#jinja2: trim_blocks:False
{
    "clientId": "{{ client_id }}",
    "rootUrl": "{{ client_root_url }}",
    "adminUrl": "{{ client_admin_url }}",
    "baseUrl": "{{ client_base_url | default('') }}",
    "surrogateAuthRequired": false,
    "enabled": true,
    "alwaysDisplayInConsole": false,
    "clientAuthenticatorType": "client-secret",
    "redirectUris": [
{% for uri in client_redirect_uri %}
        "{{ uri }}",
{% endfor %}
    ],
    "webOrigins": [
{% for uri in client_web_origins %}
        "{{ uri }}"
{% endfor %}
    ],
    "notBefore": 0,
    "bearerOnly": false,
    "consentRequired": false,
    "standardFlowEnabled": true,
    "implicitFlowEnabled": false,
    "directAccessGrantsEnabled": true,
    "serviceAccountsEnabled": false,
    "publicClient": false,
    "frontchannelLogout": false,
    "protocol": "{{ keycloak_clientscope_protocol }}",
    "attributes": {
        "saml.assertion.signature": "false",
        "id.token.as.detached.signature": "false",
        "access.token.lifespan": "{{ keycloak_accesstoken_ttl | default(3600) }}",
        "saml.multivalued.roles": "false",
        "saml.force.post.binding": "false",
        "saml.encrypt": "false",
        "oauth2.device.authorization.grant.enabled": "false",
        "saml.server.signature": "false",
        "backchannel.logout.revoke.offline.tokens": "false",
        "saml.server.signature.keyinfo.ext": "false",
        "use.refresh.tokens": "true",
        "exclude.session.state.from.auth.response": "false",
        "oidc.ciba.grant.enabled": "false",
        "saml.artifact.binding": "false",
        "backchannel.logout.session.required": "true",
        "client_credentials.use_refresh_token": "false",
        "saml_force_name_id_format": "false",
        "saml.client.signature": "false",
        "tls.client.certificate.bound.access.tokens": "false",
        "saml.authnstatement": "false",
        "display.on.consent.screen": "false",
        "saml.onetimeuse.condition": "false"
    },
    "authenticationFlowBindingOverrides": {},
    "fullScopeAllowed": true,
    "nodeReRegistrationTimeout": -1,
    "protocolMappers": [
        {
            "name": "docker-v2-allow-all-mapper",
            "protocol": "docker-v2",
            "protocolMapper": "docker-v2-allow-all-mapper",
            "consentRequired": false,
            "config": {}
        }
    ],
    "defaultClientScopes": [
        "web-origins",
        "profile",
        "roles",
        "{{ keycloak_clientscope_name }}",
        "email"
    ],
    "optionalClientScopes": [
        "address",
        "phone",
        "offline_access",
        "microprofile-jwt"
    ],
    "access": {
        "view": true,
        "configure": true,
        "manage": true
    },
    "secret": '{{ keycloak_client_secret }}'
}