loft-sh · deniseschannon · Jul 25, 2024 · Jul 25, 2024
@@ -6,6 +6,8 @@ sidebar_position: 6
 
 vCluster Platform can act as an OpenID Connect provider for other services, e.g. a self-hosted container registry using [Harbor](https://goharbor.io).
 
+## Configuring vCluster Platform as an OIDC Provider
+
 To tell vCluster Platform to act as OIDC provider, navigate to `Admin > Config` and add the `oidc` section to your config:
 
 ```yaml {2-9}
@@ -22,6 +24,28 @@ oidc:
 # - ADD A 3rd OIDC CLIENT HERE
 ```
 
+## Adding OIDC Clients to vCluster Platform OIDC Using Secrets
+
+You can add OIDC clients to vCluster Platform using Kubernetes secrets. These secrets should contain the string fields `name`, `clientID`, `clientSecret`, and `redirectURIs`. Multiple redirect URIs should be delimitted by `\n`. vCluster Platform will only recognize an OIDC client secret if they posses the labels `clientID` and `component`. The value for `clientID` should match the `clientID` field's value and the value for `component` should be `oidcServer`. Here is an example of a yaml manifest that can be used to manage an OIDC client for vCluster Platform's OIDC provider:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: test-oidc-client
+  labels:
+    clientID: loft2
+    component: oidcServer
+type: Opaque
+stringData:
+  name: "Example Client"
+  clientID: "loft2"
+  clientSecret: "MYCLIENTSECRET"
+  redirectURIs: http://my-allowed-redirect-uri\nhttp://my-allowed-redirect-uri2 # delimit multiple uris with newlines
+```
+
+## Using vCluster OIDC Provider in Other Applications
+
 To configure vCluster Platform as an OIDC provider somewhere else, you can fill out the following fields with:
 
 - OIDC Provider Endpoint / Issuer: https://vcluster-platform.mycompany.tld/oidc