blumeops

History

Erich Blume b0023fef92 Switch Mealie OIDC to confidential client Mealie requires OIDC_CLIENT_SECRET even though its docs say "public client with PKCE". The token exchange happens server-side in Mealie's Python backend, so the secret never reaches the browser. - Generate client secret, store in 1Password - Add to Authentik external-secret and worker env - Switch blueprint from public to confidential - Add ExternalSecret for mealie namespace - Update docs to reflect confidential client Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-16 21:50:34 -07:00
..
apps	Add Mealie recipe manager service	2026-03-16 21:07:25 -07:00
manifests	Switch Mealie OIDC to confidential client	2026-03-16 21:50:34 -07:00

Erich Blume b0023fef92 Switch Mealie OIDC to confidential client

Mealie requires OIDC_CLIENT_SECRET even though its docs say "public
client with PKCE". The token exchange happens server-side in Mealie's
Python backend, so the secret never reaches the browser.

- Generate client secret, store in 1Password
- Add to Authentik external-secret and worker env
- Switch blueprint from public to confidential
- Add ExternalSecret for mealie namespace
- Update docs to reflect confidential client

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-16 21:50:34 -07:00

apps

Add Mealie recipe manager service

2026-03-16 21:07:25 -07:00

manifests

Switch Mealie OIDC to confidential client

2026-03-16 21:50:34 -07:00