feat: migrate to identity auth

VictoriaBeilsten-Edmands · VictoriaBeilsten-Edmands · commit 0d683db280e2 · 2026-03-18T15:44:43.000Z
diff --git a/charts/apps/templates/nightly.yaml b/charts/apps/templates/nightly.yaml
@@ -100,12 +100,12 @@ spec:
               configData:
                 providers:
                   - provider: oidc
-                    scope: "openid profile email fedid"
+                    scope: "openid profile email fedid posix-id"
                     clientId: graph-nightly
                     clientSecretFile: /etc/alpha/client-secret
                     id: authn
                     oidcConfig:
-                      issuerURL: https://authn.diamond.ac.uk/realms/master
+                      issuerURL: https://identity.diamond.ac.uk/realms/dls
                       insecureAllowUnverifiedEmail: true
                       audienceClaims:
                         - aud
diff --git a/charts/apps/templates/stable.yaml b/charts/apps/templates/stable.yaml
@@ -101,12 +101,12 @@ spec:
               configData:
                 providers:
                   - provider: oidc
-                    scope: "openid profile email fedid"
+                    scope: "openid profile email fedid posix-id"
                     clientId: graph
                     clientSecretFile: /etc/alpha/client-secret
                     id: authn
                     oidcConfig:
-                      issuerURL: https://authn.diamond.ac.uk/realms/master
+                      issuerURL: https://identity.diamond.ac.uk/realms/dls
                       insecureAllowUnverifiedEmail: true
                       audienceClaims:
                         - aud
diff --git a/charts/graph/templates/oauth2-client-secret.yaml b/charts/graph/templates/oauth2-client-secret.yaml
@@ -18,7 +18,7 @@ spec:
       name: "{{ .Release.Name }}-oauth2-client"
       namespace: graph
   encryptedData:
-    secret: AgBUgtF/hs/jn0bua0kXFFDLeaH7Os0H5Bbiu9q5TdW3MtxWlkMH73GXCT6WBKaH4hNwzyrhJTnFf4hR3qev/kTzmvoXPZWE759l1qMjG5a5lmrVktlrF+GBHDSsY4l78VYgZ7crYirKy9fC77P8E6whyMoUFSpaKPcDvbyjOTeKkLx621OZTjwAEIyxuUC4zYUPyQiqzLMVRPTLZYENu3P2VWkAeEKmgABNeqi/VVfoDb7HmBuEmgUF8NWDkafksJ1puWBlT9KxgBbHGVWYC65Ji5hvHjALLRkDioxvp2N3HTJBqKH/2ndvTAbS1mTyVFC2Y7CyWBZFA2FBc2xNqUyKxNAYbUsZiUPuTJoOEZW935lrgwn4JxOUnPcx3q1GVDYebNfYXeaTtV7tBWrXbtqgz+zehE7rG52Fb2aaXNVuz6h3CAOLzhhcNwgb+zz/+VeeuHd5HI5cWP8ej8X5QcR4jjEk8E+DnS1vIwg2FJnc3CSBXotgzorMh+m5hWqYwmSJ80VTsQu+lM50KoWYKtERMZYfpG/HZ4wHLLby9OAcb+0kNoKYpASFcjpA42RfmlSLAg/NOMXhWQn1ot/QGEEUvd7RgfaJMutUmh3O1N/7hJC5upYpF4aUdVczm4sj3b16EbMWAF1orphbWNDhqChPZda+iuDnf0QpjyDFtvpHSnMm0cd34WO6GkiOJrSTnKZ7/Vrv1MAw16K66LmP2BW4iafywNzUkyj8Eqmq/Gtb7A==
+    secret: AgCItSnuO1I2DlQaMiecqCKGNtEh696k2dVctT1ELmvJZIwyjctnOvdJ+IKYpC/RboZTYCpu+0MLjaW2yebtdnAU/1Db5Z5n7eyuPsmsJeF16C0kPYinpd3b1YvJNeGbZypFRKhJQyCeKgG3PZIVMHGG1fVBr3X2g+zStYOuHf07vg7e4oqyHSV6VZpBUCXmaglVg+uvrLku6wVHXlGyIpifplgFpP6uaQPGFE0gOSwbjtyb5ZXGymTXJwaBBX569ib3CuEC87NGzzx32v/spvRNUoSmMK8Z0h3BIwE7LG28zPUlA01W4lBJ2ZTNlMICkwy1hsJpH6aRHLnRKDSh/9XzP3YfyktPcMptQHzGnZLka2PdtGcxiBQGySKwVjxNmd8eN51GjKgjocd4pA+Gni2p6rT2nWEVCyU8h2nFk4wEu1/1A6Jf67pmatbrx7agPLFe6ZqLDPoE4X8jrX6XPMxQPcEmrtWTEuMg90+MZsqQQovswWVNC7F4Hdx85K+0hNcVMWKzBgwgt2ycrjQN40yV3ZaSMa3U4PtB7IFttBQ+qweg89smuXoKtnVsu7cVAiStpbW7C7Fk7NvcqftyaHKYWlEp/xNopoli6KcTB3galBoJDXR/3eQYE/sxcm94TZI6vE0Dh2ZThaDzbJs0wC8QckXrC8Q9oscPRGwXRKQgmVfQZgA6PzRLauMm4lmA3Rx/DrVzYAQu4A0qXsLR5mO9QNigjKhKf5Y=
 {{- else if eq $clientId "graph-nightly" -}}
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
@@ -37,5 +37,5 @@ spec:
       name: "{{ .Release.Name }}-oauth2-client"
       namespace: graph
   encryptedData:
-    secret: AgCjE7inLKbwt9xKe3a8QNdYMZkH2efmQqi/ZNwsjx0D6d1yrl4uQ0nZN4WNlcB5NrmtjcT6A6oFfBDgABdr1sd17ywijQjac72k9by3dOyG0Nhq39kvTp8hIknyc/ZXDZNK99PsjHmmN6kVSVl1VwpzJBhzQVzx7VmZBI8a/POngZRlsr9TRhMguyTbkV4J76yUkv4l753WiTMAPoIn174UKIpgJ3+r4OMTPOTGmsf+iX9lT0b+PcXZCPpTkelsOQIAk/kWomJDg6vCUWIu7JdjQCQUq3QobruY3/7c3bs40aap+BMQ+m2a7gHBhcgK/kGQUGLUO2dMOVE/WPwI7ktMQdzW7xF3ydKQQa6HkPKH9B1ytHDkse6ej7+aybMRnDNseyPCQNWpBah+F0DUvxQ+SxI0nykG8+SwgOLrRhTmOYAxxH6B/U1qBfrzOyQmreJRW6rdnLfX189pCezupcjTZiIuXR1FXhdNe4rjjwhSrhsZabsH73lVl6pTJfZCVN8ZSDJdmZOLk40Hs+39G2HrYUSQVHNQZWMJPLRwf8ha02V1azaQl5kemjb2VwCosloNuizVkVRwzVV0rWnoQDVjhsY2xX7askEnCxqllyaiuhqYbrZqchnENAjbhwpR98Qy/UexLsNp1bpvbgRhBAeRI5qq2NB2SKWOZP3Mr0R1yff7k0+OJ1gKaQ6B5JwV5pqYTSHBMO6PlVOKhOlj5W3IOqqLVdMKg8e3HVhavo6AUw==
+    secret: AgBYdLGb1ZVMYn3lKCBYyqSJw5/lGfO1cIr5Vg71J2y7pyjJaCIwBscyEcS2064x8PDa0uFz7z6fHzH/t4ElYXH1Ca3zQsb7vDnmOwzs6ZGQovu0xuFofL7kQv2u31uzTryaC91c3WGa0IT23clMbrjiZJxg0ioT10FS3MXxk4bGutyjo9jZyndCN9j2CIJWnTIdK7HxPe5uQWkFjMa/tnERntqH9MNodwRltgiOBIoqCF6noEBkL1KoY1ds5Ld9oKdEUexNkKl3w7oy86oF0N+03N5gON/OVFIOZnWYbZhGctV1wTLkStSFyrOayV4/jsz5V4pFZX9B57PdxZt8Xqg1k7ykREu45K1wk2/AsjYq6ZW8ZATWNsEnBYimICxUp0i1ytYnrdZM/jDiM/BXjoNCU51sUnFqz8ofdBfZNaG3aftz6wrgDCHzAj4B7iHrGx9b2M6YLPj4booBmZIeQKS5mzKy3kg2TX4vASWwG6L3QqqX76D4ntK6KYhldSvlqfkQXy/tnFh7Y1cPtHd+yd/FgMEH9NglEO21lQHWuWgkVzAp1GG4BsmJiLMUC90S+20zrfh44TRYjSox++6WsDQ6H6Cmbu3E55PfdDjjZHcUu0dOyvt/zZ73gbfaakj+Bjgw0P4T/Sxm/gSu0xkMDUj+kv+HGgAJ9VMe8PjzH6wMk0GsewVddlmbH1Nq1FwZozZPFE/eWOb9V/3LWG2MD+72B1PUUZv0dEI=
 {{- end }}
