---
version: "3.8"

# Upstream OIDC provider for MAS (e.g. Authentik, Keycloak).
# Requires compose.mas.yml. Adds the client secret and env vars needed by mas.config.yaml.tmpl.

services:
  mas:
    environment:
      - MAS_UPSTREAM_PROVIDER_ID
      - MAS_UPSTREAM_ISSUER
      - MAS_UPSTREAM_CLIENT_ID
      - MAS_UPSTREAM_HUMAN_NAME
      - MAS_UPSTREAM_SYNAPSE_IDP_ID
    secrets:
      - mas_upstream_client_secret

secrets:
  mas_upstream_client_secret:
    external: true
    name: ${STACK_NAME}_mas_upstream_client_secret_${SECRET_MAS_UPSTREAM_CLIENT_SECRET_VERSION}