---
identity_providers:
  oidc:
    clients:
      # https://www.authelia.com/integration/openid-connect/clients/ezbookkeeping/
      - client_id: 'ezbookkeeping'
        client_name: 'ezBookkeeping'
        client_secret: 'hash'
        public: false
        authorization_policy: 'one_factor'
        require_pkce: true
        pkce_challenge_method: 'S256'
        redirect_uris:
          - 'https://ezbookkeeping.example.com/oauth2/callback'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
        access_token_signed_response_alg: 'none'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'