diff --git a/infra/.env b/infra/.env
new file mode 100644
index 000000000..c4c692acb
--- /dev/null
+++ b/infra/.env
@@ -0,0 +1 @@
+KEYCLOAK_ADMIN_PASSWORD=admin
\ No newline at end of file
diff --git a/infra/.gitignore b/infra/.gitignore
new file mode 100644
index 000000000..9b071d45b
--- /dev/null
+++ b/infra/.gitignore
@@ -0,0 +1,2 @@
+ssl/
+docker-compose-ssl.yaml
diff --git a/infra/compose.yml b/infra/compose.yml
new file mode 100644
index 000000000..971bb1012
--- /dev/null
+++ b/infra/compose.yml
@@ -0,0 +1,37 @@
+name: spring-addons-infra
+services:
+ keycloak:
+ container_name: spring-addons.authorization-server
+ image: quay.io/keycloak/keycloak:latest
+ command:
+ - start-dev
+ - --import-realm
+ ports:
+ - 7080:7080
+ volumes:
+ - ./import/:/opt/keycloak/data/import/
+ environment:
+# KC_DB: postgres
+# KC_DB_URL: jdbc:postgresql://postgres-keycloak:5432/keycloak
+# KC_DB_SCHEMA: public
+# KC_DB_USERNAME: keycloak
+# KC_DB_PASSWORD: secret
+ KEYCLOAK_ADMIN: admin
+ KEYCLOAK_ADMIN_PASSWORD: admin
+ KC_HTTP_PORT: 7080
+ KC_HOSTNAME_URL: http://localhost:7080/auth
+ KC_HOSTNAME_ADMIN_URL: http://localhost:7080/auth
+ KC_HOSTNAME_STRICT_BACKCHANNEL: true
+ #KC_HOSTNAME_DEBUG: true
+ KC_HTTP_RELATIVE_PATH: /auth/
+ KC_HTTP_ENABLED: true
+ KC_HEALTH_ENABLED: true
+ KC_METRICS_ENABLED: true
+ #KC_LOG_LEVEL: DEBUG
+ extra_hosts:
+ - "host.docker.internal:host-gateway"
+ healthcheck:
+ test: ['CMD-SHELL', '[ -f /tmp/HealthCheck.java ] || echo "public class HealthCheck { public static void main(String[] args) throws java.lang.Throwable { System.exit(java.net.HttpURLConnection.HTTP_OK == ((java.net.HttpURLConnection)new java.net.URL(args[0]).openConnection()).getResponseCode() ? 0 : 1); } }" > /tmp/HealthCheck.java && java /tmp/HealthCheck.java http://localhost:7080/auth/health/live']
+ interval: 5s
+ timeout: 5s
+ retries: 20
diff --git a/infra/import/spring-addons-realm.json b/infra/import/spring-addons-realm.json
new file mode 100644
index 000000000..df299751c
--- /dev/null
+++ b/infra/import/spring-addons-realm.json
@@ -0,0 +1,1999 @@
+{
+ "id" : "7ba12447-8598-475b-9d8d-ff8196b8291f",
+ "realm" : "spring-addons",
+ "notBefore" : 0,
+ "defaultSignatureAlgorithm" : "RS256",
+ "revokeRefreshToken" : false,
+ "refreshTokenMaxReuse" : 0,
+ "accessTokenLifespan" : 120,
+ "accessTokenLifespanForImplicitFlow" : 900,
+ "ssoSessionIdleTimeout" : 1800,
+ "ssoSessionMaxLifespan" : 36000,
+ "ssoSessionIdleTimeoutRememberMe" : 0,
+ "ssoSessionMaxLifespanRememberMe" : 0,
+ "offlineSessionIdleTimeout" : 2592000,
+ "offlineSessionMaxLifespanEnabled" : false,
+ "offlineSessionMaxLifespan" : 5184000,
+ "clientSessionIdleTimeout" : 0,
+ "clientSessionMaxLifespan" : 0,
+ "clientOfflineSessionIdleTimeout" : 0,
+ "clientOfflineSessionMaxLifespan" : 0,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "actionTokenGeneratedByAdminLifespan" : 43200,
+ "actionTokenGeneratedByUserLifespan" : 300,
+ "oauth2DeviceCodeLifespan" : 600,
+ "oauth2DevicePollingInterval" : 5,
+ "enabled" : true,
+ "sslRequired" : "external",
+ "registrationAllowed" : true,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : true,
+ "verifyEmail" : false,
+ "loginWithEmailAllowed" : true,
+ "duplicateEmailsAllowed" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "permanentLockout" : false,
+ "maxTemporaryLockouts" : 0,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "roles" : {
+ "realm" : [ {
+ "id" : "f1a0d788-37cb-47d8-be85-f2d67d82c68f",
+ "name" : "default-roles-spring-addons",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "offline_access", "uma_authorization" ],
+ "client" : {
+ "account" : [ "view-profile", "manage-account" ]
+ }
+ },
+ "clientRole" : false,
+ "containerId" : "7ba12447-8598-475b-9d8d-ff8196b8291f",
+ "attributes" : { }
+ }, {
+ "id" : "92141996-8db0-4ee3-a57b-73373dc8a11c",
+ "name" : "TRUSTED_MVC_CLIENT",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "7ba12447-8598-475b-9d8d-ff8196b8291f",
+ "attributes" : { }
+ }, {
+ "id" : "ef837d96-eddf-4cde-81b8-c620e0307a7a",
+ "name" : "BFF",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "7ba12447-8598-475b-9d8d-ff8196b8291f",
+ "attributes" : { }
+ }, {
+ "id" : "10c4a874-7303-4b5e-a94c-4aad56aca07f",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "7ba12447-8598-475b-9d8d-ff8196b8291f",
+ "attributes" : { }
+ }, {
+ "id" : "3e1d7c8b-b6db-43f0-b556-c3d768466c27",
+ "name" : "uma_authorization",
+ "description" : "${role_uma_authorization}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "7ba12447-8598-475b-9d8d-ff8196b8291f",
+ "attributes" : { }
+ }, {
+ "id" : "6bbc8ae3-5560-4aa5-8afd-e1221817c596",
+ "name" : "NICE",
+ "description" : "",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "7ba12447-8598-475b-9d8d-ff8196b8291f",
+ "attributes" : { }
+ } ],
+ "client" : {
+ "spring-addons-m2m" : [ ],
+ "realm-management" : [ {
+ "id" : "cf99087d-3bf7-4ec2-acec-d64f74873946",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "213fcd71-9ce6-4a7a-9edc-57b4adff9afa",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "b089d11a-e082-401f-95f4-4aac22b0b519",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "f8df711b-7849-4db8-94dd-8cbd3f6a6e6c",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-groups", "query-users" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "95d4880f-4d65-4275-ac9e-369d4b51a0c4",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "b1899079-ba58-4c0c-b88b-0fad5a5b8826",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "4389a5af-fb56-4e7d-b98a-22bbcc1dd0a5",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "2de35135-ebde-485b-8cf7-2d8411226aba",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "84ff59d7-418b-4f9c-a283-e9f889b5edb4",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "de83efaa-6060-42c0-8210-e6a1ba805bf3",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "83ce1d8a-bc17-46b7-8871-609b7e7c06c3",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "a7bcae6f-a543-4a7b-a5d4-28871f8a545b",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "5adbfec2-3e73-43a9-a1ba-ae65d720e522",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "40ba9e64-1996-40b8-922f-56bda12e84d7",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "fe2a6177-d155-4070-9989-1eed36d8ed0e",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "033b217b-8639-4393-8924-fa1d3cf0230c",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "manage-realm", "impersonation", "view-clients", "view-users", "view-events", "query-users", "query-realms", "manage-authorization", "view-identity-providers", "view-authorization", "create-client", "manage-users", "manage-identity-providers", "manage-clients", "manage-events", "view-realm", "query-groups", "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "6edc2854-3c69-48d6-8129-dd365359ceb5",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "53b5a2cf-56bf-4c9f-b292-72fe3c924170",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ }, {
+ "id" : "c137f7a0-f30a-4a89-ba34-e6e69c7aff4f",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "attributes" : { }
+ } ],
+ "security-admin-console" : [ ],
+ "admin-cli" : [ ],
+ "spring-addons-user" : [ ],
+ "account-console" : [ ],
+ "broker" : [ {
+ "id" : "d15ec848-4564-48fe-a4e0-5981c623da70",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "1386da29-dfbe-4d6b-855a-35c322f32e0e",
+ "attributes" : { }
+ } ],
+ "account" : [ {
+ "id" : "da5f82b1-51d3-4dc1-9931-492f58006d69",
+ "name" : "view-groups",
+ "description" : "${role_view-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "35a4761b-366c-4c6c-9332-87d4cb428a9e",
+ "attributes" : { }
+ }, {
+ "id" : "27b4f354-0e50-44d2-b378-0c6078596312",
+ "name" : "manage-consent",
+ "description" : "${role_manage-consent}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "view-consent" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "35a4761b-366c-4c6c-9332-87d4cb428a9e",
+ "attributes" : { }
+ }, {
+ "id" : "cc6dfcd6-5a88-49ff-ab34-fb5c1a523679",
+ "name" : "view-applications",
+ "description" : "${role_view-applications}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "35a4761b-366c-4c6c-9332-87d4cb428a9e",
+ "attributes" : { }
+ }, {
+ "id" : "c6e6b296-25ae-47f9-984e-7f0718fa749b",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "35a4761b-366c-4c6c-9332-87d4cb428a9e",
+ "attributes" : { }
+ }, {
+ "id" : "4bfc508e-9cce-4a08-a714-3c2c5d9ac16f",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "manage-account-links" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "35a4761b-366c-4c6c-9332-87d4cb428a9e",
+ "attributes" : { }
+ }, {
+ "id" : "024f1259-3362-41e3-86a5-9eb80a6dda6e",
+ "name" : "manage-account-links",
+ "description" : "${role_manage-account-links}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "35a4761b-366c-4c6c-9332-87d4cb428a9e",
+ "attributes" : { }
+ }, {
+ "id" : "6e8f876b-e501-4b6b-9d62-ee79747118ec",
+ "name" : "view-consent",
+ "description" : "${role_view-consent}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "35a4761b-366c-4c6c-9332-87d4cb428a9e",
+ "attributes" : { }
+ }, {
+ "id" : "cb0f10ee-c576-4754-9f49-68e08e25c529",
+ "name" : "delete-account",
+ "description" : "${role_delete-account}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "35a4761b-366c-4c6c-9332-87d4cb428a9e",
+ "attributes" : { }
+ } ]
+ }
+ },
+ "groups" : [ ],
+ "defaultRole" : {
+ "id" : "f1a0d788-37cb-47d8-be85-f2d67d82c68f",
+ "name" : "default-roles-spring-addons",
+ "description" : "${role_default-roles}",
+ "composite" : true,
+ "clientRole" : false,
+ "containerId" : "7ba12447-8598-475b-9d8d-ff8196b8291f"
+ },
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "otpPolicyCodeReusable" : false,
+ "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ],
+ "localizationTexts" : { },
+ "webAuthnPolicyRpEntityName" : "keycloak",
+ "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyRpId" : "",
+ "webAuthnPolicyAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyRequireResidentKey" : "not specified",
+ "webAuthnPolicyUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyCreateTimeout" : 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyAcceptableAaguids" : [ ],
+ "webAuthnPolicyExtraOrigins" : [ ],
+ "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyPasswordlessRpId" : "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout" : 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+ "webAuthnPolicyPasswordlessExtraOrigins" : [ ],
+ "users" : [ {
+ "id" : "344e0a13-3c65-4336-a133-63d7f6fcc347",
+ "username" : "brice",
+ "firstName" : "Brice",
+ "lastName" : "de Nice",
+ "email" : "brice@c4-soft.com",
+ "emailVerified" : true,
+ "createdTimestamp" : 1717627734913,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "4c1ca182-078c-4b61-96b6-42c6a93d289e",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1717627753922,
+ "secretData" : "{\"value\":\"wjnH607t8lXSiQ2Z4J/4IioKBoCtr00jGWg8b8K9gEzGtzGU7e2b3sMdzHQ6GAKy9JnpW+NvbfSMSDzbIpeBSQ==\",\"salt\":\"Q4FmxbPp7F8yaJeW0/Bu2A==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-spring-addons", "NICE" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "789659aa-ae50-4acf-9255-13526c541a2e",
+ "username" : "igor",
+ "firstName" : "Igor",
+ "lastName" : "d'Hossegor",
+ "email" : "igor@c4-soft.com",
+ "emailVerified" : true,
+ "createdTimestamp" : 1717627888437,
+ "enabled" : true,
+ "totp" : false,
+ "credentials" : [ {
+ "id" : "03d282db-c8bf-4bdc-908d-0fd88af6532b",
+ "type" : "password",
+ "userLabel" : "My password",
+ "createdDate" : 1717627899923,
+ "secretData" : "{\"value\":\"GTBX/RgzrI7LpCQ06zIyfISPqrZzBXeKGnglOOFX2aWvQWkrcTLipWjmq2xsvRpWYPiuiYNJQkFFuk+mU+uVsw==\",\"salt\":\"35BLwuG77H7dIQRYiYLcNg==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":210000,\"algorithm\":\"pbkdf2-sha512\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-spring-addons" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "id" : "e917b5c5-f4ac-4524-8097-dd5843bb2f20",
+ "username" : "service-account-spring-addons-m2m",
+ "emailVerified" : false,
+ "createdTimestamp" : 1717629024494,
+ "enabled" : true,
+ "totp" : false,
+ "serviceAccountClientId" : "spring-addons-m2m",
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-spring-addons", "TRUSTED_MVC_CLIENT", "BFF" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ } ],
+ "scopeMappings" : [ {
+ "clientScope" : "offline_access",
+ "roles" : [ "offline_access" ]
+ } ],
+ "clientScopeMappings" : {
+ "account" : [ {
+ "client" : "account-console",
+ "roles" : [ "manage-account", "view-groups" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "35a4761b-366c-4c6c-9332-87d4cb428a9e",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/spring-addons/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/spring-addons/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "963f2f69-a562-4961-a4bd-ba7bbd7009e7",
+ "clientId" : "account-console",
+ "name" : "${client_account-console}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/spring-addons/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/spring-addons/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+",
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "894e10db-d54d-4b41-9f12-69630b104aca",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "b6625fc6-343b-4ded-ac5d-03e0f1695bbb",
+ "clientId" : "admin-cli",
+ "name" : "${client_admin-cli}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "1386da29-dfbe-4d6b-855a-35c322f32e0e",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "a454d0ac-301c-4589-baca-edd9249cb6ba",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : { },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "1553edd6-26d1-4e3a-ba43-ac23c47b8e42",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "rootUrl" : "${authAdminUrl}",
+ "baseUrl" : "/admin/spring-addons/console/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/admin/spring-addons/console/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+",
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "e8e0a7dc-59a9-461b-aa27-a35b14738d28",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "ae4fefe5-873d-4bd5-947d-7d96ce88731a",
+ "clientId" : "spring-addons-m2m",
+ "name" : "",
+ "description" : "",
+ "rootUrl" : "",
+ "adminUrl" : "",
+ "baseUrl" : "",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "secret",
+ "redirectUris" : [ "/*" ],
+ "webOrigins" : [ "/*" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : true,
+ "publicClient" : false,
+ "frontchannelLogout" : true,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "oidc.ciba.grant.enabled" : "false",
+ "client.secret.creation.time" : "1717629024",
+ "backchannel.logout.session.required" : "true",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "display.on.consent.screen" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "protocolMappers" : [ {
+ "id" : "62f54848-2720-4a9c-bde7-1460cf586fef",
+ "name" : "Client ID",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "client_id",
+ "introspection.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "client_id",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "5a76baed-ce15-4c9c-adf4-783908963843",
+ "name" : "Client Host",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientHost",
+ "introspection.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientHost",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "9ab8e7ac-dc2f-44f8-b7e7-35f7cf44b5f6",
+ "name" : "Client IP Address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientAddress",
+ "introspection.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientAddress",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "ce325a51-4dcb-4bf6-90a3-e7d420c6e477",
+ "clientId" : "spring-addons-user",
+ "name" : "",
+ "description" : "",
+ "rootUrl" : "",
+ "adminUrl" : "",
+ "baseUrl" : "",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "secret",
+ "redirectUris" : [ "http://localhost:8080/*", "https://localhost:8080/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : true,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "oidc.ciba.grant.enabled" : "false",
+ "client.secret.creation.time" : "1717627420",
+ "backchannel.logout.session.required" : "true",
+ "backchannel.logout.url" : "http://host.docker.internal:8080/logout/connect/back-channel/spring-addons-confidential",
+ "post.logout.redirect.uris" : "+",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "display.on.consent.screen" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ } ],
+ "clientScopes" : [ {
+ "id" : "597de346-cc54-4aa7-9a7b-d6c7b4c4e534",
+ "name" : "role_list",
+ "description" : "SAML role list",
+ "protocol" : "saml",
+ "attributes" : {
+ "consent.screen.text" : "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "9dbe8448-3c9d-411b-9c0d-a73a6ce03031",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ]
+ }, {
+ "id" : "b771e8de-539b-49ef-b735-e5ffc8c3af0e",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "ccca5907-a035-40c5-ba91-3bde421e25fd",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "bb35af4e-eddb-4c9c-935b-5a76889945c1",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "03056859-b5b7-4df1-9b91-2ffcea6fd8e7",
+ "name" : "roles",
+ "description" : "OpenID Connect scope for add user roles to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${rolesScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "23a51801-794e-4801-8460-c2438b70d1e1",
+ "name" : "client roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "multivalued" : "true",
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "resource_access.${client_id}.roles",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "4709e5e3-eeef-44cc-9b7b-65e3a6e4b2dc",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ }, {
+ "id" : "6a5bd156-36e0-4d38-b567-e50a54ec4362",
+ "name" : "realm roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "multivalued" : "true",
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "2a76ce4c-909a-4293-a342-4d061db31a28",
+ "name" : "acr",
+ "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "d64d7568-079e-40cc-935d-5df45e60fc55",
+ "name" : "acr loa level",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-acr-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "introspection.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "a5beb803-bfed-4b9b-92c3-965e2a4cc7b0",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "699a8ede-3e69-42af-af26-35d01345a565",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "ea1733a0-12b4-46fc-9c87-b4f7c90e0e9f",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "d4976521-72ce-4fe2-b8d3-fd9d423455fb",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "1a08a8d9-9d69-4527-89b1-a4b1e261aba4",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "introspection.token.claim" : "true",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
+ }, {
+ "id" : "06bfca44-2204-4bd7-a7a8-e800b8c5c79a",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "26661cb6-149e-4b0f-9adb-9a8b594ae3db",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "access.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "b3652b19-ba47-4a4b-a940-75f86556b8ae",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
+ }, {
+ "id" : "72ca19b9-93d3-47e9-a3e6-a180c9c22f8a",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "9bd586d9-3444-4a75-be3b-cdf136a77190",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "multivalued" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "a6a8a7f3-2422-4f31-bc64-5e2e87d3a90e",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "165c3add-ed0b-47de-be96-5c2193856549",
+ "name" : "profile",
+ "description" : "OpenID Connect built-in scope: profile",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${profileScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "ccda3980-cc02-4c52-97c0-80d8ee9b4182",
+ "name" : "gender",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "gender",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "gender",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2c5e59a5-5082-4d12-8302-a9258a52ce6b",
+ "name" : "birthdate",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "birthdate",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "birthdate",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "463a7983-e441-4e13-87f0-45da69526b2e",
+ "name" : "picture",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "picture",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "picture",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "49cfe099-863b-4be8-ac49-3edc5e3ebdcf",
+ "name" : "updated at",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "updatedAt",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "updated_at",
+ "jsonType.label" : "long"
+ }
+ }, {
+ "id" : "66b94b0d-8b49-4ff7-a76b-011834c44434",
+ "name" : "middle name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "middleName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "middle_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c49dd721-5fee-4f4a-b4b9-d17cc49af4ff",
+ "name" : "website",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "website",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "website",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "c2b2b416-b461-4802-b2f2-9726686abcef",
+ "name" : "zoneinfo",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "zoneinfo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "zoneinfo",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "2ee1ab69-8c49-4a66-af88-64406102036a",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "819c4d55-ef4d-48da-b017-2a72a42d6a24",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "introspection.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "b39ea179-6227-4893-bcce-caf3daa9388b",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "ef321976-aa78-46b7-8aa9-4ebb7cdae091",
+ "name" : "nickname",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "nickname",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "nickname",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "26930ca6-9cee-4839-a7ab-1a85efba6104",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "af75d4d7-762f-4c9a-bdfa-199234177772",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "01bea2d8-af0c-4b8a-bc59-0b13d09559b2",
+ "name" : "profile",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "profile",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "profile",
+ "jsonType.label" : "String"
+ }
+ } ]
+ } ],
+ "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ],
+ "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicyReportOnly" : "",
+ "xContentTypeOptions" : "nosniff",
+ "referrerPolicy" : "no-referrer",
+ "xRobotsTag" : "none",
+ "xFrameOptions" : "SAMEORIGIN",
+ "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection" : "1; mode=block",
+ "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityProviders" : [ ],
+ "identityProviderMappers" : [ ],
+ "components" : {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+ "id" : "6e557a3a-d2ee-480b-b824-9d69340e5ef5",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "e6e0aa85-ee9f-4df9-90f2-e738240c4d9a",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "dd95c5e8-86fe-498b-a639-45265f63c7f4",
+ "name" : "Max Clients Limit",
+ "providerId" : "max-clients",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "max-clients" : [ "200" ]
+ }
+ }, {
+ "id" : "55b604c2-a074-4ec8-af67-cb2fade53417",
+ "name" : "Consent Required",
+ "providerId" : "consent-required",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "f9ee4af6-051f-412e-a63f-0e4f7dac176e",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "fe1cc48e-fdb5-4158-a490-231c5011f1d3",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-address-mapper" ]
+ }
+ }, {
+ "id" : "5f1bb459-56ed-4704-97b5-98af39726279",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "8a99591f-5375-45c9-900e-ec1da64f0481",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper" ]
+ }
+ } ],
+ "org.keycloak.keys.KeyProvider" : [ {
+ "id" : "f89ee1b8-5fa8-473a-bf27-cd37f57f4200",
+ "name" : "rsa-enc-generated",
+ "providerId" : "rsa-enc-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEpAIBAAKCAQEAtdElIu50RI/O4Ek9zxFD7Nbf1HQHW/67r0nuBSX5fG2bcThTcAe4moZ8MSg3k4WbQ2yYT+w7X8cLEeRigmM1WAWI78+ipMpm8/yLwAvpw/yjhOV3zXhSpDFeKFhzsoDtYOWFf7c/dPfztAAlTGiHm54rwIQeryLWr5VwGfUTT09KG1wH7ie+1jOlgy70VFSJOdLrXn7Hg/T4kCOsQFBBzxf9sG/puZPKoQWoDRBEPBsqFR1xG3SuC6XuvHAp1IfP8MoTlPkg2OXE1zN/VLBiKeOyMpJ9jS6/RJ3UlhiP/MrzKZjNbhK60EmQdbJUiml/Lr27Nt4qAzXPZ1YHyyT9UwIDAQABAoIBABpecafeHy+zDvpkCkT7SIzTYcAIGenOM9M0LNiYotUtzQL/0R4TiJhPU+NfOqbjFDBpp1zEB/JtRYjmmiDgmY52swmwup0dcQ6xZw/xyl6vHS9mMQNe5YFvBYG4HljaWP3ExqFOEYkkeDb4DxtvTOeVajFawrEneNfF8Rhap7PIhEnPgp/SkBWylhR2NqFqhYAmxt9fYjjQ/rCZIW+hRpbgxaq1qFtztDiZJkPEX1zKUhbL2/CbAdtcyn1yd0K/kfz5hW+3dQx30gke71VbH134GL2spDt/47VKVJeFelm+mGJeKmF+Mr6V+3w1wiqfJjg4GipAIcwa6BgrPC3ME6UCgYEA8WgDkyLYHvxqptXd5/AqJk2m+Jdw79Giz5+JOw6xXjjMXYEjof8e2wRu52x9HyYWtGjfjMubtzxqbvvYx9eXTp94IRR4ZE3KnLKWTDbvm2RjAHy1AZ23M3oGdHNm9FeZ4mbpXiHATlW5Fn5ISC658yPTSjh0TIEFW90X0YJptgcCgYEAwM7uWAUjFm2bH7JHKCJKa/javPuF3rGlcEsp4Ybx/vO5GdOf/0hmaNq6c8UQ8tLKYWXI4ZMZClFF7SQ3NeRRU0cgHi6VH2RWrhuw2n8jKwi5ws5VRQXZnWtKPHdDe/KFCWQAzbt2K/p783j2jjjX0ApL73XWoGmA6QgXNjKsy1UCgYBZVhHEmKd8SBM77HdzhvhCNohtBLZBucXTqgmB9n0DDmfqzoieQahsiuZz9D0VkuXiG9Fm7E6S7+O/cKoXwpv296LgMxAepn8toBVo3Qes7OiKXJwrne8XOLg8zhwynlyPYWBJepoNI0Icpd0gAVLFPOPLWrsHONP/3AEdgnKWbwKBgQCi6LU+Lej9tFKTr4CsCn0zSasYbrUn+pW8keWrJugl8Sx/A+52NmhBRD6yPtoZMb3KGcRnxHAt5Ynd2vHDWUzVvo0Gs3lQculCZydBFpdSbyb10Hz/uveqKNMqz+J3QeziiFqdej1Y32YHzDcW6DSBFZIfnENieoJvY2SpaJvTmQKBgQDpj/ga2x1oM7XoCqSCWnFmfWKUwupwN4MZDr1bruDZlbn6VdUAj3njW5A3b4LPNnItYGDT/YPbjp3OLs29Fb9W7qrSa2zupeqn/6o/nLgRBI2dtlpGTYb/l1JBpTK0OE/UH/FkrtMnR/y4uxMwZvfmhtKD9awGS97XJ1I5afdR6A==" ],
+ "keyUse" : [ "ENC" ],
+ "certificate" : [ "MIICqTCCAZECBgGP6pEKhjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcHJpbmctYWRkb25zMB4XDTI0MDYwNTIyNDAyNVoXDTM0MDYwNTIyNDIwNVowGDEWMBQGA1UEAwwNc3ByaW5nLWFkZG9uczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALXRJSLudESPzuBJPc8RQ+zW39R0B1v+u69J7gUl+Xxtm3E4U3AHuJqGfDEoN5OFm0NsmE/sO1/HCxHkYoJjNVgFiO/PoqTKZvP8i8AL6cP8o4Tld814UqQxXihYc7KA7WDlhX+3P3T387QAJUxoh5ueK8CEHq8i1q+VcBn1E09PShtcB+4nvtYzpYMu9FRUiTnS615+x4P0+JAjrEBQQc8X/bBv6bmTyqEFqA0QRDwbKhUdcRt0rgul7rxwKdSHz/DKE5T5INjlxNczf1SwYinjsjKSfY0uv0Sd1JYYj/zK8ymYzW4SutBJkHWyVIppfy69uzbeKgM1z2dWB8sk/VMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAN7qiB0cRYZgbpB7gIz9tYjr2GknnlAsysJ4Ut13jO2WtrEE/K3j/K+hNgYfNV6BDicrgLOSKXieusuM6nPpGr/jAfxPalfTpN822Vm2w+Q0u+hIvTvDaw5roAoslhPSbCUcQ0iB0CdZmAJ8u2RMdGqDazRy401gd16/xnVC/SBIzciMopVHHfWTH8LZGQlr6ySYCe1Nmfd3zoLy12xOd+otOQ0Eh1vVHzpYpos8/xUONGkuByFtiWDVJFu1rtmp5c70FvaVoku+dtJcm8QhPoC3xazfAlQfcZK2njsPfDdPZWvSkSxf8b1BuJYMIhToJmXk/vvV9VfFoAlrjpCty2A==" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "RSA-OAEP" ]
+ }
+ }, {
+ "id" : "883528b9-5365-4985-b067-bd1845c0bc61",
+ "name" : "hmac-generated-hs512",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "c612f50d-468b-4287-8c9e-b44ea1b64405" ],
+ "secret" : [ "dKlEw15zJnNHRq_pR4MX21YPlYgx7NrswnsGRAc8YG1CHeZbEcPYqwTzKSH5lPeg1mALHATDNKPSoGqG0GVQ6Ru7ZLrLhpV58yfWq0aMTTHyOg3Sj_96HQ96InJVSFvYZ7n3X5OqGBV2bKnqkiYEMWAccxsE5ishcUPsjW5qXAI" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS512" ]
+ }
+ }, {
+ "id" : "b4ee059a-283f-47f9-9bda-9b33577d9417",
+ "name" : "aes-generated",
+ "providerId" : "aes-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "49f825cc-589e-41c3-9037-69d6c6025dd0" ],
+ "secret" : [ "aVBDpFpdEg16UhDbYEOsbg" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "5462c9fc-0b0f-4ab5-97f1-c48f78033342",
+ "name" : "rsa-generated",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEowIBAAKCAQEAptHAMLaD9hbSETnDzGEG8h9x6iZm0Hn8VExlYzxi9iJm3R3DC1bH0qNp1e5oGVOrTJiccFoOHw4TBMORu1L5cDM8hv3sL+xh2dVkM+4AprH4dJsIOuP8LQPxqFwY8EgTEml+h7wloJznyBzLS0qzuchYao9KlxgXxNktIp8/Cw+692ombiFxxSc4ka6obLKftgIG0Ll/ex2aHZ2kDmwc+B4002/yloOvdHfjTpiVbIuEfmR8PShW5LrzZL5/pIYpfrxWWDVphKFClAGqKEbnlDIHY3PzwhWdsy52tYrbadjj0+MJ7C1UvsWPfexJ/MOIftx9HXz2ALmDVFCKZVeYqQIDAQABAoIBAB0nQnBw8SpobhFTGEgHO+TEAI80Y1rzOpkL2dsoIj5UIEhry1qXsae65cPcnIYylFj4QbyzzEx6k/HM8NK9KzkDx0PrK+PrKmWckJyvrx7ystJEBsHt9nPygMDUyYnyepzI4XM8uxGw4iPbfl674SFqZSNIQ/eYXw0IjEYE8QpQTppeR3yZgvGXTABEmkQdLXUkvdQSD+Apl/siZhWSvCAYX8+kP5RVQFQoNrLvB+qhCha4/ZUnRzNHpg43b16ArEHtk6TRpR1BduKNodznlxl7Yho29HG64p1LcElDW9jOq+aoIaIwg0LObHOz+LhoOVBbrdfBTGr8Bx4Suy9Ec+UCgYEA5ImK5uOpzdKfSKwdhw8TPS91aRXija5Ak/9FlodxpG9PrngOmhXOfXGDFra6lLSYvs6cxRGCbJuiK0GDX8RCNCP2ybUbatLM70wk6n3Ij9QtgSjza7kWn7OCFEpUaCAdwgap3NK9/L85u5r4PQSzEgr7PjJcA1qWxEXv11/P8eUCgYEAut2Wsp2sUSBXUeymbNkoA4pREl2KVF85JLOn/pjQRC3kHPT9wKvT/KHPH3s5UY48QoVTq27ASbQrqsaqw5CUoZVna0Sv2/N68uIEKBv2kSuJFcIMG9wbPh8wKbJfLacu5IGAIu1/1EoBwsYBAsM3AkiEhUzKnEOtdAwNCswBL3UCgYBD4mNDID8RJ04vHQkMVDsHwrAijeCk6yy9iWcXRpZIHNRTY9Aajv2uH2ir941GnLp+ewrwMrpGHpi2NpiaesabjE9DLSu+uG0ta7XPfZt0tbbqlcpwpiMFPyIVetrFrzyHpMkSEftjNz4j7u1r2piCdIaavAS+7kq4dHnAxPIUzQKBgHS03mCx7yQ/4alt9sc2nTIQ2e9xcmqdik/s0LhG8pQSYUzgifcimeRHnteXm0XfYq1dHdOM+RVPLJKdP5uimeGNMSkinf7uQ1ScamIujMFAAn8PUYa44l7bFbaFC8K0jqnyY3ftAxAwJIdkKM9z4tBPQE0Ml+Ietp8qw56BqR/dAoGBAKxd6lK/eZWSFuJaTct5ePaKpqA9CfsHW6o0cMAE66+kvBb9oOhX1dXqj+VH3K1YSiMiId0ixuhJodmK7nYEpiyLgktUXKGBhl7xgtwpv4HcAdJw4Xb28cIJ3/+HQjslm6h+IBPQQ14khwEMwtbH+vpHNjAMZSKYbWd5wsUliCNe" ],
+ "keyUse" : [ "SIG" ],
+ "certificate" : [ "MIICqTCCAZECBgGP6pEKNzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1zcHJpbmctYWRkb25zMB4XDTI0MDYwNTIyNDAyNFoXDTM0MDYwNTIyNDIwNFowGDEWMBQGA1UEAwwNc3ByaW5nLWFkZG9uczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbRwDC2g/YW0hE5w8xhBvIfceomZtB5/FRMZWM8YvYiZt0dwwtWx9KjadXuaBlTq0yYnHBaDh8OEwTDkbtS+XAzPIb97C/sYdnVZDPuAKax+HSbCDrj/C0D8ahcGPBIExJpfoe8JaCc58gcy0tKs7nIWGqPSpcYF8TZLSKfPwsPuvdqJm4hccUnOJGuqGyyn7YCBtC5f3sdmh2dpA5sHPgeNNNv8paDr3R3406YlWyLhH5kfD0oVuS682S+f6SGKX68Vlg1aYShQpQBqihG55QyB2Nz88IVnbMudrWK22nY49PjCewtVL7Fj33sSfzDiH7cfR189gC5g1RQimVXmKkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAdmewGzqjwa/CwXVmZehFn375PKA1sYvTbVE5b19JjF/6am1h2s55KSfZ/hK3lXM38iP8C4gxKZT7PPLWq3RRDLAR2VU4RG0Th7eckmZwNml7R+0I8R0apsrSKJakHwhDQqBGozm1do8bTEqR526lTG4Cve/jW9+b+AAXQatA4aa+vVS/o+CKG9Wq0u/B9/UlSfcLYXdFLHYvQQOPRelpO2Lxq6z34w3IulEv9Tg1ZDOJBdcGYyU+Kkl8Xb18M54Km47VI+s3ArpfdysYLgmBT8cQAXoAhz9JIqkBS+je4YzPrZLPI2s2tUKZvcx5ook1VKHWbXouhWfDDpNs8ORydw==" ],
+ "priority" : [ "100" ]
+ }
+ } ]
+ },
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "id" : "bc611ff6-2638-43cb-a0d1-731843aa59b5",
+ "alias" : "Account verification options",
+ "description" : "Method with which to verity the existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-email-verification",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Verify Existing Account by Re-authentication",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "37688e9b-a63e-4f58-ae53-7f2c860e2afe",
+ "alias" : "Browser - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "abd4e6ca-bc0c-4d8e-927c-51d9a1b6795e",
+ "alias" : "Direct Grant - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "f16e865a-d64b-4750-80af-0681e10045b8",
+ "alias" : "First broker login - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "595890c5-0dcf-4627-a377-b211cd31099b",
+ "alias" : "Handle Existing Account",
+ "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-confirm-link",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Account verification options",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "2803f55a-c51d-4b6b-b67b-6e8f984fb444",
+ "alias" : "Reset - Conditional OTP",
+ "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "9fb43e3e-a371-40d7-8d36-1a4b1fa7517f",
+ "alias" : "User creation or linking",
+ "description" : "Flow for the existing/non-existing user alternatives",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "create unique user config",
+ "authenticator" : "idp-create-user-if-unique",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Handle Existing Account",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "2009698a-835b-49ac-8fec-968c161c06c4",
+ "alias" : "Verify Existing Account by Re-authentication",
+ "description" : "Reauthentication of existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "First broker login - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "7cd42ae1-59e4-48c5-8ffa-382a235b2fbb",
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "identity-provider-redirector",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 25,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "forms",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "30eedf7c-9e1e-4a0b-a332-4a1bc8033db2",
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-secret-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-x509",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 40,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "44994893-6fab-4f76-b165-88f53e67b8cd",
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Direct Grant - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "9b7745e6-b213-454b-9202-a5c33d37c2bf",
+ "alias" : "docker auth",
+ "description" : "Used by Docker clients to authenticate against the IDP",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "docker-http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "01cc09c4-94c3-40a9-b036-23d21bd017f5",
+ "alias" : "first broker login",
+ "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "review profile config",
+ "authenticator" : "idp-review-profile",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "User creation or linking",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "6b96b174-472c-4f08-8c04-78914dfd6e7b",
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Browser - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "5f899a53-1896-4030-b795-c44590791eed",
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : true,
+ "flowAlias" : "registration form",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "10dea8c7-2044-4e37-a5b6-3271cc18473b",
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-password-action",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 50,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 60,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-terms-and-conditions",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 70,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "f96998b3-d3a4-47b4-9f1b-6721c58a43b2",
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-credential-email",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 40,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Reset - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "ba306f33-1f6c-4c0c-93b6-180b472d6936",
+ "alias" : "saml ecp",
+ "description" : "SAML ECP Profile Authentication Flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ } ],
+ "authenticatorConfig" : [ {
+ "id" : "30fcae93-0458-4e1f-a3f0-621f5cf6a79f",
+ "alias" : "create unique user config",
+ "config" : {
+ "require.password.update.after.registration" : "false"
+ }
+ }, {
+ "id" : "49714e7c-959f-49bc-9b41-38a50dea2b7c",
+ "alias" : "review profile config",
+ "config" : {
+ "update.profile.on.first.login" : "missing"
+ }
+ } ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure OTP",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 10,
+ "config" : { }
+ }, {
+ "alias" : "TERMS_AND_CONDITIONS",
+ "name" : "Terms and Conditions",
+ "providerId" : "TERMS_AND_CONDITIONS",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 20,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 30,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 40,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 50,
+ "config" : { }
+ }, {
+ "alias" : "delete_account",
+ "name" : "Delete Account",
+ "providerId" : "delete_account",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 60,
+ "config" : { }
+ }, {
+ "alias" : "webauthn-register",
+ "name" : "Webauthn Register",
+ "providerId" : "webauthn-register",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 70,
+ "config" : { }
+ }, {
+ "alias" : "webauthn-register-passwordless",
+ "name" : "Webauthn Register Passwordless",
+ "providerId" : "webauthn-register-passwordless",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 80,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_PROFILE",
+ "name" : "Verify Profile",
+ "providerId" : "VERIFY_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 90,
+ "config" : { }
+ }, {
+ "alias" : "delete_credential",
+ "name" : "Delete Credential",
+ "providerId" : "delete_credential",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 100,
+ "config" : { }
+ }, {
+ "alias" : "update_user_locale",
+ "name" : "Update User Locale",
+ "providerId" : "update_user_locale",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 1000,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients",
+ "dockerAuthenticationFlow" : "docker auth",
+ "firstBrokerLoginFlow" : "first broker login",
+ "attributes" : {
+ "cibaBackchannelTokenDeliveryMode" : "poll",
+ "cibaAuthRequestedUserHint" : "login_hint",
+ "oauth2DevicePollingInterval" : "5",
+ "clientOfflineSessionMaxLifespan" : "0",
+ "clientSessionIdleTimeout" : "0",
+ "actionTokenGeneratedByUserLifespan.verify-email" : "",
+ "actionTokenGeneratedByUserLifespan.idp-verify-account-via-email" : "",
+ "clientOfflineSessionIdleTimeout" : "0",
+ "actionTokenGeneratedByUserLifespan.execute-actions" : "",
+ "cibaInterval" : "5",
+ "realmReusableOtpCode" : "false",
+ "cibaExpiresIn" : "120",
+ "oauth2DeviceCodeLifespan" : "600",
+ "parRequestUriLifespan" : "60",
+ "clientSessionMaxLifespan" : "0",
+ "shortVerificationUri" : "",
+ "actionTokenGeneratedByUserLifespan.reset-credentials" : ""
+ },
+ "keycloakVersion" : "24.0.5",
+ "userManagedAccessAllowed" : false,
+ "clientProfiles" : {
+ "profiles" : [ ]
+ },
+ "clientPolicies" : {
+ "policies" : [ ]
+ }
+}
\ No newline at end of file
diff --git a/samples/tutorials/resource-server_with_ui/pom.xml b/samples/tutorials/resource-server_with_ui/pom.xml
index ddd57e6c3..55b26d554 100644
--- a/samples/tutorials/resource-server_with_ui/pom.xml
+++ b/samples/tutorials/resource-server_with_ui/pom.xml
@@ -36,6 +36,10 @@
com.c4-soft.springaddons
spring-addons-starter-oidc
+
+ com.c4-soft.springaddons
+ spring-addons-starter-rest
+
diff --git a/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/GreetApi.java b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/GreetApi.java
new file mode 100644
index 000000000..eae0a9a0f
--- /dev/null
+++ b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/GreetApi.java
@@ -0,0 +1,11 @@
+package com.c4soft.springaddons.tutorials.ui;
+
+import org.springframework.http.MediaType;
+import org.springframework.web.service.annotation.GetExchange;
+import org.springframework.web.service.annotation.HttpExchange;
+
+@HttpExchange(accept = MediaType.APPLICATION_JSON_VALUE)
+public interface GreetApi {
+ @GetExchange(url = "/greet")
+ String getGreeting();
+}
\ No newline at end of file
diff --git a/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/GreetClient.java b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/GreetClient.java
deleted file mode 100644
index 2fd7838b7..000000000
--- a/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/GreetClient.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package com.c4soft.springaddons.tutorials.ui;
-
-import org.springframework.cloud.openfeign.FeignClient;
-import org.springframework.web.bind.annotation.GetMapping;
-
-@FeignClient(name = "quizzes", url = "${spring.cloud.openfeign.client.api.url}")
-public interface GreetClient {
- @GetMapping(value = "/greet")
- String getGreeting();
-}
\ No newline at end of file
diff --git a/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/RestClientsConfig.java b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/RestClientsConfig.java
new file mode 100644
index 000000000..ed3a337f0
--- /dev/null
+++ b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/RestClientsConfig.java
@@ -0,0 +1,17 @@
+package com.c4soft.springaddons.tutorials.ui;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import com.c4_soft.springaddons.rest.SpringAddonsRestClientSupport;
+
+@Configuration
+public class RestClientsConfig {
+
+ @Bean
+ GreetApi greetApi(SpringAddonsRestClientSupport restSupport) {
+ // binds to com.c4-soft.springaddons.rest.client.greet-api properties
+ return restSupport.service("greet-api", GreetApi.class);
+ }
+
+}
diff --git a/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/UiController.java b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/UiController.java
index 929cfc636..987bf870a 100644
--- a/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/UiController.java
+++ b/samples/tutorials/resource-server_with_ui/src/main/java/com/c4soft/springaddons/tutorials/ui/UiController.java
@@ -41,7 +41,7 @@
@RequiredArgsConstructor
@Slf4j
public class UiController {
- private final GreetClient api;
+ private final GreetApi api;
private final InMemoryClientRegistrationRepository clientRegistrationRepository;
private final OAuth2AuthorizedClientRepository authorizedClientRepo;
private final SpringAddonsOidcProperties addonsClientProps;
diff --git a/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml b/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml
index 3734ec442..f7936a4bd 100644
--- a/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml
+++ b/samples/tutorials/resource-server_with_ui/src/main/resources/application.yml
@@ -2,61 +2,35 @@ client-uri: ${scheme}://localhost:${server.port}
rp-initiated-logout-enabled: true
scheme: http
-keycloak-port: 8442
-keycloak-issuer: https://oidc.c4-soft.com/auth/realms/master
-keycloak-secret: change-me
-keycloak-client-id: spring-addons-bff
-cognito-issuer: https://cognito-idp.us-west-2.amazonaws.com/us-west-2_RzhmgLwjl
-cognito-secret: change-me
+keycloak-issuer: http://localhost:7080/auth/realms/spring-addons
auth0-issuer: https://dev-ch4mpy.eu.auth0.com/
-auth0-secret: change-me
server:
- port: 7443
+ port: 8080
ssl:
enabled: false
spring:
- cloud:
- openfeign:
- client:
- api:
- url: ${client-uri}/api
- config:
- import:
- - optional:configtree:/workspace/config/
- - optional:configtree:/workspace/secret/
- lifecycle:
- timeout-per-shutdown-phase: 30s
security:
oauth2:
client:
provider:
keycloak:
issuer-uri: ${keycloak-issuer}
- auth0:
- issuer-uri: ${auth0-issuer}
registration:
- keycloak-user:
+ keycloak-authorization-code:
authorization-grant-type: authorization_code
- client-name: a local Keycloak instance
- client-id: ${keycloak-client-id}
- client-secret: ${keycloak-secret}
+ client-name: Keycloak (local)
+ client-id: spring-addons-user
+ client-secret: secret
provider: keycloak
scope: openid,profile,email,offline_access
- keycloak-programmatic:
+ keycloak-client-credentials:
authorization-grant-type: client_credentials
- client-id: ${keycloak-client-id}
- client-secret: ${keycloak-secret}
+ client-id: spring-addons-m2m
+ client-secret: secret
provider: keycloak
- scope: openid,offline_access
- auth0-confidential-user:
- authorization-grant-type: authorization_code
- client-name: Auth0
- client-id: TyY0H7xkRMRe6lDf9F8EiNqCo8PdhICy
- client-secret: ${auth0-secret}
- provider: auth0
- scope: openid,profile,email,offline_access
+ scope: openid
com:
c4-soft:
@@ -64,24 +38,15 @@ com:
oidc:
ops:
- iss: ${keycloak-issuer}
- username-claim: $.preferred_username
authorities:
- path: $.realm_access.roles
- - path: $.resource_access.*.roles
- - iss: ${auth0-issuer}
- aud: demo.c4-soft.com
- username-claim: $['https://c4-soft.com/user']['name']
- authorities:
- - path: $['https://c4-soft.com/user']['roles']
- - path: $.permissions
resourceserver:
- cors:
- - path: /api/greet
permit-all:
- /actuator/health/readiness
- /actuator/health/liveness
- /v3/api-docs/**
- /api/public
+ - /favicon.ico
client:
security-matchers:
- /login/**
@@ -100,23 +65,25 @@ com:
client-uri: ${client-uri}
post-login-redirect-path: /ui/greet
post-logout-redirect-path: /ui/greet
- multi-tenancy-enabled: true
pkce-forced: true
oauth2-logout:
- cognito-confidential-user:
- uri: https://spring-addons.auth.us-west-2.amazoncognito.com/logout
- client-id-request-param: client_id
- post-logout-uri-request-param: logout_uri
- auth0-confidential-user:
+ auth0-authorization-code:
uri: ${auth0-issuer}v2/logout
client-id-request-param: client_id
post-logout-uri-request-param: returnTo
authorization-params:
- auth0-confidential-user:
+ auth0-authorization-code:
audience: demo.c4-soft.com
token-params:
- auth0-confidential-user:
+ auth0-authorization-code:
audience: demo.c4-soft.com
+ rest:
+ client:
+ greet-api:
+ base-url: ${client-uri}/api
+ authorization:
+ oauth2:
+ oauth2-registration-id: keycloak-authorization-code
logging:
level:
@@ -140,30 +107,61 @@ management:
readinessstate:
enabled: true
+
---
-scheme: https
-keycloak-port: 8443
+spring.config.activate.on-profile: auth0
+spring:
+ security:
+ oauth2:
+ client:
+ provider:
+ auth0:
+ issuer-uri: ${auth0-issuer}
+ registration:
+ auth0-authorization-code:
+ authorization-grant-type: authorization_code
+ client-name: Auth0
+ client-id: TyY0H7xkRMRe6lDf9F8EiNqCo8PdhICy
+ client-secret: change-me
+ provider: auth0
+ scope: openid,profile,email,offline_access
+com:
+ c4-soft:
+ springaddons:
+ oidc:
+ ops:
+ - iss: ${auth0-issuer}
+ aud: demo.c4-soft.com
+ authorities:
+ - path: $['https://c4-soft.com/user']['roles']
+ - path: $.permissions
+ rest:
+ client:
+ greet-api:
+ base-url: ${client-uri}/api
+ authorization:
+ oauth2:
+ oauth2-registration-id: auth0-authorization-code
+
+---
+spring.config.activate.on-profile: ssl
+
+scheme: https
server:
ssl:
enabled: true
+ key-password: change-me
+ key-store: C:\path\to\certificate.jks
+ key-store-password: ${server.ssl.key-password}
-spring:
- config:
- activate:
- on-profile: ssl
---
-server:
- port: 8080
+spring.config.activate.on-profile: custom-login
+
com:
c4-soft:
springaddons:
- security:
+ oidc:
client:
- login-path: /login
-
-spring:
- config:
- activate:
- on-profile: custom-login
\ No newline at end of file
+ login-path: /login
\ No newline at end of file
diff --git a/samples/tutorials/resource-server_with_ui/src/main/resources/static/favicon.ico b/samples/tutorials/resource-server_with_ui/src/main/resources/static/favicon.ico
new file mode 100644
index 000000000..e2bb6fa62
Binary files /dev/null and b/samples/tutorials/resource-server_with_ui/src/main/resources/static/favicon.ico differ
diff --git a/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithUiApplicationTests.java b/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithUiApplicationTests.java
index 788a0351f..8deaa7f5d 100644
--- a/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithUiApplicationTests.java
+++ b/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/ResourceServerWithUiApplicationTests.java
@@ -31,9 +31,10 @@ void givenRequestIsAnonymous_whenApiGreet_thenUnauthorized() throws Exception {
}
@Test
- @WithJwt("ch4mp_auth0.json")
+ @WithJwt("ch4mp_keycloak.json")
void givenUserIsAuthenticated_whenApiGreet_thenOk() throws Exception {
api.get("/api/greet").andExpect(status().isOk()).andExpect(
- content().string("Hi ch4mp! You are authenticated by https://dev-ch4mpy.eu.auth0.com/ and granted with: [USER_ROLES_EDITOR, NICE, AUTHOR]."));
+ content().string(
+ "Hi 4dd56dbb-71ef-4fe2-9358-3ae3240a9e94! You are authenticated by http://localhost:7080/auth/realms/spring-addons and granted with: [NICE, AUTHOR]."));
}
}
diff --git a/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/api/ApiControllerTest.java b/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/api/ApiControllerTest.java
index f087a56a2..9c6582838 100644
--- a/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/api/ApiControllerTest.java
+++ b/samples/tutorials/resource-server_with_ui/src/test/java/com/c4soft/springaddons/tutorials/api/ApiControllerTest.java
@@ -23,10 +23,11 @@ class ApiControllerTest {
MockMvcSupport mockMvc;
@Test
- @WithJwt("ch4mp_auth0.json")
+ @WithJwt("ch4mp_keycloak.json")
void givenUserIsAuthenticated_whenApiGreet_thenOk() throws Exception {
mockMvc.get("/api/greet").andExpect(status().isOk()).andExpect(
- content().string("Hi ch4mp! You are authenticated by https://dev-ch4mpy.eu.auth0.com/ and granted with: [USER_ROLES_EDITOR, NICE, AUTHOR]."));
+ content().string(
+ "Hi 4dd56dbb-71ef-4fe2-9358-3ae3240a9e94! You are authenticated by http://localhost:7080/auth/realms/spring-addons and granted with: [NICE, AUTHOR]."));
}
@Test
diff --git a/samples/tutorials/resource-server_with_ui/src/test/resources/ch4mp_auth0.json b/samples/tutorials/resource-server_with_ui/src/test/resources/ch4mp_auth0.json
deleted file mode 100644
index fa7f45fdf..000000000
--- a/samples/tutorials/resource-server_with_ui/src/test/resources/ch4mp_auth0.json
+++ /dev/null
@@ -1,40 +0,0 @@
-{
- "https://c4-soft.com/user": {
- "app_metadata": {},
- "created_at": "2023-06-01T01:21:37.810Z",
- "email": "ch4mp@c4-soft.com",
- "email_verified": true,
- "identities": [
- {
- "connection": "c4-soft",
- "isSocial": true,
- "provider": "oauth2",
- "userId": "c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94",
- "user_id": "c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94"
- }
- ],
- "multifactor": [],
- "name": "ch4mp",
- "nickname": "ch4mp",
- "picture": "https://s.gravatar.com/avatar/f4d00b0a82e9307b1d68b29867fee4e5?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fch.png",
- "roles": [
- "USER_ROLES_EDITOR"
- ],
- "updated_at": "2023-06-23T04:53:53.057Z",
- "user_id": "oauth2|c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94",
- "user_metadata": {}
- },
- "permissions": [
- "NICE", "AUTHOR"
- ],
- "iss": "https://dev-ch4mpy.eu.auth0.com/",
- "sub": "oauth2|c4-soft|4dd56dbb-71ef-4fe2-9358-3ae3240a9e94",
- "aud": [
- "demo.c4-soft.com",
- "https://dev-ch4mpy.eu.auth0.com/userinfo"
- ],
- "iat": 1687633329,
- "exp": 1687719729,
- "azp": "pDy3JpZoenbLk9MqXYCfJK1mpxeUwkKL",
- "scope": "openid email"
-}
\ No newline at end of file
diff --git a/samples/tutorials/resource-server_with_ui/src/test/resources/ch4mp_keycloak.json b/samples/tutorials/resource-server_with_ui/src/test/resources/ch4mp_keycloak.json
new file mode 100644
index 000000000..210bb1afa
--- /dev/null
+++ b/samples/tutorials/resource-server_with_ui/src/test/resources/ch4mp_keycloak.json
@@ -0,0 +1,14 @@
+{
+ "realm_access": {
+ "roles": [
+ "NICE", "AUTHOR"
+ ]
+ },
+ "iss": "http://localhost:7080/auth/realms/spring-addons",
+ "sub": "4dd56dbb-71ef-4fe2-9358-3ae3240a9e94",
+ "preferred_username": "ch4mpy",
+ "iat": 1687633329,
+ "exp": 1687719729,
+ "azp": "pDy3JpZoenbLk9MqXYCfJK1mpxeUwkKL",
+ "scope": "openid email"
+}
\ No newline at end of file