---
version: 1.1

remotes:
  description: Remote clients needing to verify OAuth2 account
  type: domainname
  multi: true
  provider: OAuth2
  hidden: true
  mandatory: false

"oauth2_{{ suffix }}":
  _description: 'OAuth2 for {{ suffix }}'
  dynamic:
    variable: oauth2.remotes

  client_id:
    description: 'Remote client id for {{ suffix }}'
    hidden: true
    provider: OAuth2:client_id

  secret:
    description: 'Remote secret for {{ suffix }}'
    type: secret
    hidden: true
    provider: OAuth2:secret

  name:
    description: 'Remote name for {{ suffix }}'
    hidden: true
    provider: OAuth2:name
    mandatory: false

  description:
    description: 'Remote description for {{ suffix }}'
    hidden: true
    provider: OAuth2:description
    mandatory: false

  category:
    description: 'Remote category for {{ suffix }}'
    hidden: true
    provider: OAuth2:category
    mandatory: false

  login:
    description: 'Remote URL to login for {{ suffix }}'
    hidden: true
    provider: OAuth2:login
    mandatory: false

  external:
    type: leadership

    hosts:
      description: 'Remote external for {{ suffix }}'
      provider: OAuth2:external
      hidden: true
      mandatory: false

    family:
      description: 'Remote family for {{ suffix }}'
      provider: OAuth2:family
      mandatory: false

  logo:
    description: 'Logo for {{ suffix }}'
    hidden: true
    provider: OAuth2:logo
    mandatory: false

  token_signature_algo:
    description: 'OAuth2 token signature algorithm for {{ suffix }}'
    hidden: true
    provider: OAuth2:token_signature_algo
    choices:
      - HS512
      - RS256

  oauth2_client_external_domain:
    description: 'External domain for {{ suffix }}'
    type: domainname
    hidden: true
    supplier: OAuth2:external_domain
    default:
      jinja: >-
        {% set domains = general.revprox.client.external_domainnames %}
        {%- if domains -%}
        {{ domains[0] }}
        {%- endif -%}