# {{ ansible_managed }}

password_config:
  enabled: false

{% if synapse_sso_client_whitelist is defined %}
sso:
  client_whitelist:
{% for client in synapse_sso_client_whitelist %}
    - {{ client }}
{% endfor %}
{% endif %}

oidc_providers:
{% for provider in matrix_openidc_providers %}
  - idp_id: "{{ provider.idp_id }}"
    idp_name: "{{ provider.idp_name }}"
{% if provider.idp_icon is defined %}
    idp_icon: "{{ provider.idp_icon }}"
{% endif %}
{% if provider.idp_brand is defined %}
    idp_brand: "{{ provider.idp_brand }}"
{% endif %}
    discover: {{ provider.discover | default(true) | bool | lower }}
    issuer: "{{ provider.issuer }}"
    client_id: "{{ provider.client_id }}"
{% if provider.client_secret is defined %}
    client_secret: "{{ provider.client_secret }}"
{% else %}
    client_secret_jwt_key: "{{ provider.client_secret_jwt_key }}"
{% endif %}
    client_auth_method: "{{ provider.client_auth_method | default('client_secret_basic') }}"
    scopes: {{ provider.scopes }}
{% if provider.discover == false %}
    authorization_endpoint: "{{ provider.authorization_endpoint }}"
    token_endpoint: "{{ provider.token_endpoint }}"
{% if provider.userinfo_endpoint is defined %}
    userinfo_endpoint: "{{ provider.userinfo_endpoint }}"
{% endif %}
{% if provider.jwks_uri is defined %}
    jwks_uri: "{{ provider.jwks_uri }}"
{% endif %}
{% endif %}
{% if provider.skip_verification is defined %}
    skip_verification: "{{ provider.skip_verification }}"
{% endif %}
    user_profile_method: "{{ provider.user_profile_method | default('auto') }}"
    allow_existing_users: {{ provider.allow_existing_users | default(false) | bool | lower }}
{% if provider.user_mapping_provider is defined %}
    user_mapping_provider:
{% for mapping_provider in provider.user_mapping_provider %}
        "{{ mapping_provider }}":
{% if provider.user_mapping_provider[mapping_provider].subject_claim is defined %}
          subject_claim: "{{ provider.user_mapping_provider[mapping_provider].subject_claim }}"
{% endif %}
{% if provider.user_mapping_provider[mapping_provider].localpart_template is defined %}
          localpart_template: "{{ provider.user_mapping_provider[mapping_provider].localpart_template }}"
{% endif %}
{% if provider.user_mapping_provider[mapping_provider].display_name_template is defined %}
          display_name_template: "{{ provider.user_mapping_provider[mapping_provider].display_name_template }}"
{% endif %}
{% if provider.user_mapping_provider[mapping_provider].email_template is defined %}
          email_template: "{{ provider.user_mapping_provider[mapping_provider].email_template }}"
{% endif %}
{% endfor %}
{% endif %}
{% if provider.attribute_requirements is defined %}
    attribute_requirements:
{% for attribute in provider.attribute_requirements %}
      - attribute: "{{ attribute }}"
        value: "{{ attribute.value }}"
{% endfor %}
{% endif %}
{% endfor %}