eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference
History
Erich Blume b0023fef92 Switch Mealie OIDC to confidential client 
Mealie requires OIDC_CLIENT_SECRET even though its docs say "public
client with PKCE". The token exchange happens server-side in Mealie's
Python backend, so the secret never reaches the browser.

- Generate client secret, store in 1Password
- Add to Authentik external-secret and worker env
- Switch blueprint from public to confidential
- Add ExternalSecret for mealie namespace
- Update docs to reflect confidential client

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 21:50:34 -07:00
..
infrastructure Add Mealie recipe manager service 2026-03-16 21:07:25 -07:00
kubernetes Add Mealie recipe manager service 2026-03-16 21:07:25 -07:00
operations Add OpenTelemetry distributed tracing (Tempo + Beyla eBPF) (#286) 2026-03-05 10:51:07 -08:00
services Switch Mealie OIDC to confidential client 2026-03-16 21:50:34 -07:00
storage Review restore-1password-backup doc: fix offsite TBD, clarify archive name, add BorgBase to backups 2026-03-15 10:13:07 -07:00
tools Document ai-sources in AI guide, change process, and mise-tasks ref 2026-03-15 18:43:39 -07:00