uri=null
+openqa default_max_age=null
+openqa default_acr_values=null
+openqa client_secret_expires_at=0
+openqa ipsilon_internal={"type":"static","client_id":"openqa","trusted":true}