fix: whitelist SSO

.env.sample

@@ -20,6 +20,7 @@ COMPOSE_FILE="compose.yml"
 #KEYCLOAK_NAME=
 #KEYCLOAK_URL=
 #KEYCLOAK_CLIENT_ID=
+#KEYCLOAK_CLIENT_DOMAIN=
 #SECRET_KEYCLOAK_CLIENT_SECRET_VERSION=v1
 
 #COMPOSE_FILE="compose.yml:compose.turn.yml"

compose.keycloak.yml

@@ -10,10 +10,11 @@ services:
       - macaroon_secret_key
       - registration_shared_secret
     environment:
+      - KEYCLOAK_CLIENT_DOMAIN
+      - KEYCLOAK_CLIENT_ID
       - KEYCLOAK_ENABLED
       - KEYCLOAK_NAME
       - KEYCLOAK_URL
-      - KEYCLOAK_CLIENT_ID
 
 secrets:
   keycloak_client_secret:

homeserver.yaml.tmpl

@@ -1948,6 +1948,11 @@ sso:
     #client_whitelist:
     #  - https://riot.im/develop
     #  - https://my.custom.client/
+    {{ if eq (env "KEYCLOAK_ENABLED") "1" }}
+    client_whitelist:
+      - https://{{ env "KEYCLOAK_CLIENT_DOMAIN" }}
+    {{ end }}
+
 
     # Uncomment to keep a user's profile fields in sync with information from
     # the identity provider. Currently only syncing the displayname is