<% if flash[:client_id] && flash[:client_secret] %>

🔐 OIDC Client Credentials

Copy these credentials now. The client secret will not be shown again.

Client ID:
<%= flash[:client_id] %>
Client Secret:
<%= flash[:client_secret] %>
<% end %>
<% if @application.icon.attached? %> <%= image_tag @application.icon, class: "h-16 w-16 rounded-lg object-cover border border-gray-200 shrink-0", alt: "#{@application.name} icon" %> <% else %>
<% end %>

<%= @application.name %>

<%= @application.description %>

<%= link_to "Edit", edit_admin_application_path(@application), class: "rounded-md bg-white px-3 py-2 text-sm font-semibold text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 hover:bg-gray-50" %> <%= button_to "Delete", admin_application_path(@application), method: :delete, data: { turbo_confirm: "Are you sure?" }, class: "rounded-md bg-red-600 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-red-500" %>

Basic Information

Slug
<%= @application.slug %>
Type
<% case @application.app_type %> <% when "oidc" %> OIDC <% when "forward_auth" %> Forward Auth <% end %>
Status
<% if @application.active? %> Active <% else %> Inactive <% end %>
Landing URL
<% if @application.landing_url.present? %> <%= link_to @application.landing_url, @application.landing_url, target: "_blank", rel: "noopener noreferrer", class: "text-blue-600 hover:text-blue-800 underline" %> <% else %> Not configured <% end %>
<% if @application.oidc? %>

OIDC Configuration

<%= button_to "Regenerate Credentials", regenerate_credentials_admin_application_path(@application), method: :post, data: { turbo_confirm: "This will invalidate the current credentials. Continue?" }, class: "text-sm text-red-600 hover:text-red-900" %>
<% unless flash[:client_id] && flash[:client_secret] %>
Client ID
<%= @application.client_id %>
Client Secret
🔒 Client secret is stored securely and cannot be displayed

To get a new client secret, use the "Regenerate Credentials" button above.

<% end %>
Redirect URIs
<% if @application.redirect_uris.present? %> <% @application.parsed_redirect_uris.each do |uri| %> <%= uri %> <% end %> <% else %> No redirect URIs configured <% end %>
Backchannel Logout URI <% if @application.supports_backchannel_logout? %> Enabled <% end %>
<% if @application.backchannel_logout_uri.present? %> <%= @application.backchannel_logout_uri %>

When users log out, Clinch will send logout notifications to this endpoint for immediate session termination.

<% else %> Not configured

Backchannel logout is optional. Configure it if the application supports OpenID Connect Backchannel Logout.

<% end %>
<% end %> <% if @application.forward_auth? %>

Forward Auth Configuration

Domain Pattern
<%= @application.domain_pattern %>
Headers Configuration
<% if @application.headers_config.present? && @application.headers_config.any? %> <%= JSON.pretty_generate(@application.headers_config) %> <% else %>
Using default headers: X-Remote-User, X-Remote-Email, X-Remote-Name, X-Remote-Groups, X-Remote-Admin
<% end %>
<% end %>

Access Control

Allowed Groups
<% if @allowed_groups.empty? %>

No groups assigned - all active users can access this application.

<% else %>
    <% @allowed_groups.each do |group| %>

  • <%= group.name %>

    <%= pluralize(group.users.count, "member") %>

    • <% end %>
<% end %>