├── .gitignore
├── josh-oauth2-client
├── .gitignore
├── .mvn
│ └── wrapper
│ │ ├── MavenWrapperDownloader.java
│ │ ├── maven-wrapper.jar
│ │ └── maven-wrapper.properties
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
│ ├── main
│ ├── java
│ │ └── sample
│ │ │ └── joshoauth2client
│ │ │ └── JoshOauth2ClientApplication.java
│ └── resources
│ │ ├── application.properties
│ │ └── application.yml
│ └── test
│ └── java
│ └── sample
│ └── joshoauth2client
│ └── JoshOauth2ClientApplicationTests.java
├── josh-resource-server
├── .gitignore
├── .mvn
│ └── wrapper
│ │ ├── MavenWrapperDownloader.java
│ │ ├── maven-wrapper.jar
│ │ └── maven-wrapper.properties
├── mvnw
├── mvnw.cmd
├── pom.xml
└── src
│ ├── main
│ ├── java
│ │ └── com
│ │ │ └── example
│ │ │ └── demo
│ │ │ ├── DemoApplication.java
│ │ │ └── UserController.java
│ └── resources
│ │ └── application.properties
│ └── test
│ └── java
│ └── com
│ └── example
│ └── demo
│ └── DemoApplicationTests.java
├── keycloak
└── realm-export.json
/.gitignore:
--------------------------------------------------------------------------------
1 | classes/
2 | target/
3 | */src/*/java/META-INF
4 | */src/META-INF/
5 | */src/*/java/META-INF/
6 | .classpath
7 | .springBeans
8 | .project
9 | .DS_Store
10 | .settings/
11 | .idea/
12 | out/
13 | bin/
14 | intellij/
15 | build/
16 | *.log
17 | *.log.*
18 | *.iml
19 | *.ipr
20 | *.iws
21 | .gradle/
22 | atlassian-ide-plugin.xml
23 | !etc/eclipse/.checkstyle
24 | .checkstyle
25 | s101plugin.state
26 |
--------------------------------------------------------------------------------
/josh-oauth2-client/.gitignore:
--------------------------------------------------------------------------------
1 | /target/
2 | !.mvn/wrapper/maven-wrapper.jar
3 |
4 | ### STS ###
5 | .apt_generated
6 | .classpath
7 | .factorypath
8 | .project
9 | .settings
10 | .springBeans
11 | .sts4-cache
12 |
13 | ### IntelliJ IDEA ###
14 | .idea
15 | *.iws
16 | *.iml
17 | *.ipr
18 |
19 | ### NetBeans ###
20 | /nbproject/private/
21 | /nbbuild/
22 | /dist/
23 | /nbdist/
24 | /.nb-gradle/
25 | /build/
26 |
--------------------------------------------------------------------------------
/josh-oauth2-client/.mvn/wrapper/MavenWrapperDownloader.java:
--------------------------------------------------------------------------------
1 | /*
2 | Licensed to the Apache Software Foundation (ASF) under one
3 | or more contributor license agreements. See the NOTICE file
4 | distributed with this work for additional information
5 | regarding copyright ownership. The ASF licenses this file
6 | to you under the Apache License, Version 2.0 (the
7 | "License"); you may not use this file except in compliance
8 | with the License. You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing,
13 | software distributed under the License is distributed on an
14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | KIND, either express or implied. See the License for the
16 | specific language governing permissions and limitations
17 | under the License.
18 | */
19 |
20 | import java.io.File;
21 | import java.io.FileInputStream;
22 | import java.io.FileOutputStream;
23 | import java.io.IOException;
24 | import java.net.URL;
25 | import java.nio.channels.Channels;
26 | import java.nio.channels.ReadableByteChannel;
27 | import java.util.Properties;
28 |
29 | public class MavenWrapperDownloader {
30 |
31 | /**
32 | * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.
33 | */
34 | private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar";
35 |
36 | /**
37 | * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to
38 | * use instead of the default one.
39 | */
40 | private static final String MAVEN_WRAPPER_PROPERTIES_PATH = ".mvn/wrapper/maven-wrapper.properties";
41 |
42 | /**
43 | * Path where the maven-wrapper.jar will be saved to.
44 | */
45 | private static final String MAVEN_WRAPPER_JAR_PATH = ".mvn/wrapper/maven-wrapper.jar";
46 |
47 | /**
48 | * Name of the property which should be used to override the default download url for the wrapper.
49 | */
50 | private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl";
51 |
52 | public static void main(String args[]) {
53 | System.out.println("- Downloader started");
54 | File baseDirectory = new File(args[0]);
55 | System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath());
56 |
57 | // If the maven-wrapper.properties exists, read it and check if it contains a custom
58 | // wrapperUrl parameter.
59 | File mavenWrapperPropertyFile = new File(baseDirectory,
60 | MAVEN_WRAPPER_PROPERTIES_PATH);
61 | String url = DEFAULT_DOWNLOAD_URL;
62 | if (mavenWrapperPropertyFile.exists()) {
63 | FileInputStream mavenWrapperPropertyFileInputStream = null;
64 | try {
65 | mavenWrapperPropertyFileInputStream = new FileInputStream(
66 | mavenWrapperPropertyFile);
67 | Properties mavenWrapperProperties = new Properties();
68 | mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
69 | url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
70 | }
71 | catch (IOException e) {
72 | System.out.println(
73 | "- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
74 | }
75 | finally {
76 | try {
77 | if (mavenWrapperPropertyFileInputStream != null) {
78 | mavenWrapperPropertyFileInputStream.close();
79 | }
80 | }
81 | catch (IOException e) {
82 | // Ignore ...
83 | }
84 | }
85 | }
86 | System.out.println("- Downloading from: : " + url);
87 |
88 | File outputFile = new File(baseDirectory.getAbsolutePath(),
89 | MAVEN_WRAPPER_JAR_PATH);
90 | if (!outputFile.getParentFile().exists()) {
91 | if (!outputFile.getParentFile().mkdirs()) {
92 | System.out.println(
93 | "- ERROR creating output direcrory '" + outputFile.getParentFile()
94 | .getAbsolutePath() + "'");
95 | }
96 | }
97 | System.out.println("- Downloading to: " + outputFile.getAbsolutePath());
98 | try {
99 | downloadFileFromURL(url, outputFile);
100 | System.out.println("Done");
101 | System.exit(0);
102 | }
103 | catch (Throwable e) {
104 | System.out.println("- Error downloading");
105 | e.printStackTrace();
106 | System.exit(1);
107 | }
108 | }
109 |
110 | private static void downloadFileFromURL(String urlString, File destination)
111 | throws Exception {
112 | URL website = new URL(urlString);
113 | ReadableByteChannel rbc;
114 | rbc = Channels.newChannel(website.openStream());
115 | FileOutputStream fos = new FileOutputStream(destination);
116 | fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
117 | fos.close();
118 | rbc.close();
119 | }
120 |
121 | }
122 |
--------------------------------------------------------------------------------
/josh-oauth2-client/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rwinch/joshlong-oauth2/a83695b6e94d5c54ad718b5da5e5796e35801c55/josh-oauth2-client/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/josh-oauth2-client/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.0/apache-maven-3.6.0-bin.zip
2 |
--------------------------------------------------------------------------------
/josh-oauth2-client/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # http://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven2 Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Mingw, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | # TODO classpath?
118 | fi
119 |
120 | if [ -z "$JAVA_HOME" ]; then
121 | javaExecutable="`which javac`"
122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
123 | # readlink(1) is not available as standard on Solaris 10.
124 | readLink=`which readlink`
125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
126 | if $darwin ; then
127 | javaHome="`dirname \"$javaExecutable\"`"
128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
129 | else
130 | javaExecutable="`readlink -f \"$javaExecutable\"`"
131 | fi
132 | javaHome="`dirname \"$javaExecutable\"`"
133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
134 | JAVA_HOME="$javaHome"
135 | export JAVA_HOME
136 | fi
137 | fi
138 | fi
139 |
140 | if [ -z "$JAVACMD" ] ; then
141 | if [ -n "$JAVA_HOME" ] ; then
142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
143 | # IBM's JDK on AIX uses strange locations for the executables
144 | JAVACMD="$JAVA_HOME/jre/sh/java"
145 | else
146 | JAVACMD="$JAVA_HOME/bin/java"
147 | fi
148 | else
149 | JAVACMD="`which java`"
150 | fi
151 | fi
152 |
153 | if [ ! -x "$JAVACMD" ] ; then
154 | echo "Error: JAVA_HOME is not defined correctly." >&2
155 | echo " We cannot execute $JAVACMD" >&2
156 | exit 1
157 | fi
158 |
159 | if [ -z "$JAVA_HOME" ] ; then
160 | echo "Warning: JAVA_HOME environment variable is not set."
161 | fi
162 |
163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
164 |
165 | # traverses directory structure from process work directory to filesystem root
166 | # first directory with .mvn subdirectory is considered project base directory
167 | find_maven_basedir() {
168 |
169 | if [ -z "$1" ]
170 | then
171 | echo "Path not specified to find_maven_basedir"
172 | return 1
173 | fi
174 |
175 | basedir="$1"
176 | wdir="$1"
177 | while [ "$wdir" != '/' ] ; do
178 | if [ -d "$wdir"/.mvn ] ; then
179 | basedir=$wdir
180 | break
181 | fi
182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
183 | if [ -d "${wdir}" ]; then
184 | wdir=`cd "$wdir/.."; pwd`
185 | fi
186 | # end of workaround
187 | done
188 | echo "${basedir}"
189 | }
190 |
191 | # concatenates all lines of a file
192 | concat_lines() {
193 | if [ -f "$1" ]; then
194 | echo "$(tr -s '\n' ' ' < "$1")"
195 | fi
196 | }
197 |
198 | BASE_DIR=`find_maven_basedir "$(pwd)"`
199 | if [ -z "$BASE_DIR" ]; then
200 | exit 1;
201 | fi
202 |
203 | ##########################################################################################
204 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
205 | # This allows using the maven wrapper in projects that prohibit checking in binary data.
206 | ##########################################################################################
207 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
208 | if [ "$MVNW_VERBOSE" = true ]; then
209 | echo "Found .mvn/wrapper/maven-wrapper.jar"
210 | fi
211 | else
212 | if [ "$MVNW_VERBOSE" = true ]; then
213 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
214 | fi
215 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar"
216 | while IFS="=" read key value; do
217 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
218 | esac
219 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
220 | if [ "$MVNW_VERBOSE" = true ]; then
221 | echo "Downloading from: $jarUrl"
222 | fi
223 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
224 |
225 | if command -v wget > /dev/null; then
226 | if [ "$MVNW_VERBOSE" = true ]; then
227 | echo "Found wget ... using wget"
228 | fi
229 | wget "$jarUrl" -O "$wrapperJarPath"
230 | elif command -v curl > /dev/null; then
231 | if [ "$MVNW_VERBOSE" = true ]; then
232 | echo "Found curl ... using curl"
233 | fi
234 | curl -o "$wrapperJarPath" "$jarUrl"
235 | else
236 | if [ "$MVNW_VERBOSE" = true ]; then
237 | echo "Falling back to using Java to download"
238 | fi
239 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
240 | if [ -e "$javaClass" ]; then
241 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
242 | if [ "$MVNW_VERBOSE" = true ]; then
243 | echo " - Compiling MavenWrapperDownloader.java ..."
244 | fi
245 | # Compiling the Java class
246 | ("$JAVA_HOME/bin/javac" "$javaClass")
247 | fi
248 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
249 | # Running the downloader
250 | if [ "$MVNW_VERBOSE" = true ]; then
251 | echo " - Running MavenWrapperDownloader.java ..."
252 | fi
253 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
254 | fi
255 | fi
256 | fi
257 | fi
258 | ##########################################################################################
259 | # End of extension
260 | ##########################################################################################
261 |
262 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
263 | if [ "$MVNW_VERBOSE" = true ]; then
264 | echo $MAVEN_PROJECTBASEDIR
265 | fi
266 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
267 |
268 | # For Cygwin, switch paths to Windows format before running java
269 | if $cygwin; then
270 | [ -n "$M2_HOME" ] &&
271 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
272 | [ -n "$JAVA_HOME" ] &&
273 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
274 | [ -n "$CLASSPATH" ] &&
275 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
276 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
277 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
278 | fi
279 |
280 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
281 |
282 | exec "$JAVACMD" \
283 | $MAVEN_OPTS \
284 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
285 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
286 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
287 |
--------------------------------------------------------------------------------
/josh-oauth2-client/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM http://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven2 Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM set title of command window
39 | title %0
40 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
42 |
43 | @REM set %HOME% to equivalent of $HOME
44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
45 |
46 | @REM Execute a user defined script before this one
47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
51 | :skipRcPre
52 |
53 | @setlocal
54 |
55 | set ERROR_CODE=0
56 |
57 | @REM To isolate internal variables from possible post scripts, we use another setlocal
58 | @setlocal
59 |
60 | @REM ==== START VALIDATION ====
61 | if not "%JAVA_HOME%" == "" goto OkJHome
62 |
63 | echo.
64 | echo Error: JAVA_HOME not found in your environment. >&2
65 | echo Please set the JAVA_HOME variable in your environment to match the >&2
66 | echo location of your Java installation. >&2
67 | echo.
68 | goto error
69 |
70 | :OkJHome
71 | if exist "%JAVA_HOME%\bin\java.exe" goto init
72 |
73 | echo.
74 | echo Error: JAVA_HOME is set to an invalid directory. >&2
75 | echo JAVA_HOME = "%JAVA_HOME%" >&2
76 | echo Please set the JAVA_HOME variable in your environment to match the >&2
77 | echo location of your Java installation. >&2
78 | echo.
79 | goto error
80 |
81 | @REM ==== END VALIDATION ====
82 |
83 | :init
84 |
85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
86 | @REM Fallback to current working directory if not found.
87 |
88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
90 |
91 | set EXEC_DIR=%CD%
92 | set WDIR=%EXEC_DIR%
93 | :findBaseDir
94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
95 | cd ..
96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
97 | set WDIR=%CD%
98 | goto findBaseDir
99 |
100 | :baseDirFound
101 | set MAVEN_PROJECTBASEDIR=%WDIR%
102 | cd "%EXEC_DIR%"
103 | goto endDetectBaseDir
104 |
105 | :baseDirNotFound
106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
107 | cd "%EXEC_DIR%"
108 |
109 | :endDetectBaseDir
110 |
111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
112 |
113 | @setlocal EnableExtensions EnableDelayedExpansion
114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
116 |
117 | :endReadAdditionalConfig
118 |
119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
122 |
123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar"
124 | FOR /F "tokens=1,2 delims==" %%A IN (%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties) DO (
125 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
126 | )
127 |
128 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
129 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data.
130 | if exist %WRAPPER_JAR% (
131 | echo Found %WRAPPER_JAR%
132 | ) else (
133 | echo Couldn't find %WRAPPER_JAR%, downloading it ...
134 | echo Downloading from: %DOWNLOAD_URL%
135 | powershell -Command "(New-Object Net.WebClient).DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"
136 | echo Finished downloading %WRAPPER_JAR%
137 | )
138 | @REM End of extension
139 |
140 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
141 | if ERRORLEVEL 1 goto error
142 | goto end
143 |
144 | :error
145 | set ERROR_CODE=1
146 |
147 | :end
148 | @endlocal & set ERROR_CODE=%ERROR_CODE%
149 |
150 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
151 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
152 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
153 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
154 | :skipRcPost
155 |
156 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
157 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
158 |
159 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
160 |
161 | exit /B %ERROR_CODE%
162 |
--------------------------------------------------------------------------------
/josh-oauth2-client/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | org.springframework.boot
8 | spring-boot-starter-parent
9 | 2.1.3.RELEASE
10 |
11 |
12 | sample
13 | josh-oauth2-client
14 | 0.0.1-SNAPSHOT
15 | josh-oauth2-client
16 | Demo project for Spring Boot
17 |
18 |
19 | 1.8
20 |
21 |
22 |
23 |
24 | org.springframework.boot
25 | spring-boot-starter-oauth2-client
26 |
27 |
28 | org.springframework.boot
29 | spring-boot-starter-webflux
30 |
31 |
32 |
33 | org.springframework.boot
34 | spring-boot-starter-test
35 | test
36 |
37 |
38 | io.projectreactor
39 | reactor-test
40 | test
41 |
42 |
43 |
44 |
45 |
46 |
47 | org.springframework.boot
48 | spring-boot-maven-plugin
49 |
50 |
51 |
52 |
53 |
54 |
--------------------------------------------------------------------------------
/josh-oauth2-client/src/main/java/sample/joshoauth2client/JoshOauth2ClientApplication.java:
--------------------------------------------------------------------------------
1 | package sample.joshoauth2client;
2 |
3 | import org.springframework.beans.factory.annotation.Autowired;
4 | import org.springframework.boot.SpringApplication;
5 | import org.springframework.boot.autoconfigure.SpringBootApplication;
6 | import org.springframework.context.annotation.Bean;
7 | import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
8 | import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
9 | import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
10 | import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction;
11 | import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
12 | import org.springframework.web.bind.annotation.GetMapping;
13 | import org.springframework.web.bind.annotation.RestController;
14 | import org.springframework.web.reactive.function.client.WebClient;
15 | import reactor.core.publisher.Mono;
16 |
17 | import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId;
18 | import static org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.oauth2AuthorizedClient;
19 |
20 | @SpringBootApplication
21 | @RestController
22 | public class JoshOauth2ClientApplication {
23 | @Autowired
24 | WebClient webClient;
25 |
26 | @Bean
27 | WebClient webClient(ReactiveClientRegistrationRepository clients,
28 | ServerOAuth2AuthorizedClientRepository authz) {
29 | ServerOAuth2AuthorizedClientExchangeFilterFunction oauth2 =
30 | new ServerOAuth2AuthorizedClientExchangeFilterFunction(clients, authz);
31 | // to do implicit set that
32 | // oauth2.setDefaultOAuth2AuthorizedClient(true);
33 | // oauth2.setDefaultClientRegistrationId("keycloak");
34 | return WebClient
35 | .builder()
36 | .filter(oauth2)
37 | .build();
38 | }
39 |
40 | @GetMapping("/explicit")
41 | Mono user(@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient client) {
42 | return webClient.get()
43 | .uri("http://localhost:9090/me")
44 | .attributes(oauth2AuthorizedClient(client))
45 | .retrieve()
46 | .bodyToMono(String.class);
47 |
48 | }
49 |
50 |
51 |
52 | @GetMapping("/implicit")
53 | Mono implicit() {
54 | return webClient.get()
55 | .uri("http://localhost:9090/me")
56 | .retrieve()
57 | .bodyToMono(String.class);
58 |
59 | }
60 |
61 | // this is including oauth2 great for a service since it doesn't need to get registeredclient
62 | @GetMapping("/good-service")
63 | Mono goodService() {
64 | // any interaction with OAuth2 token will refresh if expired or about to expire (implicit or explit both do this)
65 | return webClient.get()
66 | .uri("http://localhost:9090/me")
67 | .attributes(clientRegistrationId("keycloak"))
68 | .retrieve()
69 | .bodyToMono(String.class);
70 |
71 | }
72 |
73 | public static void main(String[] args) {
74 | SpringApplication.run(JoshOauth2ClientApplication.class, args);
75 | }
76 |
77 | }
78 |
--------------------------------------------------------------------------------
/josh-oauth2-client/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | server.port=8080
2 |
--------------------------------------------------------------------------------
/josh-oauth2-client/src/main/resources/application.yml:
--------------------------------------------------------------------------------
1 |
2 | spring:
3 | security:
4 | oauth2:
5 | client:
6 | provider:
7 | keycloak:
8 | issuer-uri: http://idp:9999/auth/realms/demo
9 | registration:
10 | keycloak:
11 | client-id: spring-security
12 | client-secret: bfbd9f62-02ce-4638-a370-80d45514bd0a
--------------------------------------------------------------------------------
/josh-oauth2-client/src/test/java/sample/joshoauth2client/JoshOauth2ClientApplicationTests.java:
--------------------------------------------------------------------------------
1 | package sample.joshoauth2client;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class JoshOauth2ClientApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/josh-resource-server/.gitignore:
--------------------------------------------------------------------------------
1 | HELP.md
2 | /target/
3 | !.mvn/wrapper/maven-wrapper.jar
4 |
5 | ### STS ###
6 | .apt_generated
7 | .classpath
8 | .factorypath
9 | .project
10 | .settings
11 | .springBeans
12 | .sts4-cache
13 |
14 | ### IntelliJ IDEA ###
15 | .idea
16 | *.iws
17 | *.iml
18 | *.ipr
19 |
20 | ### NetBeans ###
21 | /nbproject/private/
22 | /nbbuild/
23 | /dist/
24 | /nbdist/
25 | /.nb-gradle/
26 | /build/
27 |
--------------------------------------------------------------------------------
/josh-resource-server/.mvn/wrapper/MavenWrapperDownloader.java:
--------------------------------------------------------------------------------
1 | /*
2 | Licensed to the Apache Software Foundation (ASF) under one
3 | or more contributor license agreements. See the NOTICE file
4 | distributed with this work for additional information
5 | regarding copyright ownership. The ASF licenses this file
6 | to you under the Apache License, Version 2.0 (the
7 | "License"); you may not use this file except in compliance
8 | with the License. You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing,
13 | software distributed under the License is distributed on an
14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | KIND, either express or implied. See the License for the
16 | specific language governing permissions and limitations
17 | under the License.
18 | */
19 |
20 | import java.io.File;
21 | import java.io.FileInputStream;
22 | import java.io.FileOutputStream;
23 | import java.io.IOException;
24 | import java.net.URL;
25 | import java.nio.channels.Channels;
26 | import java.nio.channels.ReadableByteChannel;
27 | import java.util.Properties;
28 |
29 | public class MavenWrapperDownloader {
30 |
31 | /**
32 | * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.
33 | */
34 | private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar";
35 |
36 | /**
37 | * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to
38 | * use instead of the default one.
39 | */
40 | private static final String MAVEN_WRAPPER_PROPERTIES_PATH = ".mvn/wrapper/maven-wrapper.properties";
41 |
42 | /**
43 | * Path where the maven-wrapper.jar will be saved to.
44 | */
45 | private static final String MAVEN_WRAPPER_JAR_PATH = ".mvn/wrapper/maven-wrapper.jar";
46 |
47 | /**
48 | * Name of the property which should be used to override the default download url for the wrapper.
49 | */
50 | private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl";
51 |
52 | public static void main(String args[]) {
53 | System.out.println("- Downloader started");
54 | File baseDirectory = new File(args[0]);
55 | System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath());
56 |
57 | // If the maven-wrapper.properties exists, read it and check if it contains a custom
58 | // wrapperUrl parameter.
59 | File mavenWrapperPropertyFile = new File(baseDirectory,
60 | MAVEN_WRAPPER_PROPERTIES_PATH);
61 | String url = DEFAULT_DOWNLOAD_URL;
62 | if (mavenWrapperPropertyFile.exists()) {
63 | FileInputStream mavenWrapperPropertyFileInputStream = null;
64 | try {
65 | mavenWrapperPropertyFileInputStream = new FileInputStream(
66 | mavenWrapperPropertyFile);
67 | Properties mavenWrapperProperties = new Properties();
68 | mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
69 | url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
70 | }
71 | catch (IOException e) {
72 | System.out.println(
73 | "- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
74 | }
75 | finally {
76 | try {
77 | if (mavenWrapperPropertyFileInputStream != null) {
78 | mavenWrapperPropertyFileInputStream.close();
79 | }
80 | }
81 | catch (IOException e) {
82 | // Ignore ...
83 | }
84 | }
85 | }
86 | System.out.println("- Downloading from: : " + url);
87 |
88 | File outputFile = new File(baseDirectory.getAbsolutePath(),
89 | MAVEN_WRAPPER_JAR_PATH);
90 | if (!outputFile.getParentFile().exists()) {
91 | if (!outputFile.getParentFile().mkdirs()) {
92 | System.out.println(
93 | "- ERROR creating output direcrory '" + outputFile.getParentFile()
94 | .getAbsolutePath() + "'");
95 | }
96 | }
97 | System.out.println("- Downloading to: " + outputFile.getAbsolutePath());
98 | try {
99 | downloadFileFromURL(url, outputFile);
100 | System.out.println("Done");
101 | System.exit(0);
102 | }
103 | catch (Throwable e) {
104 | System.out.println("- Error downloading");
105 | e.printStackTrace();
106 | System.exit(1);
107 | }
108 | }
109 |
110 | private static void downloadFileFromURL(String urlString, File destination)
111 | throws Exception {
112 | URL website = new URL(urlString);
113 | ReadableByteChannel rbc;
114 | rbc = Channels.newChannel(website.openStream());
115 | FileOutputStream fos = new FileOutputStream(destination);
116 | fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
117 | fos.close();
118 | rbc.close();
119 | }
120 |
121 | }
122 |
--------------------------------------------------------------------------------
/josh-resource-server/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/rwinch/joshlong-oauth2/a83695b6e94d5c54ad718b5da5e5796e35801c55/josh-resource-server/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/josh-resource-server/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.0/apache-maven-3.6.0-bin.zip
2 |
--------------------------------------------------------------------------------
/josh-resource-server/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # http://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven2 Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Mingw, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | # TODO classpath?
118 | fi
119 |
120 | if [ -z "$JAVA_HOME" ]; then
121 | javaExecutable="`which javac`"
122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
123 | # readlink(1) is not available as standard on Solaris 10.
124 | readLink=`which readlink`
125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
126 | if $darwin ; then
127 | javaHome="`dirname \"$javaExecutable\"`"
128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
129 | else
130 | javaExecutable="`readlink -f \"$javaExecutable\"`"
131 | fi
132 | javaHome="`dirname \"$javaExecutable\"`"
133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
134 | JAVA_HOME="$javaHome"
135 | export JAVA_HOME
136 | fi
137 | fi
138 | fi
139 |
140 | if [ -z "$JAVACMD" ] ; then
141 | if [ -n "$JAVA_HOME" ] ; then
142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
143 | # IBM's JDK on AIX uses strange locations for the executables
144 | JAVACMD="$JAVA_HOME/jre/sh/java"
145 | else
146 | JAVACMD="$JAVA_HOME/bin/java"
147 | fi
148 | else
149 | JAVACMD="`which java`"
150 | fi
151 | fi
152 |
153 | if [ ! -x "$JAVACMD" ] ; then
154 | echo "Error: JAVA_HOME is not defined correctly." >&2
155 | echo " We cannot execute $JAVACMD" >&2
156 | exit 1
157 | fi
158 |
159 | if [ -z "$JAVA_HOME" ] ; then
160 | echo "Warning: JAVA_HOME environment variable is not set."
161 | fi
162 |
163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
164 |
165 | # traverses directory structure from process work directory to filesystem root
166 | # first directory with .mvn subdirectory is considered project base directory
167 | find_maven_basedir() {
168 |
169 | if [ -z "$1" ]
170 | then
171 | echo "Path not specified to find_maven_basedir"
172 | return 1
173 | fi
174 |
175 | basedir="$1"
176 | wdir="$1"
177 | while [ "$wdir" != '/' ] ; do
178 | if [ -d "$wdir"/.mvn ] ; then
179 | basedir=$wdir
180 | break
181 | fi
182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
183 | if [ -d "${wdir}" ]; then
184 | wdir=`cd "$wdir/.."; pwd`
185 | fi
186 | # end of workaround
187 | done
188 | echo "${basedir}"
189 | }
190 |
191 | # concatenates all lines of a file
192 | concat_lines() {
193 | if [ -f "$1" ]; then
194 | echo "$(tr -s '\n' ' ' < "$1")"
195 | fi
196 | }
197 |
198 | BASE_DIR=`find_maven_basedir "$(pwd)"`
199 | if [ -z "$BASE_DIR" ]; then
200 | exit 1;
201 | fi
202 |
203 | ##########################################################################################
204 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
205 | # This allows using the maven wrapper in projects that prohibit checking in binary data.
206 | ##########################################################################################
207 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
208 | if [ "$MVNW_VERBOSE" = true ]; then
209 | echo "Found .mvn/wrapper/maven-wrapper.jar"
210 | fi
211 | else
212 | if [ "$MVNW_VERBOSE" = true ]; then
213 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
214 | fi
215 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar"
216 | while IFS="=" read key value; do
217 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
218 | esac
219 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
220 | if [ "$MVNW_VERBOSE" = true ]; then
221 | echo "Downloading from: $jarUrl"
222 | fi
223 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
224 |
225 | if command -v wget > /dev/null; then
226 | if [ "$MVNW_VERBOSE" = true ]; then
227 | echo "Found wget ... using wget"
228 | fi
229 | wget "$jarUrl" -O "$wrapperJarPath"
230 | elif command -v curl > /dev/null; then
231 | if [ "$MVNW_VERBOSE" = true ]; then
232 | echo "Found curl ... using curl"
233 | fi
234 | curl -o "$wrapperJarPath" "$jarUrl"
235 | else
236 | if [ "$MVNW_VERBOSE" = true ]; then
237 | echo "Falling back to using Java to download"
238 | fi
239 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
240 | if [ -e "$javaClass" ]; then
241 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
242 | if [ "$MVNW_VERBOSE" = true ]; then
243 | echo " - Compiling MavenWrapperDownloader.java ..."
244 | fi
245 | # Compiling the Java class
246 | ("$JAVA_HOME/bin/javac" "$javaClass")
247 | fi
248 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
249 | # Running the downloader
250 | if [ "$MVNW_VERBOSE" = true ]; then
251 | echo " - Running MavenWrapperDownloader.java ..."
252 | fi
253 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
254 | fi
255 | fi
256 | fi
257 | fi
258 | ##########################################################################################
259 | # End of extension
260 | ##########################################################################################
261 |
262 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
263 | if [ "$MVNW_VERBOSE" = true ]; then
264 | echo $MAVEN_PROJECTBASEDIR
265 | fi
266 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
267 |
268 | # For Cygwin, switch paths to Windows format before running java
269 | if $cygwin; then
270 | [ -n "$M2_HOME" ] &&
271 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
272 | [ -n "$JAVA_HOME" ] &&
273 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
274 | [ -n "$CLASSPATH" ] &&
275 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
276 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
277 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
278 | fi
279 |
280 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
281 |
282 | exec "$JAVACMD" \
283 | $MAVEN_OPTS \
284 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
285 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
286 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
287 |
--------------------------------------------------------------------------------
/josh-resource-server/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM http://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven2 Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM set title of command window
39 | title %0
40 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
42 |
43 | @REM set %HOME% to equivalent of $HOME
44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
45 |
46 | @REM Execute a user defined script before this one
47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
51 | :skipRcPre
52 |
53 | @setlocal
54 |
55 | set ERROR_CODE=0
56 |
57 | @REM To isolate internal variables from possible post scripts, we use another setlocal
58 | @setlocal
59 |
60 | @REM ==== START VALIDATION ====
61 | if not "%JAVA_HOME%" == "" goto OkJHome
62 |
63 | echo.
64 | echo Error: JAVA_HOME not found in your environment. >&2
65 | echo Please set the JAVA_HOME variable in your environment to match the >&2
66 | echo location of your Java installation. >&2
67 | echo.
68 | goto error
69 |
70 | :OkJHome
71 | if exist "%JAVA_HOME%\bin\java.exe" goto init
72 |
73 | echo.
74 | echo Error: JAVA_HOME is set to an invalid directory. >&2
75 | echo JAVA_HOME = "%JAVA_HOME%" >&2
76 | echo Please set the JAVA_HOME variable in your environment to match the >&2
77 | echo location of your Java installation. >&2
78 | echo.
79 | goto error
80 |
81 | @REM ==== END VALIDATION ====
82 |
83 | :init
84 |
85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
86 | @REM Fallback to current working directory if not found.
87 |
88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
90 |
91 | set EXEC_DIR=%CD%
92 | set WDIR=%EXEC_DIR%
93 | :findBaseDir
94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
95 | cd ..
96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
97 | set WDIR=%CD%
98 | goto findBaseDir
99 |
100 | :baseDirFound
101 | set MAVEN_PROJECTBASEDIR=%WDIR%
102 | cd "%EXEC_DIR%"
103 | goto endDetectBaseDir
104 |
105 | :baseDirNotFound
106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
107 | cd "%EXEC_DIR%"
108 |
109 | :endDetectBaseDir
110 |
111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
112 |
113 | @setlocal EnableExtensions EnableDelayedExpansion
114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
116 |
117 | :endReadAdditionalConfig
118 |
119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
122 |
123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar"
124 | FOR /F "tokens=1,2 delims==" %%A IN (%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties) DO (
125 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
126 | )
127 |
128 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
129 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data.
130 | if exist %WRAPPER_JAR% (
131 | echo Found %WRAPPER_JAR%
132 | ) else (
133 | echo Couldn't find %WRAPPER_JAR%, downloading it ...
134 | echo Downloading from: %DOWNLOAD_URL%
135 | powershell -Command "(New-Object Net.WebClient).DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"
136 | echo Finished downloading %WRAPPER_JAR%
137 | )
138 | @REM End of extension
139 |
140 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
141 | if ERRORLEVEL 1 goto error
142 | goto end
143 |
144 | :error
145 | set ERROR_CODE=1
146 |
147 | :end
148 | @endlocal & set ERROR_CODE=%ERROR_CODE%
149 |
150 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
151 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
152 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
153 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
154 | :skipRcPost
155 |
156 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
157 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
158 |
159 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
160 |
161 | exit /B %ERROR_CODE%
162 |
--------------------------------------------------------------------------------
/josh-resource-server/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | org.springframework.boot
8 | spring-boot-starter-parent
9 | 2.1.3.RELEASE
10 |
11 |
12 | com.example
13 | demo
14 | 0.0.1-SNAPSHOT
15 | demo
16 | Demo project for Spring Boot
17 |
18 |
19 | 1.8
20 |
21 |
22 |
23 |
24 | org.springframework.boot
25 | spring-boot-starter-oauth2-resource-server
26 |
27 |
28 | org.springframework.boot
29 | spring-boot-starter-security
30 |
31 |
32 | org.springframework.boot
33 | spring-boot-starter-webflux
34 |
35 |
36 |
37 | org.springframework.boot
38 | spring-boot-starter-test
39 | test
40 |
41 |
42 | io.projectreactor
43 | reactor-test
44 | test
45 |
46 |
47 | org.springframework.security
48 | spring-security-test
49 | test
50 |
51 |
52 |
53 |
54 |
55 |
56 | org.springframework.boot
57 | spring-boot-maven-plugin
58 |
59 |
60 |
61 |
62 |
63 |
--------------------------------------------------------------------------------
/josh-resource-server/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/josh-resource-server/src/main/java/com/example/demo/UserController.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
4 | import org.springframework.security.oauth2.jwt.JwtClaimNames;
5 | import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
6 | import org.springframework.web.bind.annotation.GetMapping;
7 | import org.springframework.web.bind.annotation.RestController;
8 | import reactor.core.publisher.Mono;
9 |
10 | import java.security.Principal;
11 |
12 | /**
13 | * @author Rob Winch
14 | */
15 | @RestController
16 | public class UserController {
17 | @GetMapping("/me")
18 | Mono principal(Mono t) {
19 | // return t.map(token -> token.getToken().getClaimAsString(StandardClaimNames.EMAIL));
20 | return t.map(token -> token.getName());
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/josh-resource-server/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | spring.security.oauth2.resourceserver.jwt.issuer-uri=http://idp:9999/auth/realms/demo
2 | server.port=9090
--------------------------------------------------------------------------------
/josh-resource-server/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.Test;
4 | import org.junit.runner.RunWith;
5 | import org.springframework.boot.test.context.SpringBootTest;
6 | import org.springframework.test.context.junit4.SpringRunner;
7 |
8 | @RunWith(SpringRunner.class)
9 | @SpringBootTest
10 | public class DemoApplicationTests {
11 |
12 | @Test
13 | public void contextLoads() {
14 | }
15 |
16 | }
17 |
--------------------------------------------------------------------------------
/keycloak:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | ~/lib/keycloak-4.1.0.Final/bin/standalone.sh -Djboss.http.port=9999
4 |
--------------------------------------------------------------------------------
/realm-export.json:
--------------------------------------------------------------------------------
1 | {
2 | "id": "demo",
3 | "realm": "demo",
4 | "notBefore": 0,
5 | "revokeRefreshToken": false,
6 | "refreshTokenMaxReuse": 0,
7 | "accessTokenLifespan": 3600,
8 | "accessTokenLifespanForImplicitFlow": 900,
9 | "ssoSessionIdleTimeout": 1800,
10 | "ssoSessionMaxLifespan": 36000,
11 | "offlineSessionIdleTimeout": 2592000,
12 | "offlineSessionMaxLifespanEnabled": false,
13 | "offlineSessionMaxLifespan": 5184000,
14 | "accessCodeLifespan": 60,
15 | "accessCodeLifespanUserAction": 300,
16 | "accessCodeLifespanLogin": 1800,
17 | "actionTokenGeneratedByAdminLifespan": 43200,
18 | "actionTokenGeneratedByUserLifespan": 300,
19 | "enabled": true,
20 | "sslRequired": "external",
21 | "registrationAllowed": false,
22 | "registrationEmailAsUsername": false,
23 | "rememberMe": false,
24 | "verifyEmail": false,
25 | "loginWithEmailAllowed": true,
26 | "duplicateEmailsAllowed": false,
27 | "resetPasswordAllowed": false,
28 | "editUsernameAllowed": false,
29 | "bruteForceProtected": false,
30 | "permanentLockout": false,
31 | "maxFailureWaitSeconds": 900,
32 | "minimumQuickLoginWaitSeconds": 60,
33 | "waitIncrementSeconds": 60,
34 | "quickLoginCheckMilliSeconds": 1000,
35 | "maxDeltaTimeSeconds": 43200,
36 | "failureFactor": 30,
37 | "roles": {
38 | "realm": [
39 | {
40 | "id": "800b2f07-156c-41a3-bd94-99dd129d0d8e",
41 | "name": "admin",
42 | "composite": false,
43 | "clientRole": false,
44 | "containerId": "demo"
45 | },
46 | {
47 | "id": "f9e18db8-c1ee-47a6-b56e-5c6397ad8470",
48 | "name": "offline_access",
49 | "description": "${role_offline-access}",
50 | "composite": false,
51 | "clientRole": false,
52 | "containerId": "demo"
53 | },
54 | {
55 | "id": "dd81765e-bb78-4d53-8135-4560ae9acbfd",
56 | "name": "uma_authorization",
57 | "description": "${role_uma_authorization}",
58 | "composite": false,
59 | "clientRole": false,
60 | "containerId": "demo"
61 | }
62 | ],
63 | "client": {
64 | "realm-management": [
65 | {
66 | "id": "9b11c6fa-2dad-4837-9709-1e3bda1b3cae",
67 | "name": "manage-realm",
68 | "description": "${role_manage-realm}",
69 | "composite": false,
70 | "clientRole": true,
71 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
72 | },
73 | {
74 | "id": "3034cc94-da4c-4c6b-880a-14df88a10b2f",
75 | "name": "manage-users",
76 | "description": "${role_manage-users}",
77 | "composite": false,
78 | "clientRole": true,
79 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
80 | },
81 | {
82 | "id": "cc8ac609-a64e-4d08-b298-d2f156a0f811",
83 | "name": "manage-events",
84 | "description": "${role_manage-events}",
85 | "composite": false,
86 | "clientRole": true,
87 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
88 | },
89 | {
90 | "id": "4cbd13ff-136c-45e7-bf2a-26054bb0735c",
91 | "name": "view-users",
92 | "description": "${role_view-users}",
93 | "composite": true,
94 | "composites": {
95 | "client": {
96 | "realm-management": [
97 | "query-groups",
98 | "query-users"
99 | ]
100 | }
101 | },
102 | "clientRole": true,
103 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
104 | },
105 | {
106 | "id": "f999d262-d1f0-4f6c-bd97-cac49c0174e8",
107 | "name": "view-events",
108 | "description": "${role_view-events}",
109 | "composite": false,
110 | "clientRole": true,
111 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
112 | },
113 | {
114 | "id": "bdec47e0-c4df-4626-be48-a7b03edcd87d",
115 | "name": "manage-identity-providers",
116 | "description": "${role_manage-identity-providers}",
117 | "composite": false,
118 | "clientRole": true,
119 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
120 | },
121 | {
122 | "id": "b9061164-9a29-4a8d-a76f-f35cbe7844cb",
123 | "name": "realm-admin",
124 | "description": "${role_realm-admin}",
125 | "composite": true,
126 | "composites": {
127 | "client": {
128 | "realm-management": [
129 | "manage-realm",
130 | "manage-users",
131 | "manage-events",
132 | "view-users",
133 | "manage-identity-providers",
134 | "view-events",
135 | "view-realm",
136 | "view-identity-providers",
137 | "query-clients",
138 | "create-client",
139 | "impersonation",
140 | "query-groups",
141 | "view-clients",
142 | "manage-clients",
143 | "view-authorization",
144 | "manage-authorization",
145 | "query-realms",
146 | "query-users"
147 | ]
148 | }
149 | },
150 | "clientRole": true,
151 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
152 | },
153 | {
154 | "id": "8b60c626-80d6-435a-a59e-f4ede4070ab5",
155 | "name": "view-realm",
156 | "description": "${role_view-realm}",
157 | "composite": false,
158 | "clientRole": true,
159 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
160 | },
161 | {
162 | "id": "250508df-0e46-4f94-a92a-8850c497361f",
163 | "name": "view-identity-providers",
164 | "description": "${role_view-identity-providers}",
165 | "composite": false,
166 | "clientRole": true,
167 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
168 | },
169 | {
170 | "id": "4f3b0bfb-db04-4bff-b674-2a0b8f620793",
171 | "name": "query-clients",
172 | "description": "${role_query-clients}",
173 | "composite": false,
174 | "clientRole": true,
175 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
176 | },
177 | {
178 | "id": "91bc20a6-d8eb-4b26-a666-d2d7bee074d8",
179 | "name": "create-client",
180 | "description": "${role_create-client}",
181 | "composite": false,
182 | "clientRole": true,
183 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
184 | },
185 | {
186 | "id": "bb4dd019-f6d4-47f9-a4b8-451e189954ed",
187 | "name": "view-clients",
188 | "description": "${role_view-clients}",
189 | "composite": true,
190 | "composites": {
191 | "client": {
192 | "realm-management": [
193 | "query-clients"
194 | ]
195 | }
196 | },
197 | "clientRole": true,
198 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
199 | },
200 | {
201 | "id": "29e93f57-a56f-4ec3-8136-f3b8d60d27cc",
202 | "name": "query-groups",
203 | "description": "${role_query-groups}",
204 | "composite": false,
205 | "clientRole": true,
206 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
207 | },
208 | {
209 | "id": "0208a8b3-1538-4d6a-b9c8-9077f989a3cf",
210 | "name": "impersonation",
211 | "description": "${role_impersonation}",
212 | "composite": false,
213 | "clientRole": true,
214 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
215 | },
216 | {
217 | "id": "6e4daccf-989b-49fe-b352-f7956f7c41fd",
218 | "name": "manage-clients",
219 | "description": "${role_manage-clients}",
220 | "composite": false,
221 | "clientRole": true,
222 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
223 | },
224 | {
225 | "id": "08aec794-5b25-4a31-bc0b-06fb069c0edc",
226 | "name": "view-authorization",
227 | "description": "${role_view-authorization}",
228 | "composite": false,
229 | "clientRole": true,
230 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
231 | },
232 | {
233 | "id": "ecc98cea-8677-4eca-a4c9-c78bca57726f",
234 | "name": "manage-authorization",
235 | "description": "${role_manage-authorization}",
236 | "composite": false,
237 | "clientRole": true,
238 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
239 | },
240 | {
241 | "id": "dd93f9e7-b35b-4197-b721-01befefa2da9",
242 | "name": "query-users",
243 | "description": "${role_query-users}",
244 | "composite": false,
245 | "clientRole": true,
246 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
247 | },
248 | {
249 | "id": "6e940418-1dfc-495b-b8f2-5e9cd4670b42",
250 | "name": "query-realms",
251 | "description": "${role_query-realms}",
252 | "composite": false,
253 | "clientRole": true,
254 | "containerId": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91"
255 | }
256 | ],
257 | "security-admin-console": [],
258 | "admin": [
259 | {
260 | "id": "f2e40f28-ca32-4c5a-9ca4-0a849cce13f6",
261 | "name": "uma_protection",
262 | "composite": false,
263 | "clientRole": true,
264 | "containerId": "7df11138-b94f-43f9-ba78-d4c9cedc21f5"
265 | }
266 | ],
267 | "admin-cli": [],
268 | "spring-security": [
269 | {
270 | "id": "6c049fdd-7650-4a0a-b9cd-923d84c8e2f3",
271 | "name": "uma_protection",
272 | "composite": false,
273 | "clientRole": true,
274 | "containerId": "2615235d-e834-4a7c-a472-76d822ac6048"
275 | }
276 | ],
277 | "broker": [
278 | {
279 | "id": "d1685825-7d82-43b7-817a-37760cb8b394",
280 | "name": "read-token",
281 | "description": "${role_read-token}",
282 | "composite": false,
283 | "clientRole": true,
284 | "containerId": "db376c1b-d8c3-4f75-8459-634a79732e8b"
285 | }
286 | ],
287 | "account": [
288 | {
289 | "id": "736b8c95-5af6-44ea-9853-833e8a39a1f4",
290 | "name": "manage-account",
291 | "description": "${role_manage-account}",
292 | "composite": true,
293 | "composites": {
294 | "client": {
295 | "account": [
296 | "manage-account-links"
297 | ]
298 | }
299 | },
300 | "clientRole": true,
301 | "containerId": "697d7b25-21b3-454e-9078-87c0fcdcc3e2"
302 | },
303 | {
304 | "id": "41e82e48-f8ca-47ac-a4bb-8800fa567782",
305 | "name": "manage-account-links",
306 | "description": "${role_manage-account-links}",
307 | "composite": false,
308 | "clientRole": true,
309 | "containerId": "697d7b25-21b3-454e-9078-87c0fcdcc3e2"
310 | },
311 | {
312 | "id": "7425dfc7-0c24-42ab-90d9-5fad7bfd6d33",
313 | "name": "view-profile",
314 | "description": "${role_view-profile}",
315 | "composite": false,
316 | "clientRole": true,
317 | "containerId": "697d7b25-21b3-454e-9078-87c0fcdcc3e2"
318 | }
319 | ]
320 | }
321 | },
322 | "groups": [],
323 | "defaultRoles": [
324 | "uma_authorization",
325 | "offline_access"
326 | ],
327 | "requiredCredentials": [
328 | "password"
329 | ],
330 | "otpPolicyType": "totp",
331 | "otpPolicyAlgorithm": "HmacSHA1",
332 | "otpPolicyInitialCounter": 0,
333 | "otpPolicyDigits": 6,
334 | "otpPolicyLookAheadWindow": 1,
335 | "otpPolicyPeriod": 30,
336 | "otpSupportedApplications": [
337 | "FreeOTP",
338 | "Google Authenticator"
339 | ],
340 | "scopeMappings": [
341 | {
342 | "client": "admin-cli",
343 | "roles": [
344 | "admin"
345 | ]
346 | },
347 | {
348 | "clientScope": "offline_access",
349 | "roles": [
350 | "offline_access"
351 | ]
352 | }
353 | ],
354 | "clients": [
355 | {
356 | "id": "697d7b25-21b3-454e-9078-87c0fcdcc3e2",
357 | "clientId": "account",
358 | "name": "${client_account}",
359 | "baseUrl": "/auth/realms/demo/account",
360 | "surrogateAuthRequired": false,
361 | "enabled": true,
362 | "clientAuthenticatorType": "client-secret",
363 | "secret": "**********",
364 | "defaultRoles": [
365 | "manage-account",
366 | "view-profile"
367 | ],
368 | "redirectUris": [
369 | "/auth/realms/demo/account/*"
370 | ],
371 | "webOrigins": [],
372 | "notBefore": 0,
373 | "bearerOnly": false,
374 | "consentRequired": false,
375 | "standardFlowEnabled": true,
376 | "implicitFlowEnabled": false,
377 | "directAccessGrantsEnabled": false,
378 | "serviceAccountsEnabled": false,
379 | "publicClient": false,
380 | "frontchannelLogout": false,
381 | "protocol": "openid-connect",
382 | "attributes": {},
383 | "authenticationFlowBindingOverrides": {},
384 | "fullScopeAllowed": false,
385 | "nodeReRegistrationTimeout": 0,
386 | "defaultClientScopes": [
387 | "role_list",
388 | "profile",
389 | "email"
390 | ],
391 | "optionalClientScopes": [
392 | "address",
393 | "phone",
394 | "offline_access"
395 | ]
396 | },
397 | {
398 | "id": "7df11138-b94f-43f9-ba78-d4c9cedc21f5",
399 | "clientId": "admin",
400 | "surrogateAuthRequired": false,
401 | "enabled": true,
402 | "clientAuthenticatorType": "client-secret",
403 | "secret": "**********",
404 | "redirectUris": [
405 | "http://localhost:8080"
406 | ],
407 | "webOrigins": [],
408 | "notBefore": 0,
409 | "bearerOnly": false,
410 | "consentRequired": false,
411 | "standardFlowEnabled": true,
412 | "implicitFlowEnabled": false,
413 | "directAccessGrantsEnabled": true,
414 | "serviceAccountsEnabled": true,
415 | "publicClient": false,
416 | "frontchannelLogout": false,
417 | "protocol": "openid-connect",
418 | "attributes": {
419 | "saml.assertion.signature": "false",
420 | "saml.force.post.binding": "false",
421 | "saml.multivalued.roles": "false",
422 | "saml.encrypt": "false",
423 | "saml.server.signature": "false",
424 | "saml.server.signature.keyinfo.ext": "false",
425 | "exclude.session.state.from.auth.response": "false",
426 | "saml_force_name_id_format": "false",
427 | "saml.client.signature": "false",
428 | "tls.client.certificate.bound.access.tokens": "false",
429 | "saml.authnstatement": "false",
430 | "display.on.consent.screen": "false",
431 | "saml.onetimeuse.condition": "false"
432 | },
433 | "authenticationFlowBindingOverrides": {},
434 | "fullScopeAllowed": false,
435 | "nodeReRegistrationTimeout": -1,
436 | "protocolMappers": [
437 | {
438 | "id": "f4085a7e-0cd0-4b89-a597-ef899d5d394e",
439 | "name": "Client Host",
440 | "protocol": "openid-connect",
441 | "protocolMapper": "oidc-usersessionmodel-note-mapper",
442 | "consentRequired": false,
443 | "config": {
444 | "user.session.note": "clientHost",
445 | "id.token.claim": "true",
446 | "access.token.claim": "true",
447 | "claim.name": "clientHost",
448 | "jsonType.label": "String"
449 | }
450 | },
451 | {
452 | "id": "5fb39ea2-fb83-45ef-bedb-2b407e889127",
453 | "name": "Client IP Address",
454 | "protocol": "openid-connect",
455 | "protocolMapper": "oidc-usersessionmodel-note-mapper",
456 | "consentRequired": false,
457 | "config": {
458 | "user.session.note": "clientAddress",
459 | "id.token.claim": "true",
460 | "access.token.claim": "true",
461 | "claim.name": "clientAddress",
462 | "jsonType.label": "String"
463 | }
464 | },
465 | {
466 | "id": "521dca00-706d-4eef-a9d8-879006a7be99",
467 | "name": "Client ID",
468 | "protocol": "openid-connect",
469 | "protocolMapper": "oidc-usersessionmodel-note-mapper",
470 | "consentRequired": false,
471 | "config": {
472 | "user.session.note": "clientId",
473 | "id.token.claim": "true",
474 | "access.token.claim": "true",
475 | "claim.name": "clientId",
476 | "jsonType.label": "String"
477 | }
478 | }
479 | ],
480 | "defaultClientScopes": [
481 | "role_list",
482 | "profile",
483 | "email"
484 | ],
485 | "optionalClientScopes": [
486 | "address",
487 | "phone",
488 | "offline_access",
489 | "admin"
490 | ]
491 | },
492 | {
493 | "id": "a41e847f-06d0-4c8f-b03b-41fe210dc4af",
494 | "clientId": "admin-cli",
495 | "name": "${client_admin-cli}",
496 | "surrogateAuthRequired": false,
497 | "enabled": true,
498 | "clientAuthenticatorType": "client-secret",
499 | "secret": "**********",
500 | "redirectUris": [
501 | "http://localhost:8080"
502 | ],
503 | "webOrigins": [],
504 | "notBefore": 0,
505 | "bearerOnly": false,
506 | "consentRequired": false,
507 | "standardFlowEnabled": true,
508 | "implicitFlowEnabled": false,
509 | "directAccessGrantsEnabled": true,
510 | "serviceAccountsEnabled": false,
511 | "publicClient": true,
512 | "frontchannelLogout": false,
513 | "protocol": "openid-connect",
514 | "attributes": {
515 | "saml.assertion.signature": "false",
516 | "saml.force.post.binding": "false",
517 | "saml.multivalued.roles": "false",
518 | "saml.encrypt": "false",
519 | "saml.server.signature": "false",
520 | "saml.server.signature.keyinfo.ext": "false",
521 | "exclude.session.state.from.auth.response": "false",
522 | "saml_force_name_id_format": "false",
523 | "saml.client.signature": "false",
524 | "tls.client.certificate.bound.access.tokens": "false",
525 | "saml.authnstatement": "false",
526 | "display.on.consent.screen": "false",
527 | "saml.onetimeuse.condition": "false"
528 | },
529 | "authenticationFlowBindingOverrides": {},
530 | "fullScopeAllowed": true,
531 | "nodeReRegistrationTimeout": 0,
532 | "defaultClientScopes": [
533 | "role_list",
534 | "profile",
535 | "email"
536 | ],
537 | "optionalClientScopes": [
538 | "address",
539 | "phone",
540 | "offline_access"
541 | ]
542 | },
543 | {
544 | "id": "db376c1b-d8c3-4f75-8459-634a79732e8b",
545 | "clientId": "broker",
546 | "name": "${client_broker}",
547 | "surrogateAuthRequired": false,
548 | "enabled": true,
549 | "clientAuthenticatorType": "client-secret",
550 | "secret": "**********",
551 | "redirectUris": [],
552 | "webOrigins": [],
553 | "notBefore": 0,
554 | "bearerOnly": false,
555 | "consentRequired": false,
556 | "standardFlowEnabled": true,
557 | "implicitFlowEnabled": false,
558 | "directAccessGrantsEnabled": false,
559 | "serviceAccountsEnabled": false,
560 | "publicClient": false,
561 | "frontchannelLogout": false,
562 | "protocol": "openid-connect",
563 | "attributes": {},
564 | "authenticationFlowBindingOverrides": {},
565 | "fullScopeAllowed": false,
566 | "nodeReRegistrationTimeout": 0,
567 | "defaultClientScopes": [
568 | "role_list",
569 | "profile",
570 | "email"
571 | ],
572 | "optionalClientScopes": [
573 | "address",
574 | "phone",
575 | "offline_access"
576 | ]
577 | },
578 | {
579 | "id": "df9ee6ee-e7c0-47f3-8c96-bea98a008f91",
580 | "clientId": "realm-management",
581 | "name": "${client_realm-management}",
582 | "surrogateAuthRequired": false,
583 | "enabled": true,
584 | "clientAuthenticatorType": "client-secret",
585 | "secret": "**********",
586 | "redirectUris": [],
587 | "webOrigins": [],
588 | "notBefore": 0,
589 | "bearerOnly": true,
590 | "consentRequired": false,
591 | "standardFlowEnabled": true,
592 | "implicitFlowEnabled": false,
593 | "directAccessGrantsEnabled": false,
594 | "serviceAccountsEnabled": false,
595 | "publicClient": false,
596 | "frontchannelLogout": false,
597 | "protocol": "openid-connect",
598 | "attributes": {},
599 | "authenticationFlowBindingOverrides": {},
600 | "fullScopeAllowed": false,
601 | "nodeReRegistrationTimeout": 0,
602 | "defaultClientScopes": [
603 | "role_list",
604 | "profile",
605 | "email"
606 | ],
607 | "optionalClientScopes": [
608 | "address",
609 | "phone",
610 | "offline_access"
611 | ]
612 | },
613 | {
614 | "id": "1b798a79-99b9-494b-ab37-5bc5abfc8997",
615 | "clientId": "security-admin-console",
616 | "name": "${client_security-admin-console}",
617 | "baseUrl": "/auth/admin/demo/console/index.html",
618 | "surrogateAuthRequired": false,
619 | "enabled": true,
620 | "clientAuthenticatorType": "client-secret",
621 | "secret": "**********",
622 | "redirectUris": [
623 | "/auth/admin/demo/console/*"
624 | ],
625 | "webOrigins": [],
626 | "notBefore": 0,
627 | "bearerOnly": false,
628 | "consentRequired": false,
629 | "standardFlowEnabled": true,
630 | "implicitFlowEnabled": false,
631 | "directAccessGrantsEnabled": false,
632 | "serviceAccountsEnabled": false,
633 | "publicClient": true,
634 | "frontchannelLogout": false,
635 | "protocol": "openid-connect",
636 | "attributes": {},
637 | "authenticationFlowBindingOverrides": {},
638 | "fullScopeAllowed": false,
639 | "nodeReRegistrationTimeout": 0,
640 | "protocolMappers": [
641 | {
642 | "id": "57d73411-c137-4082-975f-19e49239468f",
643 | "name": "locale",
644 | "protocol": "openid-connect",
645 | "protocolMapper": "oidc-usermodel-attribute-mapper",
646 | "consentRequired": false,
647 | "config": {
648 | "userinfo.token.claim": "true",
649 | "user.attribute": "locale",
650 | "id.token.claim": "true",
651 | "access.token.claim": "true",
652 | "claim.name": "locale",
653 | "jsonType.label": "String"
654 | }
655 | }
656 | ],
657 | "defaultClientScopes": [
658 | "role_list",
659 | "profile",
660 | "email"
661 | ],
662 | "optionalClientScopes": [
663 | "address",
664 | "phone",
665 | "offline_access"
666 | ]
667 | },
668 | {
669 | "id": "2615235d-e834-4a7c-a472-76d822ac6048",
670 | "clientId": "spring-security",
671 | "surrogateAuthRequired": false,
672 | "enabled": true,
673 | "clientAuthenticatorType": "client-secret",
674 | "secret": "**********",
675 | "redirectUris": [
676 | "http://localhost:8080/login/oauth2/code/keycloak",
677 | "http://localhost:8080/authorize/oauth2/code/keycloak"
678 | ],
679 | "webOrigins": [],
680 | "notBefore": 0,
681 | "bearerOnly": false,
682 | "consentRequired": false,
683 | "standardFlowEnabled": true,
684 | "implicitFlowEnabled": false,
685 | "directAccessGrantsEnabled": true,
686 | "serviceAccountsEnabled": true,
687 | "authorizationServicesEnabled": true,
688 | "publicClient": false,
689 | "frontchannelLogout": false,
690 | "protocol": "openid-connect",
691 | "attributes": {
692 | "saml.assertion.signature": "false",
693 | "saml.force.post.binding": "false",
694 | "saml.multivalued.roles": "false",
695 | "saml.encrypt": "false",
696 | "saml.server.signature": "false",
697 | "saml.server.signature.keyinfo.ext": "false",
698 | "exclude.session.state.from.auth.response": "false",
699 | "saml_force_name_id_format": "false",
700 | "saml.client.signature": "false",
701 | "tls.client.certificate.bound.access.tokens": "false",
702 | "saml.authnstatement": "false",
703 | "display.on.consent.screen": "false",
704 | "saml.onetimeuse.condition": "false"
705 | },
706 | "authenticationFlowBindingOverrides": {},
707 | "fullScopeAllowed": true,
708 | "nodeReRegistrationTimeout": -1,
709 | "protocolMappers": [
710 | {
711 | "id": "ecd91b4d-95d7-4853-95bb-1e8e357606a2",
712 | "name": "user_id",
713 | "protocol": "openid-connect",
714 | "protocolMapper": "oidc-usermodel-attribute-mapper",
715 | "consentRequired": false,
716 | "config": {
717 | "userinfo.token.claim": "true",
718 | "user.attribute": "user_id",
719 | "id.token.claim": "true",
720 | "access.token.claim": "true",
721 | "claim.name": "user_id",
722 | "jsonType.label": "String"
723 | }
724 | },
725 | {
726 | "id": "83a25f1e-a77b-4e7a-bf38-1f4f7c69f4d2",
727 | "name": "Client ID",
728 | "protocol": "openid-connect",
729 | "protocolMapper": "oidc-usersessionmodel-note-mapper",
730 | "consentRequired": false,
731 | "config": {
732 | "user.session.note": "clientId",
733 | "id.token.claim": "true",
734 | "access.token.claim": "true",
735 | "claim.name": "clientId",
736 | "jsonType.label": "String"
737 | }
738 | },
739 | {
740 | "id": "46a484bb-9d3c-43fb-ad43-66959f6b5cb3",
741 | "name": "Client Host",
742 | "protocol": "openid-connect",
743 | "protocolMapper": "oidc-usersessionmodel-note-mapper",
744 | "consentRequired": false,
745 | "config": {
746 | "user.session.note": "clientHost",
747 | "id.token.claim": "true",
748 | "access.token.claim": "true",
749 | "claim.name": "clientHost",
750 | "jsonType.label": "String"
751 | }
752 | },
753 | {
754 | "id": "5094345b-1708-4e02-bff4-a2421954fa03",
755 | "name": "Client IP Address",
756 | "protocol": "openid-connect",
757 | "protocolMapper": "oidc-usersessionmodel-note-mapper",
758 | "consentRequired": false,
759 | "config": {
760 | "user.session.note": "clientAddress",
761 | "id.token.claim": "true",
762 | "access.token.claim": "true",
763 | "claim.name": "clientAddress",
764 | "jsonType.label": "String"
765 | }
766 | }
767 | ],
768 | "defaultClientScopes": [
769 | "role_list",
770 | "profile",
771 | "email"
772 | ],
773 | "optionalClientScopes": [
774 | "address",
775 | "message:read",
776 | "phone",
777 | "offline_access"
778 | ],
779 | "authorizationSettings": {
780 | "allowRemoteResourceManagement": false,
781 | "policyEnforcementMode": "ENFORCING",
782 | "resources": [
783 | {
784 | "name": "Default Resource",
785 | "uri": "/*",
786 | "type": "urn:spring-security:resources:default",
787 | "ownerManagedAccess": false,
788 | "attributes": {},
789 | "_id": "4db9cddb-4237-4983-a4a6-edf8adeef55a"
790 | }
791 | ],
792 | "policies": [
793 | {
794 | "id": "ea38f67e-a94e-4185-9216-3907f88b76bb",
795 | "name": "Default Policy",
796 | "description": "A policy that grants access only for users within this realm",
797 | "type": "js",
798 | "logic": "POSITIVE",
799 | "decisionStrategy": "AFFIRMATIVE",
800 | "config": {
801 | "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
802 | }
803 | },
804 | {
805 | "id": "e63d65cc-39c4-45ed-b47b-7b0ff85b7a08",
806 | "name": "Default Permission",
807 | "description": "A permission that applies to the default resource type",
808 | "type": "resource",
809 | "logic": "POSITIVE",
810 | "decisionStrategy": "UNANIMOUS",
811 | "config": {
812 | "defaultResourceType": "urn:spring-security:resources:default",
813 | "applyPolicies": "[\"Default Policy\"]"
814 | }
815 | }
816 | ],
817 | "scopes": []
818 | }
819 | }
820 | ],
821 | "clientScopes": [
822 | {
823 | "id": "09c72dab-ad37-4577-a443-4a0b12aecaba",
824 | "name": "address",
825 | "description": "OpenID Connect built-in scope: address",
826 | "protocol": "openid-connect",
827 | "attributes": {
828 | "consent.screen.text": "${addressScopeConsentText}",
829 | "display.on.consent.screen": "true"
830 | },
831 | "protocolMappers": [
832 | {
833 | "id": "63ca9ab3-52ff-455a-a27c-87ec502ef481",
834 | "name": "address",
835 | "protocol": "openid-connect",
836 | "protocolMapper": "oidc-address-mapper",
837 | "consentRequired": false,
838 | "config": {
839 | "user.attribute.formatted": "formatted",
840 | "user.attribute.country": "country",
841 | "user.attribute.postal_code": "postal_code",
842 | "userinfo.token.claim": "true",
843 | "user.attribute.street": "street",
844 | "id.token.claim": "true",
845 | "user.attribute.region": "region",
846 | "access.token.claim": "true",
847 | "user.attribute.locality": "locality"
848 | }
849 | }
850 | ]
851 | },
852 | {
853 | "id": "f01447c8-f250-464c-876f-dad30aae9c50",
854 | "name": "admin",
855 | "protocol": "openid-connect",
856 | "attributes": {
857 | "display.on.consent.screen": "false"
858 | }
859 | },
860 | {
861 | "id": "4039998d-fd63-41bc-8430-ea283930abd8",
862 | "name": "email",
863 | "description": "OpenID Connect built-in scope: email",
864 | "protocol": "openid-connect",
865 | "attributes": {
866 | "consent.screen.text": "${emailScopeConsentText}",
867 | "display.on.consent.screen": "true"
868 | },
869 | "protocolMappers": [
870 | {
871 | "id": "612d811d-c50d-4636-a56e-d1ae10758877",
872 | "name": "email",
873 | "protocol": "openid-connect",
874 | "protocolMapper": "oidc-usermodel-property-mapper",
875 | "consentRequired": false,
876 | "config": {
877 | "userinfo.token.claim": "true",
878 | "user.attribute": "email",
879 | "id.token.claim": "true",
880 | "access.token.claim": "true",
881 | "claim.name": "email",
882 | "jsonType.label": "String"
883 | }
884 | },
885 | {
886 | "id": "bc0a5904-79fb-4ea7-a1b2-0f6b4498eaf9",
887 | "name": "email verified",
888 | "protocol": "openid-connect",
889 | "protocolMapper": "oidc-usermodel-property-mapper",
890 | "consentRequired": false,
891 | "config": {
892 | "userinfo.token.claim": "true",
893 | "user.attribute": "emailVerified",
894 | "id.token.claim": "true",
895 | "access.token.claim": "true",
896 | "claim.name": "email_verified",
897 | "jsonType.label": "boolean"
898 | }
899 | }
900 | ]
901 | },
902 | {
903 | "id": "ee005041-52fe-4538-8f46-2b568fd1cbc4",
904 | "name": "message:read",
905 | "protocol": "openid-connect",
906 | "attributes": {
907 | "consent.screen.text": "",
908 | "display.on.consent.screen": "true"
909 | }
910 | },
911 | {
912 | "id": "0c7371fc-31fd-4ff1-bf3f-a673dcf64bb8",
913 | "name": "offline_access",
914 | "description": "OpenID Connect built-in scope: offline_access",
915 | "protocol": "openid-connect",
916 | "attributes": {
917 | "consent.screen.text": "${offlineAccessScopeConsentText}",
918 | "display.on.consent.screen": "true"
919 | }
920 | },
921 | {
922 | "id": "be5797a2-51bb-497c-8343-021d937ee9ca",
923 | "name": "phone",
924 | "description": "OpenID Connect built-in scope: phone",
925 | "protocol": "openid-connect",
926 | "attributes": {
927 | "consent.screen.text": "${phoneScopeConsentText}",
928 | "display.on.consent.screen": "true"
929 | },
930 | "protocolMappers": [
931 | {
932 | "id": "7a0489eb-2a2c-458e-803c-3e8b045ef1d3",
933 | "name": "phone number verified",
934 | "protocol": "openid-connect",
935 | "protocolMapper": "oidc-usermodel-attribute-mapper",
936 | "consentRequired": false,
937 | "config": {
938 | "userinfo.token.claim": "true",
939 | "user.attribute": "phoneNumberVerified",
940 | "id.token.claim": "true",
941 | "access.token.claim": "true",
942 | "claim.name": "phone_number_verified",
943 | "jsonType.label": "boolean"
944 | }
945 | },
946 | {
947 | "id": "91e866fa-f991-40be-af4e-0c96b4a55535",
948 | "name": "phone number",
949 | "protocol": "openid-connect",
950 | "protocolMapper": "oidc-usermodel-attribute-mapper",
951 | "consentRequired": false,
952 | "config": {
953 | "userinfo.token.claim": "true",
954 | "user.attribute": "phoneNumber",
955 | "id.token.claim": "true",
956 | "access.token.claim": "true",
957 | "claim.name": "phone_number",
958 | "jsonType.label": "String"
959 | }
960 | }
961 | ]
962 | },
963 | {
964 | "id": "bca2761f-a632-46ee-879b-0e163efb01e6",
965 | "name": "profile",
966 | "description": "OpenID Connect built-in scope: profile",
967 | "protocol": "openid-connect",
968 | "attributes": {
969 | "consent.screen.text": "${profileScopeConsentText}",
970 | "display.on.consent.screen": "true"
971 | },
972 | "protocolMappers": [
973 | {
974 | "id": "edcd048b-34c3-4bbf-bb60-ce905334e024",
975 | "name": "full name",
976 | "protocol": "openid-connect",
977 | "protocolMapper": "oidc-full-name-mapper",
978 | "consentRequired": false,
979 | "config": {
980 | "id.token.claim": "true",
981 | "access.token.claim": "true",
982 | "userinfo.token.claim": "true"
983 | }
984 | },
985 | {
986 | "id": "c1f164cc-fed1-4787-a9aa-9ae708901b19",
987 | "name": "website",
988 | "protocol": "openid-connect",
989 | "protocolMapper": "oidc-usermodel-attribute-mapper",
990 | "consentRequired": false,
991 | "config": {
992 | "userinfo.token.claim": "true",
993 | "user.attribute": "website",
994 | "id.token.claim": "true",
995 | "access.token.claim": "true",
996 | "claim.name": "website",
997 | "jsonType.label": "String"
998 | }
999 | },
1000 | {
1001 | "id": "74a71b5d-4c06-4465-9333-8e145bfe3ec5",
1002 | "name": "username",
1003 | "protocol": "openid-connect",
1004 | "protocolMapper": "oidc-usermodel-property-mapper",
1005 | "consentRequired": false,
1006 | "config": {
1007 | "userinfo.token.claim": "true",
1008 | "user.attribute": "username",
1009 | "id.token.claim": "true",
1010 | "access.token.claim": "true",
1011 | "claim.name": "preferred_username",
1012 | "jsonType.label": "String"
1013 | }
1014 | },
1015 | {
1016 | "id": "bccb3caa-f6f0-41a7-baf1-c04167d97748",
1017 | "name": "birthdate",
1018 | "protocol": "openid-connect",
1019 | "protocolMapper": "oidc-usermodel-attribute-mapper",
1020 | "consentRequired": false,
1021 | "config": {
1022 | "userinfo.token.claim": "true",
1023 | "user.attribute": "birthdate",
1024 | "id.token.claim": "true",
1025 | "access.token.claim": "true",
1026 | "claim.name": "birthdate",
1027 | "jsonType.label": "String"
1028 | }
1029 | },
1030 | {
1031 | "id": "789975c6-5d5d-497b-ab15-354108c374fe",
1032 | "name": "family name",
1033 | "protocol": "openid-connect",
1034 | "protocolMapper": "oidc-usermodel-property-mapper",
1035 | "consentRequired": false,
1036 | "config": {
1037 | "userinfo.token.claim": "true",
1038 | "user.attribute": "lastName",
1039 | "id.token.claim": "true",
1040 | "access.token.claim": "true",
1041 | "claim.name": "family_name",
1042 | "jsonType.label": "String"
1043 | }
1044 | },
1045 | {
1046 | "id": "c950e941-8b00-4ccf-8e58-ad0d5f7b6021",
1047 | "name": "zoneinfo",
1048 | "protocol": "openid-connect",
1049 | "protocolMapper": "oidc-usermodel-attribute-mapper",
1050 | "consentRequired": false,
1051 | "config": {
1052 | "userinfo.token.claim": "true",
1053 | "user.attribute": "zoneinfo",
1054 | "id.token.claim": "true",
1055 | "access.token.claim": "true",
1056 | "claim.name": "zoneinfo",
1057 | "jsonType.label": "String"
1058 | }
1059 | },
1060 | {
1061 | "id": "906e8458-9037-488b-ac39-9e2ddf75b70b",
1062 | "name": "picture",
1063 | "protocol": "openid-connect",
1064 | "protocolMapper": "oidc-usermodel-attribute-mapper",
1065 | "consentRequired": false,
1066 | "config": {
1067 | "userinfo.token.claim": "true",
1068 | "user.attribute": "picture",
1069 | "id.token.claim": "true",
1070 | "access.token.claim": "true",
1071 | "claim.name": "picture",
1072 | "jsonType.label": "String"
1073 | }
1074 | },
1075 | {
1076 | "id": "04bd8865-a3ef-4f34-b734-89ab7013dc36",
1077 | "name": "locale",
1078 | "protocol": "openid-connect",
1079 | "protocolMapper": "oidc-usermodel-attribute-mapper",
1080 | "consentRequired": false,
1081 | "config": {
1082 | "userinfo.token.claim": "true",
1083 | "user.attribute": "locale",
1084 | "id.token.claim": "true",
1085 | "access.token.claim": "true",
1086 | "claim.name": "locale",
1087 | "jsonType.label": "String"
1088 | }
1089 | },
1090 | {
1091 | "id": "09b2cc96-84eb-41ef-b5a1-627f9e42c41b",
1092 | "name": "updated at",
1093 | "protocol": "openid-connect",
1094 | "protocolMapper": "oidc-usermodel-attribute-mapper",
1095 | "consentRequired": false,
1096 | "config": {
1097 | "userinfo.token.claim": "true",
1098 | "user.attribute": "updatedAt",
1099 | "id.token.claim": "true",
1100 | "access.token.claim": "true",
1101 | "claim.name": "updated_at",
1102 | "jsonType.label": "String"
1103 | }
1104 | },
1105 | {
1106 | "id": "69836e70-c1fe-471b-97d7-e7ba505ac112",
1107 | "name": "given name",
1108 | "protocol": "openid-connect",
1109 | "protocolMapper": "oidc-usermodel-property-mapper",
1110 | "consentRequired": false,
1111 | "config": {
1112 | "userinfo.token.claim": "true",
1113 | "user.attribute": "firstName",
1114 | "id.token.claim": "true",
1115 | "access.token.claim": "true",
1116 | "claim.name": "given_name",
1117 | "jsonType.label": "String"
1118 | }
1119 | },
1120 | {
1121 | "id": "7c67142d-7788-4b9b-89c5-cbd19c5c419d",
1122 | "name": "profile",
1123 | "protocol": "openid-connect",
1124 | "protocolMapper": "oidc-usermodel-attribute-mapper",
1125 | "consentRequired": false,
1126 | "config": {
1127 | "userinfo.token.claim": "true",
1128 | "user.attribute": "profile",
1129 | "id.token.claim": "true",
1130 | "access.token.claim": "true",
1131 | "claim.name": "profile",
1132 | "jsonType.label": "String"
1133 | }
1134 | },
1135 | {
1136 | "id": "dbbf03c6-2d9f-4982-ab0c-3615dde6c6bb",
1137 | "name": "nickname",
1138 | "protocol": "openid-connect",
1139 | "protocolMapper": "oidc-usermodel-attribute-mapper",
1140 | "consentRequired": false,
1141 | "config": {
1142 | "userinfo.token.claim": "true",
1143 | "user.attribute": "nickname",
1144 | "id.token.claim": "true",
1145 | "access.token.claim": "true",
1146 | "claim.name": "nickname",
1147 | "jsonType.label": "String"
1148 | }
1149 | },
1150 | {
1151 | "id": "53c037ef-f9c4-47e3-b5fc-662debb43484",
1152 | "name": "gender",
1153 | "protocol": "openid-connect",
1154 | "protocolMapper": "oidc-usermodel-attribute-mapper",
1155 | "consentRequired": false,
1156 | "config": {
1157 | "userinfo.token.claim": "true",
1158 | "user.attribute": "gender",
1159 | "id.token.claim": "true",
1160 | "access.token.claim": "true",
1161 | "claim.name": "gender",
1162 | "jsonType.label": "String"
1163 | }
1164 | },
1165 | {
1166 | "id": "f35a6517-16e1-4ef4-afb1-c607d74be4c1",
1167 | "name": "middle name",
1168 | "protocol": "openid-connect",
1169 | "protocolMapper": "oidc-usermodel-attribute-mapper",
1170 | "consentRequired": false,
1171 | "config": {
1172 | "userinfo.token.claim": "true",
1173 | "user.attribute": "middleName",
1174 | "id.token.claim": "true",
1175 | "access.token.claim": "true",
1176 | "claim.name": "middle_name",
1177 | "jsonType.label": "String"
1178 | }
1179 | }
1180 | ]
1181 | },
1182 | {
1183 | "id": "97901a4c-658f-4e64-8a56-9fb082c25abb",
1184 | "name": "role_list",
1185 | "description": "SAML role list",
1186 | "protocol": "saml",
1187 | "attributes": {
1188 | "consent.screen.text": "${samlRoleListScopeConsentText}",
1189 | "display.on.consent.screen": "true"
1190 | },
1191 | "protocolMappers": [
1192 | {
1193 | "id": "f9e7caf0-c1ca-4463-b9d9-00643c6d631c",
1194 | "name": "role list",
1195 | "protocol": "saml",
1196 | "protocolMapper": "saml-role-list-mapper",
1197 | "consentRequired": false,
1198 | "config": {
1199 | "single": "false",
1200 | "attribute.nameformat": "Basic",
1201 | "attribute.name": "Role"
1202 | }
1203 | }
1204 | ]
1205 | }
1206 | ],
1207 | "defaultDefaultClientScopes": [
1208 | "role_list",
1209 | "profile",
1210 | "email"
1211 | ],
1212 | "defaultOptionalClientScopes": [
1213 | "offline_access",
1214 | "address",
1215 | "phone",
1216 | "message:read"
1217 | ],
1218 | "browserSecurityHeaders": {
1219 | "xContentTypeOptions": "nosniff",
1220 | "xRobotsTag": "none",
1221 | "xFrameOptions": "SAMEORIGIN",
1222 | "xXSSProtection": "1; mode=block",
1223 | "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
1224 | "strictTransportSecurity": "max-age=31536000; includeSubDomains"
1225 | },
1226 | "smtpServer": {},
1227 | "eventsEnabled": false,
1228 | "eventsListeners": [
1229 | "jboss-logging"
1230 | ],
1231 | "enabledEventTypes": [],
1232 | "adminEventsEnabled": false,
1233 | "adminEventsDetailsEnabled": false,
1234 | "components": {
1235 | "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
1236 | {
1237 | "id": "7d816113-7745-43c5-8971-fefcd527fb6b",
1238 | "name": "Allowed Client Scopes",
1239 | "providerId": "allowed-client-templates",
1240 | "subType": "anonymous",
1241 | "subComponents": {},
1242 | "config": {
1243 | "allow-default-scopes": [
1244 | "true"
1245 | ]
1246 | }
1247 | },
1248 | {
1249 | "id": "ae5f62e9-2639-47a3-9164-2f8a34e3c7f5",
1250 | "name": "Trusted Hosts",
1251 | "providerId": "trusted-hosts",
1252 | "subType": "anonymous",
1253 | "subComponents": {},
1254 | "config": {
1255 | "host-sending-registration-request-must-match": [
1256 | "true"
1257 | ],
1258 | "client-uris-must-match": [
1259 | "true"
1260 | ]
1261 | }
1262 | },
1263 | {
1264 | "id": "36afa3b0-8135-4101-9348-bbcdb6ba3d78",
1265 | "name": "Consent Required",
1266 | "providerId": "consent-required",
1267 | "subType": "anonymous",
1268 | "subComponents": {},
1269 | "config": {}
1270 | },
1271 | {
1272 | "id": "11ef8b1f-3d8e-40b4-97bb-0806a6023251",
1273 | "name": "Allowed Protocol Mapper Types",
1274 | "providerId": "allowed-protocol-mappers",
1275 | "subType": "authenticated",
1276 | "subComponents": {},
1277 | "config": {
1278 | "allowed-protocol-mapper-types": [
1279 | "oidc-address-mapper",
1280 | "saml-role-list-mapper",
1281 | "oidc-usermodel-attribute-mapper",
1282 | "saml-user-property-mapper",
1283 | "oidc-full-name-mapper",
1284 | "saml-user-attribute-mapper",
1285 | "oidc-usermodel-property-mapper",
1286 | "oidc-sha256-pairwise-sub-mapper"
1287 | ]
1288 | }
1289 | },
1290 | {
1291 | "id": "51256c1b-58d2-4646-afe0-1f703fd9e531",
1292 | "name": "Full Scope Disabled",
1293 | "providerId": "scope",
1294 | "subType": "anonymous",
1295 | "subComponents": {},
1296 | "config": {}
1297 | },
1298 | {
1299 | "id": "0e9978f7-00d1-47ed-a9a3-11a567a0b80d",
1300 | "name": "Max Clients Limit",
1301 | "providerId": "max-clients",
1302 | "subType": "anonymous",
1303 | "subComponents": {},
1304 | "config": {
1305 | "max-clients": [
1306 | "200"
1307 | ]
1308 | }
1309 | },
1310 | {
1311 | "id": "5efc848f-a180-4b32-8f96-a691510ce000",
1312 | "name": "Allowed Client Scopes",
1313 | "providerId": "allowed-client-templates",
1314 | "subType": "authenticated",
1315 | "subComponents": {},
1316 | "config": {
1317 | "allow-default-scopes": [
1318 | "true"
1319 | ]
1320 | }
1321 | },
1322 | {
1323 | "id": "633f649f-cdd1-4f86-a8c2-28af23e68d84",
1324 | "name": "Allowed Protocol Mapper Types",
1325 | "providerId": "allowed-protocol-mappers",
1326 | "subType": "anonymous",
1327 | "subComponents": {},
1328 | "config": {
1329 | "allowed-protocol-mapper-types": [
1330 | "saml-user-attribute-mapper",
1331 | "oidc-usermodel-attribute-mapper",
1332 | "oidc-full-name-mapper",
1333 | "saml-role-list-mapper",
1334 | "saml-user-property-mapper",
1335 | "oidc-usermodel-property-mapper",
1336 | "oidc-address-mapper",
1337 | "oidc-sha256-pairwise-sub-mapper"
1338 | ]
1339 | }
1340 | }
1341 | ],
1342 | "org.keycloak.keys.KeyProvider": [
1343 | {
1344 | "id": "0d0ed749-879a-41b8-95ba-fe246370f52f",
1345 | "name": "hmac-generated",
1346 | "providerId": "hmac-generated",
1347 | "subComponents": {},
1348 | "config": {
1349 | "priority": [
1350 | "100"
1351 | ]
1352 | }
1353 | },
1354 | {
1355 | "id": "a63b4411-9e54-48d1-be30-ef0edf04f016",
1356 | "name": "rsa-generated",
1357 | "providerId": "rsa-generated",
1358 | "subComponents": {},
1359 | "config": {
1360 | "priority": [
1361 | "100"
1362 | ]
1363 | }
1364 | },
1365 | {
1366 | "id": "a01617a0-beae-4038-898c-602655d73eb6",
1367 | "name": "aes-generated",
1368 | "providerId": "aes-generated",
1369 | "subComponents": {},
1370 | "config": {
1371 | "priority": [
1372 | "100"
1373 | ]
1374 | }
1375 | }
1376 | ]
1377 | },
1378 | "internationalizationEnabled": false,
1379 | "supportedLocales": [],
1380 | "authenticationFlows": [
1381 | {
1382 | "id": "8a821a40-0bdb-4339-bac7-6644f75a9996",
1383 | "alias": "Handle Existing Account",
1384 | "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
1385 | "providerId": "basic-flow",
1386 | "topLevel": false,
1387 | "builtIn": true,
1388 | "authenticationExecutions": [
1389 | {
1390 | "authenticator": "idp-confirm-link",
1391 | "requirement": "REQUIRED",
1392 | "priority": 10,
1393 | "userSetupAllowed": false,
1394 | "autheticatorFlow": false
1395 | },
1396 | {
1397 | "authenticator": "idp-email-verification",
1398 | "requirement": "ALTERNATIVE",
1399 | "priority": 20,
1400 | "userSetupAllowed": false,
1401 | "autheticatorFlow": false
1402 | },
1403 | {
1404 | "requirement": "ALTERNATIVE",
1405 | "priority": 30,
1406 | "flowAlias": "Verify Existing Account by Re-authentication",
1407 | "userSetupAllowed": false,
1408 | "autheticatorFlow": true
1409 | }
1410 | ]
1411 | },
1412 | {
1413 | "id": "df443cae-796a-474d-abc8-c33a64811f94",
1414 | "alias": "Verify Existing Account by Re-authentication",
1415 | "description": "Reauthentication of existing account",
1416 | "providerId": "basic-flow",
1417 | "topLevel": false,
1418 | "builtIn": true,
1419 | "authenticationExecutions": [
1420 | {
1421 | "authenticator": "idp-username-password-form",
1422 | "requirement": "REQUIRED",
1423 | "priority": 10,
1424 | "userSetupAllowed": false,
1425 | "autheticatorFlow": false
1426 | },
1427 | {
1428 | "authenticator": "auth-otp-form",
1429 | "requirement": "OPTIONAL",
1430 | "priority": 20,
1431 | "userSetupAllowed": false,
1432 | "autheticatorFlow": false
1433 | }
1434 | ]
1435 | },
1436 | {
1437 | "id": "5b07b5a8-4a5c-462b-9522-8e3126715b90",
1438 | "alias": "browser",
1439 | "description": "browser based authentication",
1440 | "providerId": "basic-flow",
1441 | "topLevel": true,
1442 | "builtIn": true,
1443 | "authenticationExecutions": [
1444 | {
1445 | "authenticator": "auth-cookie",
1446 | "requirement": "ALTERNATIVE",
1447 | "priority": 10,
1448 | "userSetupAllowed": false,
1449 | "autheticatorFlow": false
1450 | },
1451 | {
1452 | "authenticator": "auth-spnego",
1453 | "requirement": "DISABLED",
1454 | "priority": 20,
1455 | "userSetupAllowed": false,
1456 | "autheticatorFlow": false
1457 | },
1458 | {
1459 | "authenticator": "identity-provider-redirector",
1460 | "requirement": "ALTERNATIVE",
1461 | "priority": 25,
1462 | "userSetupAllowed": false,
1463 | "autheticatorFlow": false
1464 | },
1465 | {
1466 | "requirement": "ALTERNATIVE",
1467 | "priority": 30,
1468 | "flowAlias": "forms",
1469 | "userSetupAllowed": false,
1470 | "autheticatorFlow": true
1471 | }
1472 | ]
1473 | },
1474 | {
1475 | "id": "7391bacd-6a9f-4123-9caf-c9f3877a8bb1",
1476 | "alias": "clients",
1477 | "description": "Base authentication for clients",
1478 | "providerId": "client-flow",
1479 | "topLevel": true,
1480 | "builtIn": true,
1481 | "authenticationExecutions": [
1482 | {
1483 | "authenticator": "client-secret",
1484 | "requirement": "ALTERNATIVE",
1485 | "priority": 10,
1486 | "userSetupAllowed": false,
1487 | "autheticatorFlow": false
1488 | },
1489 | {
1490 | "authenticator": "client-jwt",
1491 | "requirement": "ALTERNATIVE",
1492 | "priority": 20,
1493 | "userSetupAllowed": false,
1494 | "autheticatorFlow": false
1495 | },
1496 | {
1497 | "authenticator": "client-secret-jwt",
1498 | "requirement": "ALTERNATIVE",
1499 | "priority": 30,
1500 | "userSetupAllowed": false,
1501 | "autheticatorFlow": false
1502 | }
1503 | ]
1504 | },
1505 | {
1506 | "id": "eaaf7dd1-86e3-446c-b0fd-017185054b1c",
1507 | "alias": "direct grant",
1508 | "description": "OpenID Connect Resource Owner Grant",
1509 | "providerId": "basic-flow",
1510 | "topLevel": true,
1511 | "builtIn": true,
1512 | "authenticationExecutions": [
1513 | {
1514 | "authenticator": "direct-grant-validate-username",
1515 | "requirement": "REQUIRED",
1516 | "priority": 10,
1517 | "userSetupAllowed": false,
1518 | "autheticatorFlow": false
1519 | },
1520 | {
1521 | "authenticator": "direct-grant-validate-password",
1522 | "requirement": "REQUIRED",
1523 | "priority": 20,
1524 | "userSetupAllowed": false,
1525 | "autheticatorFlow": false
1526 | },
1527 | {
1528 | "authenticator": "direct-grant-validate-otp",
1529 | "requirement": "OPTIONAL",
1530 | "priority": 30,
1531 | "userSetupAllowed": false,
1532 | "autheticatorFlow": false
1533 | }
1534 | ]
1535 | },
1536 | {
1537 | "id": "91ae7f68-3bec-44b7-91aa-6f1f64b218b6",
1538 | "alias": "docker auth",
1539 | "description": "Used by Docker clients to authenticate against the IDP",
1540 | "providerId": "basic-flow",
1541 | "topLevel": true,
1542 | "builtIn": true,
1543 | "authenticationExecutions": [
1544 | {
1545 | "authenticator": "docker-http-basic-authenticator",
1546 | "requirement": "REQUIRED",
1547 | "priority": 10,
1548 | "userSetupAllowed": false,
1549 | "autheticatorFlow": false
1550 | }
1551 | ]
1552 | },
1553 | {
1554 | "id": "4c0d5333-aa6c-4d5b-9862-d5125ab82489",
1555 | "alias": "first broker login",
1556 | "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
1557 | "providerId": "basic-flow",
1558 | "topLevel": true,
1559 | "builtIn": true,
1560 | "authenticationExecutions": [
1561 | {
1562 | "authenticatorConfig": "review profile config",
1563 | "authenticator": "idp-review-profile",
1564 | "requirement": "REQUIRED",
1565 | "priority": 10,
1566 | "userSetupAllowed": false,
1567 | "autheticatorFlow": false
1568 | },
1569 | {
1570 | "authenticatorConfig": "create unique user config",
1571 | "authenticator": "idp-create-user-if-unique",
1572 | "requirement": "ALTERNATIVE",
1573 | "priority": 20,
1574 | "userSetupAllowed": false,
1575 | "autheticatorFlow": false
1576 | },
1577 | {
1578 | "requirement": "ALTERNATIVE",
1579 | "priority": 30,
1580 | "flowAlias": "Handle Existing Account",
1581 | "userSetupAllowed": false,
1582 | "autheticatorFlow": true
1583 | }
1584 | ]
1585 | },
1586 | {
1587 | "id": "a06113c8-8887-4e36-b614-0a08a0565080",
1588 | "alias": "forms",
1589 | "description": "Username, password, otp and other auth forms.",
1590 | "providerId": "basic-flow",
1591 | "topLevel": false,
1592 | "builtIn": true,
1593 | "authenticationExecutions": [
1594 | {
1595 | "authenticator": "auth-username-password-form",
1596 | "requirement": "REQUIRED",
1597 | "priority": 10,
1598 | "userSetupAllowed": false,
1599 | "autheticatorFlow": false
1600 | },
1601 | {
1602 | "authenticator": "auth-otp-form",
1603 | "requirement": "OPTIONAL",
1604 | "priority": 20,
1605 | "userSetupAllowed": false,
1606 | "autheticatorFlow": false
1607 | }
1608 | ]
1609 | },
1610 | {
1611 | "id": "f28316df-5640-4f03-bb01-9b4a3634bd2b",
1612 | "alias": "registration",
1613 | "description": "registration flow",
1614 | "providerId": "basic-flow",
1615 | "topLevel": true,
1616 | "builtIn": true,
1617 | "authenticationExecutions": [
1618 | {
1619 | "authenticator": "registration-page-form",
1620 | "requirement": "REQUIRED",
1621 | "priority": 10,
1622 | "flowAlias": "registration form",
1623 | "userSetupAllowed": false,
1624 | "autheticatorFlow": true
1625 | }
1626 | ]
1627 | },
1628 | {
1629 | "id": "96bb6146-225a-4c65-9d91-95809dda9c8f",
1630 | "alias": "registration form",
1631 | "description": "registration form",
1632 | "providerId": "form-flow",
1633 | "topLevel": false,
1634 | "builtIn": true,
1635 | "authenticationExecutions": [
1636 | {
1637 | "authenticator": "registration-user-creation",
1638 | "requirement": "REQUIRED",
1639 | "priority": 20,
1640 | "userSetupAllowed": false,
1641 | "autheticatorFlow": false
1642 | },
1643 | {
1644 | "authenticator": "registration-profile-action",
1645 | "requirement": "REQUIRED",
1646 | "priority": 40,
1647 | "userSetupAllowed": false,
1648 | "autheticatorFlow": false
1649 | },
1650 | {
1651 | "authenticator": "registration-password-action",
1652 | "requirement": "REQUIRED",
1653 | "priority": 50,
1654 | "userSetupAllowed": false,
1655 | "autheticatorFlow": false
1656 | },
1657 | {
1658 | "authenticator": "registration-recaptcha-action",
1659 | "requirement": "DISABLED",
1660 | "priority": 60,
1661 | "userSetupAllowed": false,
1662 | "autheticatorFlow": false
1663 | }
1664 | ]
1665 | },
1666 | {
1667 | "id": "7e90eac8-2685-4dcc-9e63-7c1f7a64e1d8",
1668 | "alias": "reset credentials",
1669 | "description": "Reset credentials for a user if they forgot their password or something",
1670 | "providerId": "basic-flow",
1671 | "topLevel": true,
1672 | "builtIn": true,
1673 | "authenticationExecutions": [
1674 | {
1675 | "authenticator": "reset-credentials-choose-user",
1676 | "requirement": "REQUIRED",
1677 | "priority": 10,
1678 | "userSetupAllowed": false,
1679 | "autheticatorFlow": false
1680 | },
1681 | {
1682 | "authenticator": "reset-credential-email",
1683 | "requirement": "REQUIRED",
1684 | "priority": 20,
1685 | "userSetupAllowed": false,
1686 | "autheticatorFlow": false
1687 | },
1688 | {
1689 | "authenticator": "reset-password",
1690 | "requirement": "REQUIRED",
1691 | "priority": 30,
1692 | "userSetupAllowed": false,
1693 | "autheticatorFlow": false
1694 | },
1695 | {
1696 | "authenticator": "reset-otp",
1697 | "requirement": "OPTIONAL",
1698 | "priority": 40,
1699 | "userSetupAllowed": false,
1700 | "autheticatorFlow": false
1701 | }
1702 | ]
1703 | },
1704 | {
1705 | "id": "15f7018a-ec07-4167-bd1d-0e47a88c91bf",
1706 | "alias": "saml ecp",
1707 | "description": "SAML ECP Profile Authentication Flow",
1708 | "providerId": "basic-flow",
1709 | "topLevel": true,
1710 | "builtIn": true,
1711 | "authenticationExecutions": [
1712 | {
1713 | "authenticator": "http-basic-authenticator",
1714 | "requirement": "REQUIRED",
1715 | "priority": 10,
1716 | "userSetupAllowed": false,
1717 | "autheticatorFlow": false
1718 | }
1719 | ]
1720 | }
1721 | ],
1722 | "authenticatorConfig": [
1723 | {
1724 | "id": "4cc2c667-b592-4eab-81ec-2e43142ae15f",
1725 | "alias": "create unique user config",
1726 | "config": {
1727 | "require.password.update.after.registration": "false"
1728 | }
1729 | },
1730 | {
1731 | "id": "1d00a131-cf5a-4b55-8b36-e04b3448da22",
1732 | "alias": "review profile config",
1733 | "config": {
1734 | "update.profile.on.first.login": "missing"
1735 | }
1736 | }
1737 | ],
1738 | "requiredActions": [
1739 | {
1740 | "alias": "CONFIGURE_TOTP",
1741 | "name": "Configure OTP",
1742 | "providerId": "CONFIGURE_TOTP",
1743 | "enabled": true,
1744 | "defaultAction": false,
1745 | "config": {}
1746 | },
1747 | {
1748 | "alias": "UPDATE_PASSWORD",
1749 | "name": "Update Password",
1750 | "providerId": "UPDATE_PASSWORD",
1751 | "enabled": true,
1752 | "defaultAction": false,
1753 | "config": {}
1754 | },
1755 | {
1756 | "alias": "UPDATE_PROFILE",
1757 | "name": "Update Profile",
1758 | "providerId": "UPDATE_PROFILE",
1759 | "enabled": true,
1760 | "defaultAction": false,
1761 | "config": {}
1762 | },
1763 | {
1764 | "alias": "VERIFY_EMAIL",
1765 | "name": "Verify Email",
1766 | "providerId": "VERIFY_EMAIL",
1767 | "enabled": true,
1768 | "defaultAction": false,
1769 | "config": {}
1770 | },
1771 | {
1772 | "alias": "terms_and_conditions",
1773 | "name": "Terms and Conditions",
1774 | "providerId": "terms_and_conditions",
1775 | "enabled": false,
1776 | "defaultAction": false,
1777 | "config": {}
1778 | }
1779 | ],
1780 | "browserFlow": "browser",
1781 | "registrationFlow": "registration",
1782 | "directGrantFlow": "direct grant",
1783 | "resetCredentialsFlow": "reset credentials",
1784 | "clientAuthenticationFlow": "clients",
1785 | "dockerAuthenticationFlow": "docker auth",
1786 | "attributes": {
1787 | "_browser_header.xXSSProtection": "1; mode=block",
1788 | "_browser_header.xFrameOptions": "SAMEORIGIN",
1789 | "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains",
1790 | "permanentLockout": "false",
1791 | "quickLoginCheckMilliSeconds": "1000",
1792 | "_browser_header.xRobotsTag": "none",
1793 | "maxFailureWaitSeconds": "900",
1794 | "minimumQuickLoginWaitSeconds": "60",
1795 | "failureFactor": "30",
1796 | "actionTokenGeneratedByUserLifespan": "300",
1797 | "maxDeltaTimeSeconds": "43200",
1798 | "_browser_header.xContentTypeOptions": "nosniff",
1799 | "offlineSessionMaxLifespan": "5184000",
1800 | "actionTokenGeneratedByAdminLifespan": "43200",
1801 | "bruteForceProtected": "false",
1802 | "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
1803 | "waitIncrementSeconds": "60",
1804 | "offlineSessionMaxLifespanEnabled": "false"
1805 | },
1806 | "keycloakVersion": "4.1.0.Final",
1807 | "userManagedAccessAllowed": false
1808 | }
--------------------------------------------------------------------------------