sbbb/base/devtools/penpot-oidc.yaml

# Penpot OIDC client — Hydra Maester creates Secret "oidc-penpot" in devtools
# with CLIENT_ID and CLIENT_SECRET keys.
apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
  name: penpot
  namespace: devtools
spec:
  clientName: Penpot
  grantTypes:
    - authorization_code
    - refresh_token
  responseTypes:
    - code
  scope: openid email profile
  redirectUris:
    - https://designer.DOMAIN_SUFFIX/api/auth/oidc/callback
  tokenEndpointAuthMethod: client_secret_post
  secretName: oidc-penpot
  skipConsent: true