* Keycloak

Running at id.fcuny.net

There's an admin user in 1password.

** Client for forgejo
- create a client with name =forgejo=
- set root URL to =https://code.fcuny.net=
- set home URL to =https://code.fcuny.net=
- set valid redirects URL to =https://code.fcuny.net*=
- set web origins to =https://code.fcuny.net=
- set admin URL to https://code.fcuny.net
- set client authentication to =on=
- keep =standard flow= checked and nothing else
*** forgejo configuration
- create a new authentication source under https://code.fcuny.net/admin/auths
- choose OAuth2
- set the name to =id.fcuny.net=
- set OAuth2 provider to OpenID Connect
- configure the OpenID realm to =https://id.fcuny.net/realms/master/.well-known/openid-configuration=
- the client ID is =forgejo=
- the client secret is in the =credentials= tab in forgejo for the client
- select =skip local 2FA=