├── webapp
├── src
│ ├── assets
│ │ └── .gitkeep
│ ├── styles.scss
│ ├── app
│ │ ├── app.routes.ts
│ │ ├── app.component.html
│ │ ├── app.component.scss
│ │ ├── app.component.ts
│ │ ├── app.component.spec.ts
│ │ └── app.config.ts
│ ├── favicon.ico
│ ├── main.ts
│ └── index.html
├── .vscode
│ ├── extensions.json
│ ├── launch.json
│ └── tasks.json
├── tsconfig.app.json
├── tsconfig.spec.json
├── .editorconfig
├── .gitignore
├── tsconfig.json
├── README.md
├── package.json
└── angular.json
├── backend
├── .mvn
│ └── wrapper
│ │ ├── maven-wrapper.jar
│ │ └── maven-wrapper.properties
├── src
│ ├── main
│ │ ├── resources
│ │ │ └── application.properties
│ │ └── java
│ │ │ └── com
│ │ │ └── example
│ │ │ └── demo
│ │ │ ├── DemoApplication.java
│ │ │ ├── jwt
│ │ │ ├── CustomJwt.java
│ │ │ └── CustomJwtConverter.java
│ │ │ ├── controller
│ │ │ └── HelloController.java
│ │ │ └── config
│ │ │ └── SecurityConfig.java
│ └── test
│ │ └── java
│ │ └── com
│ │ └── example
│ │ └── demo
│ │ └── DemoApplicationTests.java
├── .gitignore
├── pom.xml
├── mvnw.cmd
└── mvnw
├── keycloak
├── Dockerfile
├── docker-compose.yml
└── my-test-realm-realm.json
└── README.md
/webapp/src/assets/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/webapp/src/styles.scss:
--------------------------------------------------------------------------------
1 | /* You can add global styles to this file, and also import other style files */
2 |
--------------------------------------------------------------------------------
/webapp/src/app/app.routes.ts:
--------------------------------------------------------------------------------
1 | import { Routes } from '@angular/router';
2 |
3 | export const routes: Routes = [];
4 |
--------------------------------------------------------------------------------
/webapp/src/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tamani-coding/fullstack-oauth2-angular-spring-boot-keycloak/HEAD/webapp/src/favicon.ico
--------------------------------------------------------------------------------
/backend/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tamani-coding/fullstack-oauth2-angular-spring-boot-keycloak/HEAD/backend/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/webapp/.vscode/extensions.json:
--------------------------------------------------------------------------------
1 | {
2 | // For more information, visit: https://go.microsoft.com/fwlink/?linkid=827846
3 | "recommendations": ["angular.ng-template"]
4 | }
5 |
--------------------------------------------------------------------------------
/backend/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8180/realms/my-test-realm
2 | logging.level.org.springframework.security=TRACE
--------------------------------------------------------------------------------
/backend/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip
2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar
3 |
--------------------------------------------------------------------------------
/webapp/src/main.ts:
--------------------------------------------------------------------------------
1 | import { bootstrapApplication } from '@angular/platform-browser';
2 | import { AppComponent } from './app/app.component';
3 | import { appConfig } from './app/app.config';
4 |
5 | bootstrapApplication(AppComponent, appConfig)
6 | .catch((err) => console.error(err));
7 |
--------------------------------------------------------------------------------
/backend/src/test/java/com/example/demo/DemoApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | class DemoApplicationTests {
8 |
9 | @Test
10 | void contextLoads() {
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/webapp/src/app/app.component.html:
--------------------------------------------------------------------------------
1 |
2 |
Fullstack OAuth2 Keycloak
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
13 | {{ helloText }}
14 |
15 |
--------------------------------------------------------------------------------
/webapp/tsconfig.app.json:
--------------------------------------------------------------------------------
1 | /* To learn more about this file see: https://angular.io/config/tsconfig. */
2 | {
3 | "extends": "./tsconfig.json",
4 | "compilerOptions": {
5 | "outDir": "./out-tsc/app",
6 | "types": []
7 | },
8 | "files": [
9 | "src/main.ts"
10 | ],
11 | "include": [
12 | "src/**/*.d.ts"
13 | ]
14 | }
15 |
--------------------------------------------------------------------------------
/webapp/tsconfig.spec.json:
--------------------------------------------------------------------------------
1 | /* To learn more about this file see: https://angular.io/config/tsconfig. */
2 | {
3 | "extends": "./tsconfig.json",
4 | "compilerOptions": {
5 | "outDir": "./out-tsc/spec",
6 | "types": [
7 | "jasmine"
8 | ]
9 | },
10 | "include": [
11 | "src/**/*.spec.ts",
12 | "src/**/*.d.ts"
13 | ]
14 | }
15 |
--------------------------------------------------------------------------------
/webapp/.editorconfig:
--------------------------------------------------------------------------------
1 | # Editor configuration, see https://editorconfig.org
2 | root = true
3 |
4 | [*]
5 | charset = utf-8
6 | indent_style = space
7 | indent_size = 2
8 | insert_final_newline = true
9 | trim_trailing_whitespace = true
10 |
11 | [*.ts]
12 | quote_type = single
13 |
14 | [*.md]
15 | max_line_length = off
16 | trim_trailing_whitespace = false
17 |
--------------------------------------------------------------------------------
/webapp/src/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Webapp
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/webapp/.vscode/launch.json:
--------------------------------------------------------------------------------
1 | {
2 | // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
3 | "version": "0.2.0",
4 | "configurations": [
5 | {
6 | "name": "Launch Chrome",
7 | "request": "launch",
8 | "type": "chrome",
9 | "url": "http://localhost:4200",
10 | "webRoot": "${workspaceFolder}"
11 | }
12 | ]
13 | }
14 |
--------------------------------------------------------------------------------
/backend/src/main/java/com/example/demo/DemoApplication.java:
--------------------------------------------------------------------------------
1 | package com.example.demo;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class DemoApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(DemoApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/webapp/src/app/app.component.scss:
--------------------------------------------------------------------------------
1 | div {
2 | font-family: 'Franklin Gothic Medium', 'Arial Narrow', Arial, sans-serif;
3 | font-size: x-large;
4 | margin-bottom: 1rem;
5 | margin-left: 2rem;
6 | display: flex;
7 | }
8 |
9 | button {
10 | font-family: 'Gill Sans', 'Gill Sans MT', Calibri, 'Trebuchet MS', sans-serif;
11 | font-weight: bold;
12 | border: 0;
13 | padding: 1rem;
14 | background-color: burlywood;
15 | cursor: pointer;
16 | }
17 |
--------------------------------------------------------------------------------
/backend/.gitignore:
--------------------------------------------------------------------------------
1 | HELP.md
2 | target/
3 | !.mvn/wrapper/maven-wrapper.jar
4 | !**/src/main/**/target/
5 | !**/src/test/**/target/
6 |
7 | ### STS ###
8 | .apt_generated
9 | .classpath
10 | .factorypath
11 | .project
12 | .settings
13 | .springBeans
14 | .sts4-cache
15 |
16 | ### IntelliJ IDEA ###
17 | .idea
18 | *.iws
19 | *.iml
20 | *.ipr
21 |
22 | ### NetBeans ###
23 | /nbproject/private/
24 | /nbbuild/
25 | /dist/
26 | /nbdist/
27 | /.nb-gradle/
28 | build/
29 | !**/src/main/**/build/
30 | !**/src/test/**/build/
31 |
32 | ### VS Code ###
33 | .vscode/
34 |
--------------------------------------------------------------------------------
/keycloak/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG KEYCLOAK_VERSION
2 |
3 | FROM quay.io/keycloak/keycloak:$KEYCLOAK_VERSION as builder
4 |
5 | # Configure a database vendor
6 | ENV KC_DB=postgres
7 |
8 | WORKDIR /opt/keycloak
9 | # for demonstration purposes only, please make sure to use proper certificates in production instead
10 | RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
11 | RUN /opt/keycloak/bin/kc.sh build
12 |
13 | FROM quay.io/keycloak/keycloak:$KEYCLOAK_VERSION
14 | COPY --from=builder /opt/keycloak/ /opt/keycloak/
15 |
16 | ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
--------------------------------------------------------------------------------
/webapp/.gitignore:
--------------------------------------------------------------------------------
1 | # See http://help.github.com/ignore-files/ for more about ignoring files.
2 |
3 | # Compiled output
4 | /dist
5 | /tmp
6 | /out-tsc
7 | /bazel-out
8 |
9 | # Node
10 | /node_modules
11 | npm-debug.log
12 | yarn-error.log
13 |
14 | # IDEs and editors
15 | .idea/
16 | .project
17 | .classpath
18 | .c9/
19 | *.launch
20 | .settings/
21 | *.sublime-workspace
22 |
23 | # Visual Studio Code
24 | .vscode/*
25 | !.vscode/settings.json
26 | !.vscode/tasks.json
27 | !.vscode/launch.json
28 | !.vscode/extensions.json
29 | .history/*
30 |
31 | # Miscellaneous
32 | /.angular/cache
33 | .sass-cache/
34 | /connect.lock
35 | /coverage
36 | /libpeerconnection.log
37 | testem.log
38 | /typings
39 |
40 | # System files
41 | .DS_Store
42 | Thumbs.db
43 |
--------------------------------------------------------------------------------
/backend/src/main/java/com/example/demo/jwt/CustomJwt.java:
--------------------------------------------------------------------------------
1 | package com.example.demo.jwt;
2 |
3 | import org.springframework.security.core.GrantedAuthority;
4 | import org.springframework.security.oauth2.jwt.Jwt;
5 | import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
6 |
7 | import java.util.Collection;
8 |
9 | public class CustomJwt extends JwtAuthenticationToken {
10 |
11 | private String firstname;
12 |
13 | private String lastname;
14 |
15 | public CustomJwt(Jwt jwt, Collection authorities) {
16 | super(jwt, authorities);
17 | }
18 |
19 | public String getFirstname() {
20 | return firstname;
21 | }
22 |
23 | public void setFirstname(String firstname) {
24 | this.firstname = firstname;
25 | }
26 |
27 | public String getLastname() {
28 | return lastname;
29 | }
30 |
31 | public void setLastname(String lastname) {
32 | this.lastname = lastname;
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/webapp/tsconfig.json:
--------------------------------------------------------------------------------
1 | /* To learn more about this file see: https://angular.io/config/tsconfig. */
2 | {
3 | "compileOnSave": false,
4 | "compilerOptions": {
5 | "outDir": "./dist/out-tsc",
6 | "forceConsistentCasingInFileNames": true,
7 | "strict": true,
8 | "noImplicitOverride": true,
9 | "noPropertyAccessFromIndexSignature": true,
10 | "noImplicitReturns": true,
11 | "noFallthroughCasesInSwitch": true,
12 | "esModuleInterop": true,
13 | "sourceMap": true,
14 | "declaration": false,
15 | "experimentalDecorators": true,
16 | "moduleResolution": "node",
17 | "importHelpers": true,
18 | "target": "ES2022",
19 | "module": "ES2022",
20 | "useDefineForClassFields": false,
21 | "lib": [
22 | "ES2022",
23 | "dom"
24 | ]
25 | },
26 | "angularCompilerOptions": {
27 | "enableI18nLegacyMessageIdFormat": false,
28 | "strictInjectionParameters": true,
29 | "strictInputAccessModifiers": true,
30 | "strictTemplates": true
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/webapp/src/app/app.component.ts:
--------------------------------------------------------------------------------
1 | import { Component } from '@angular/core';
2 | import { CommonModule } from '@angular/common';
3 | import { RouterOutlet } from '@angular/router';
4 | import { OAuthService } from 'angular-oauth2-oidc';
5 | import { HttpClient, HttpHeaders } from '@angular/common/http';
6 |
7 | @Component({
8 | selector: 'app-root',
9 | standalone: true,
10 | imports: [CommonModule, RouterOutlet],
11 | templateUrl: './app.component.html',
12 | styleUrl: './app.component.scss'
13 | })
14 | export class AppComponent {
15 | helloText = '';
16 |
17 | constructor(private oauthService: OAuthService, private httpClient: HttpClient) { }
18 |
19 | logout() {
20 | this.oauthService.logOut();
21 | }
22 |
23 | getHelloText() {
24 | this.httpClient.get<{ message: string }>('http://localhost:8080/hello', {
25 | headers: {
26 | 'Authorization': `Bearer ${this.oauthService.getAccessToken()}`
27 | }
28 | }).subscribe(result => {
29 | this.helloText = result.message;
30 | });
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/webapp/src/app/app.component.spec.ts:
--------------------------------------------------------------------------------
1 | import { TestBed } from '@angular/core/testing';
2 | import { AppComponent } from './app.component';
3 |
4 | describe('AppComponent', () => {
5 | beforeEach(async () => {
6 | await TestBed.configureTestingModule({
7 | imports: [AppComponent],
8 | }).compileComponents();
9 | });
10 |
11 | it('should create the app', () => {
12 | const fixture = TestBed.createComponent(AppComponent);
13 | const app = fixture.componentInstance;
14 | expect(app).toBeTruthy();
15 | });
16 |
17 | it(`should have the 'webapp' title`, () => {
18 | const fixture = TestBed.createComponent(AppComponent);
19 | const app = fixture.componentInstance;
20 | expect(app.title).toEqual('webapp');
21 | });
22 |
23 | it('should render title', () => {
24 | const fixture = TestBed.createComponent(AppComponent);
25 | fixture.detectChanges();
26 | const compiled = fixture.nativeElement as HTMLElement;
27 | expect(compiled.querySelector('h1')?.textContent).toContain('Hello, webapp');
28 | });
29 | });
30 |
--------------------------------------------------------------------------------
/webapp/.vscode/tasks.json:
--------------------------------------------------------------------------------
1 | {
2 | // For more information, visit: https://go.microsoft.com/fwlink/?LinkId=733558
3 | "version": "2.0.0",
4 | "tasks": [
5 | {
6 | "type": "npm",
7 | "script": "start",
8 | "isBackground": true,
9 | "problemMatcher": {
10 | "owner": "typescript",
11 | "pattern": "$tsc",
12 | "background": {
13 | "activeOnStart": true,
14 | "beginsPattern": {
15 | "regexp": "(.*?)"
16 | },
17 | "endsPattern": {
18 | "regexp": "bundle generation complete"
19 | }
20 | }
21 | }
22 | },
23 | {
24 | "type": "npm",
25 | "script": "test",
26 | "isBackground": true,
27 | "problemMatcher": {
28 | "owner": "typescript",
29 | "pattern": "$tsc",
30 | "background": {
31 | "activeOnStart": true,
32 | "beginsPattern": {
33 | "regexp": "(.*?)"
34 | },
35 | "endsPattern": {
36 | "regexp": "bundle generation complete"
37 | }
38 | }
39 | }
40 | }
41 | ]
42 | }
43 |
--------------------------------------------------------------------------------
/webapp/README.md:
--------------------------------------------------------------------------------
1 | # Webapp
2 |
3 | This project was generated with [Angular CLI](https://github.com/angular/angular-cli) version 17.0.1.
4 |
5 | ## Development server
6 |
7 | Run `ng serve` for a dev server. Navigate to `http://localhost:4200/`. The application will automatically reload if you change any of the source files.
8 |
9 | ## Code scaffolding
10 |
11 | Run `ng generate component component-name` to generate a new component. You can also use `ng generate directive|pipe|service|class|guard|interface|enum|module`.
12 |
13 | ## Build
14 |
15 | Run `ng build` to build the project. The build artifacts will be stored in the `dist/` directory.
16 |
17 | ## Running unit tests
18 |
19 | Run `ng test` to execute the unit tests via [Karma](https://karma-runner.github.io).
20 |
21 | ## Running end-to-end tests
22 |
23 | Run `ng e2e` to execute the end-to-end tests via a platform of your choice. To use this command, you need to first add a package that implements end-to-end testing capabilities.
24 |
25 | ## Further help
26 |
27 | To get more help on the Angular CLI use `ng help` or go check out the [Angular CLI Overview and Command Reference](https://angular.io/cli) page.
28 |
--------------------------------------------------------------------------------
/webapp/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "webapp",
3 | "version": "0.0.0",
4 | "scripts": {
5 | "ng": "ng",
6 | "start": "ng serve",
7 | "build": "ng build",
8 | "watch": "ng build --watch --configuration development",
9 | "test": "ng test"
10 | },
11 | "private": true,
12 | "dependencies": {
13 | "@angular/animations": "^17.0.0",
14 | "@angular/common": "^17.0.0",
15 | "@angular/compiler": "^17.0.0",
16 | "@angular/core": "^17.0.0",
17 | "@angular/forms": "^17.0.0",
18 | "@angular/platform-browser": "^17.0.0",
19 | "@angular/platform-browser-dynamic": "^17.0.0",
20 | "@angular/router": "^17.0.0",
21 | "angular-oauth2-oidc": "^15.0.1",
22 | "rxjs": "~7.8.0",
23 | "tslib": "^2.3.0",
24 | "zone.js": "~0.14.2"
25 | },
26 | "devDependencies": {
27 | "@angular-devkit/build-angular": "^17.0.1",
28 | "@angular/cli": "^17.0.1",
29 | "@angular/compiler-cli": "^17.0.0",
30 | "@types/jasmine": "~5.1.0",
31 | "jasmine-core": "~5.1.0",
32 | "karma": "~6.4.0",
33 | "karma-chrome-launcher": "~3.2.0",
34 | "karma-coverage": "~2.2.0",
35 | "karma-jasmine": "~5.1.0",
36 | "karma-jasmine-html-reporter": "~2.1.0",
37 | "typescript": "~5.2.2"
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/backend/src/main/java/com/example/demo/controller/HelloController.java:
--------------------------------------------------------------------------------
1 | package com.example.demo.controller;
2 |
3 | import com.example.demo.jwt.CustomJwt;
4 | import org.springframework.security.access.prepost.PreAuthorize;
5 | import org.springframework.security.core.context.SecurityContextHolder;
6 | import org.springframework.web.bind.annotation.CrossOrigin;
7 | import org.springframework.web.bind.annotation.GetMapping;
8 | import org.springframework.web.bind.annotation.RequestMethod;
9 | import org.springframework.web.bind.annotation.RestController;
10 |
11 | import java.text.MessageFormat;
12 |
13 | @RestController
14 | @CrossOrigin(
15 | origins = "http://localhost:4200",
16 | allowedHeaders = "*",
17 | methods = { RequestMethod.GET }
18 | )
19 | public class HelloController {
20 |
21 | @GetMapping("/hello")
22 | @PreAuthorize("hasAuthority('ROLE_fullstack-developer')")
23 | public Message hello() {
24 | var jwt = (CustomJwt) SecurityContextHolder.getContext().getAuthentication();
25 | var message = MessageFormat
26 | .format("Hello fullstack master {0} {1}, how is it going today?",
27 | jwt.getFirstname(), jwt.getLastname());
28 | return new Message(message);
29 | }
30 |
31 | record Message(String message) {}
32 | }
33 |
--------------------------------------------------------------------------------
/webapp/src/app/app.config.ts:
--------------------------------------------------------------------------------
1 | import { APP_INITIALIZER, ApplicationConfig } from '@angular/core';
2 | import { provideRouter } from '@angular/router';
3 | import { routes } from './app.routes';
4 | import { AuthConfig, OAuthService, provideOAuthClient } from 'angular-oauth2-oidc';
5 | import { provideHttpClient } from '@angular/common/http';
6 |
7 | export const authCodeFlowConfig: AuthConfig = {
8 | issuer: 'http://localhost:8180/realms/my-test-realm',
9 | tokenEndpoint: 'http://localhost:8180/realms/my-test-realm/protocol/openid-connect/token',
10 | redirectUri: window.location.origin,
11 | clientId: 'my-webapp-client',
12 | responseType: 'code',
13 | scope: 'openid profile',
14 | showDebugInformation: true,
15 | };
16 |
17 | function initializeOAuth(oauthService: OAuthService): Promise {
18 | return new Promise((resolve) => {
19 | oauthService.configure(authCodeFlowConfig);
20 | oauthService.setupAutomaticSilentRefresh();
21 | oauthService.loadDiscoveryDocumentAndLogin()
22 | .then(() => resolve());
23 | });
24 | }
25 |
26 | export const appConfig: ApplicationConfig = {
27 | providers: [
28 | provideRouter(routes),
29 | provideHttpClient(),
30 | provideOAuthClient(),
31 | {
32 | provide: APP_INITIALIZER,
33 | useFactory: (oauthService: OAuthService) => {
34 | return () => {
35 | initializeOAuth(oauthService);
36 | }
37 | },
38 | multi: true,
39 | deps: [
40 | OAuthService
41 | ]
42 | }
43 | ]
44 | };
45 |
--------------------------------------------------------------------------------
/backend/src/main/java/com/example/demo/config/SecurityConfig.java:
--------------------------------------------------------------------------------
1 | package com.example.demo.config;
2 |
3 | import com.example.demo.jwt.CustomJwt;
4 | import com.example.demo.jwt.CustomJwtConverter;
5 | import org.springframework.context.annotation.Bean;
6 | import org.springframework.context.annotation.Configuration;
7 | import org.springframework.core.convert.converter.Converter;
8 | import org.springframework.security.config.Customizer;
9 | import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
10 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
11 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
12 | import org.springframework.security.oauth2.jwt.Jwt;
13 | import org.springframework.security.web.SecurityFilterChain;
14 |
15 | @Configuration
16 | @EnableWebSecurity
17 | @EnableMethodSecurity
18 | public class SecurityConfig {
19 |
20 | @Bean
21 | public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
22 | http.cors(Customizer.withDefaults())
23 | .authorizeHttpRequests(authorize -> authorize
24 | .anyRequest().authenticated()
25 | )
26 | .oauth2ResourceServer((oauth2) -> oauth2.jwt(
27 | jwt -> jwt.jwtAuthenticationConverter(customJwtConverter())
28 | ));
29 | return http.build();
30 | }
31 |
32 | @Bean
33 | public Converter customJwtConverter() {
34 | return new CustomJwtConverter();
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/keycloak/docker-compose.yml:
--------------------------------------------------------------------------------
1 | version: "3.9"
2 | services:
3 | postgres:
4 | container_name: db
5 | image: "postgres:14.4"
6 | healthcheck:
7 | test: [ "CMD", "pg_isready", "-q", "-d", "postgres", "-U", "postgres" ]
8 | timeout: 45s
9 | interval: 10s
10 | retries: 10
11 | volumes:
12 | # change this to your local path
13 | - "postgres_data:/c/tutorials/volume"
14 | environment:
15 | POSTGRES_USER: postgres
16 | POSTGRES_PASSWORD: postgres
17 | POSTGRES_DB: keycloak
18 | POSTGRES_HOST: postgres
19 | networks:
20 | - local
21 | ports:
22 | - "5432:5432"
23 |
24 | keycloak:
25 | container_name: keycloak
26 | build:
27 | context: .
28 | args:
29 | KEYCLOAK_VERSION: 22.0.0
30 | command: ['start', '--optimized', '--import-realm']
31 | depends_on:
32 | - "postgres"
33 | environment:
34 | JAVA_OPTS_APPEND: -Dkeycloak.profile.feature.upload_scripts=enabled
35 | KC_DB_PASSWORD: postgres
36 | KC_DB_URL: jdbc:postgresql://postgres/keycloak
37 | KC_DB_USERNAME: postgres
38 | KC_HEALTH_ENABLED: 'true'
39 | KC_HTTP_ENABLED: 'true'
40 | KC_METRICS_ENABLED: 'true'
41 | KC_HOSTNAME_URL: http://localhost:8180
42 | KC_PROXY: reencrypt
43 | KEYCLOAK_ADMIN: admin
44 | KEYCLOAK_ADMIN_PASSWORD: password
45 | ports:
46 | - "8180:8080"
47 | - "8787:8787" # debug port
48 | networks:
49 | - local
50 | volumes:
51 | - ./my-test-realm-realm.json:/opt/keycloak/data/import/my-test-realm-realm.json
52 |
53 | networks:
54 | local:
55 | name: local
56 | driver: bridge
57 |
58 | volumes:
59 | postgres_data:
--------------------------------------------------------------------------------
/backend/src/main/java/com/example/demo/jwt/CustomJwtConverter.java:
--------------------------------------------------------------------------------
1 | package com.example.demo.jwt;
2 |
3 | import org.springframework.core.convert.converter.Converter;
4 | import org.springframework.lang.NonNull;
5 | import org.springframework.security.core.GrantedAuthority;
6 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
7 | import org.springframework.security.oauth2.jwt.Jwt;
8 |
9 | import java.util.ArrayList;
10 | import java.util.Collection;
11 | import java.util.List;
12 |
13 | public class CustomJwtConverter implements Converter {
14 |
15 | @Override
16 | public CustomJwt convert(@NonNull Jwt jwt) {
17 | // Extract claims and authorities as needed
18 | Collection authorities = extractAuthorities(jwt);
19 |
20 | // You can also map other information from the Jwt to the custom token
21 | var customJwt = new CustomJwt(jwt, authorities);
22 | customJwt.setFirstname(jwt.getClaimAsString("given_name"));
23 | customJwt.setLastname(jwt.getClaimAsString("family_name"));
24 | return customJwt;
25 | }
26 |
27 | private Collection extractAuthorities(Jwt jwt) {
28 | var authorities = new ArrayList();
29 |
30 | // ... your logic to extract and map the claims to GrantedAuthority ...
31 | var realm_access = jwt.getClaimAsMap("realm_access");
32 | if (realm_access != null && realm_access.get("roles") != null) {
33 | var roles = realm_access.get("roles");
34 | if (roles instanceof List l) {
35 | l.forEach(role ->
36 | authorities.add(new SimpleGrantedAuthority("ROLE_" + role))
37 | );
38 | }
39 | }
40 |
41 | return authorities;
42 | }
43 | }
--------------------------------------------------------------------------------
/backend/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | org.springframework.boot
7 | spring-boot-starter-parent
8 | 3.1.5
9 |
10 |
11 | com.example
12 | demo
13 | 0.0.1-SNAPSHOT
14 | demo
15 | Demo project for Spring Boot
16 |
17 | 21
18 |
19 |
20 |
21 | org.springframework.boot
22 | spring-boot-starter-oauth2-resource-server
23 |
24 |
25 | org.springframework.boot
26 | spring-boot-starter-security
27 |
28 |
29 | org.springframework.boot
30 | spring-boot-starter-web
31 |
32 |
33 |
34 | org.springframework.boot
35 | spring-boot-starter-test
36 | test
37 |
38 |
39 | org.springframework.security
40 | spring-security-test
41 | test
42 |
43 |
44 |
45 |
46 |
47 |
48 | org.springframework.boot
49 | spring-boot-maven-plugin
50 |
51 |
52 | paketobuildpacks/builder-jammy-base:latest
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # fullstack-oauth2-angular-spring-boot-keycloak
2 | An OAuth2 fullstack example with keycloak, angular and spring boot.
3 |
4 | ## setup keycloak
5 |
6 | Go to `keycloak` folder, modify `Dockerfile` or `docker-compose.yml` (e.g. adjust the `postgres_data` volume) and start up postgres and keycloak via `docker compose up --build`.
7 |
8 | The file `my-test-realm-realm.json` is used to import a complete realm configuration, including clients, users, roles, etc... into keycloak.
9 |
10 | Realm: `my-test-realm`, Username: `testuser-1`, Password: `testuser1`
11 |
12 | You may create and configure your own realm by using the keycloak admin console.
13 |
14 | Check if the keycloak admin console is reachable (`http://localhost:8180/`).
15 |
16 |
17 | ## angular webapp
18 |
19 | Angular webapp is in `webapp`. Made with angular 17.
20 |
21 | Using [angular-oauth2-oidc](https://www.npmjs.com/package/angular-oauth2-oidc)!
22 |
23 | The `main.ts` file bootstraps the webapp by proving the http client and the oauthservice. Also initializing the oauthservice by providing a configuration, setup of silent token refresh, loading discovery document and login of user, if not already done.
24 |
25 | The component `AppComponent` provides a basic demo of logout and calling a protected API with the access token.
26 |
27 | ## spring-boot backend
28 |
29 | Spring boot backend is in `backend` folder. Requires Maven and Java 21.
30 |
31 | The class `SecurityConfig` configures the security filter chain, enabling CORS, makes sure that all requests must be authenticated, configures to be an oauth2 resource server (verify access token via JWT issuer) and to use a custom JWT converter to extract all relevant data from the JWT.
32 |
33 | The `application.properties` file has the JWT issuer configured, pointing to the locally running keycloak.
34 |
35 | The `CustomJwt` is a customized JWT containing all relevant information we need extracted from the JWT bearer token.
36 |
37 | The `HelloController` has a basic GET endpoint, CORS is configured to work with a locally running angular webapp. The GET method returns a message, but only for authorized users which have the authority `ROLE_fullstack-developer`.
38 |
39 | The granted authorities are extracted by the `CustomJwtConverter`.
40 |
41 |
42 |
--------------------------------------------------------------------------------
/webapp/angular.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "./node_modules/@angular/cli/lib/config/schema.json",
3 | "version": 1,
4 | "newProjectRoot": "projects",
5 | "projects": {
6 | "webapp": {
7 | "projectType": "application",
8 | "schematics": {
9 | "@schematics/angular:component": {
10 | "style": "scss"
11 | }
12 | },
13 | "root": "",
14 | "sourceRoot": "src",
15 | "prefix": "app",
16 | "architect": {
17 | "build": {
18 | "builder": "@angular-devkit/build-angular:application",
19 | "options": {
20 | "outputPath": "dist/webapp",
21 | "index": "src/index.html",
22 | "browser": "src/main.ts",
23 | "polyfills": [
24 | "zone.js"
25 | ],
26 | "tsConfig": "tsconfig.app.json",
27 | "inlineStyleLanguage": "scss",
28 | "assets": [
29 | "src/favicon.ico",
30 | "src/assets"
31 | ],
32 | "styles": [
33 | "src/styles.scss"
34 | ],
35 | "scripts": []
36 | },
37 | "configurations": {
38 | "production": {
39 | "budgets": [
40 | {
41 | "type": "initial",
42 | "maximumWarning": "500kb",
43 | "maximumError": "1mb"
44 | },
45 | {
46 | "type": "anyComponentStyle",
47 | "maximumWarning": "2kb",
48 | "maximumError": "4kb"
49 | }
50 | ],
51 | "outputHashing": "all"
52 | },
53 | "development": {
54 | "optimization": false,
55 | "extractLicenses": false,
56 | "sourceMap": true
57 | }
58 | },
59 | "defaultConfiguration": "production"
60 | },
61 | "serve": {
62 | "builder": "@angular-devkit/build-angular:dev-server",
63 | "configurations": {
64 | "production": {
65 | "buildTarget": "webapp:build:production"
66 | },
67 | "development": {
68 | "buildTarget": "webapp:build:development"
69 | }
70 | },
71 | "defaultConfiguration": "development"
72 | },
73 | "extract-i18n": {
74 | "builder": "@angular-devkit/build-angular:extract-i18n",
75 | "options": {
76 | "buildTarget": "webapp:build"
77 | }
78 | },
79 | "test": {
80 | "builder": "@angular-devkit/build-angular:karma",
81 | "options": {
82 | "polyfills": [
83 | "zone.js",
84 | "zone.js/testing"
85 | ],
86 | "tsConfig": "tsconfig.spec.json",
87 | "inlineStyleLanguage": "scss",
88 | "assets": [
89 | "src/favicon.ico",
90 | "src/assets"
91 | ],
92 | "styles": [
93 | "src/styles.scss"
94 | ],
95 | "scripts": []
96 | }
97 | }
98 | }
99 | }
100 | }
101 | }
102 |
--------------------------------------------------------------------------------
/backend/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM https://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Apache Maven Wrapper startup batch script, version 3.2.0
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
28 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
29 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
30 | @REM e.g. to debug Maven itself, use
31 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
32 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
33 | @REM ----------------------------------------------------------------------------
34 |
35 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
36 | @echo off
37 | @REM set title of command window
38 | title %0
39 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
40 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
41 |
42 | @REM set %HOME% to equivalent of $HOME
43 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
44 |
45 | @REM Execute a user defined script before this one
46 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
47 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
48 | if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
49 | if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
50 | :skipRcPre
51 |
52 | @setlocal
53 |
54 | set ERROR_CODE=0
55 |
56 | @REM To isolate internal variables from possible post scripts, we use another setlocal
57 | @setlocal
58 |
59 | @REM ==== START VALIDATION ====
60 | if not "%JAVA_HOME%" == "" goto OkJHome
61 |
62 | echo.
63 | echo Error: JAVA_HOME not found in your environment. >&2
64 | echo Please set the JAVA_HOME variable in your environment to match the >&2
65 | echo location of your Java installation. >&2
66 | echo.
67 | goto error
68 |
69 | :OkJHome
70 | if exist "%JAVA_HOME%\bin\java.exe" goto init
71 |
72 | echo.
73 | echo Error: JAVA_HOME is set to an invalid directory. >&2
74 | echo JAVA_HOME = "%JAVA_HOME%" >&2
75 | echo Please set the JAVA_HOME variable in your environment to match the >&2
76 | echo location of your Java installation. >&2
77 | echo.
78 | goto error
79 |
80 | @REM ==== END VALIDATION ====
81 |
82 | :init
83 |
84 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
85 | @REM Fallback to current working directory if not found.
86 |
87 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
88 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
89 |
90 | set EXEC_DIR=%CD%
91 | set WDIR=%EXEC_DIR%
92 | :findBaseDir
93 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
94 | cd ..
95 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
96 | set WDIR=%CD%
97 | goto findBaseDir
98 |
99 | :baseDirFound
100 | set MAVEN_PROJECTBASEDIR=%WDIR%
101 | cd "%EXEC_DIR%"
102 | goto endDetectBaseDir
103 |
104 | :baseDirNotFound
105 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
106 | cd "%EXEC_DIR%"
107 |
108 | :endDetectBaseDir
109 |
110 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
111 |
112 | @setlocal EnableExtensions EnableDelayedExpansion
113 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
114 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
115 |
116 | :endReadAdditionalConfig
117 |
118 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
121 |
122 | set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
123 |
124 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
125 | IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B
126 | )
127 |
128 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
129 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data.
130 | if exist %WRAPPER_JAR% (
131 | if "%MVNW_VERBOSE%" == "true" (
132 | echo Found %WRAPPER_JAR%
133 | )
134 | ) else (
135 | if not "%MVNW_REPOURL%" == "" (
136 | SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
137 | )
138 | if "%MVNW_VERBOSE%" == "true" (
139 | echo Couldn't find %WRAPPER_JAR%, downloading it ...
140 | echo Downloading from: %WRAPPER_URL%
141 | )
142 |
143 | powershell -Command "&{"^
144 | "$webclient = new-object System.Net.WebClient;"^
145 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
146 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
147 | "}"^
148 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^
149 | "}"
150 | if "%MVNW_VERBOSE%" == "true" (
151 | echo Finished downloading %WRAPPER_JAR%
152 | )
153 | )
154 | @REM End of extension
155 |
156 | @REM If specified, validate the SHA-256 sum of the Maven wrapper jar file
157 | SET WRAPPER_SHA_256_SUM=""
158 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
159 | IF "%%A"=="wrapperSha256Sum" SET WRAPPER_SHA_256_SUM=%%B
160 | )
161 | IF NOT %WRAPPER_SHA_256_SUM%=="" (
162 | powershell -Command "&{"^
163 | "$hash = (Get-FileHash \"%WRAPPER_JAR%\" -Algorithm SHA256).Hash.ToLower();"^
164 | "If('%WRAPPER_SHA_256_SUM%' -ne $hash){"^
165 | " Write-Output 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';"^
166 | " Write-Output 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';"^
167 | " Write-Output 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';"^
168 | " exit 1;"^
169 | "}"^
170 | "}"
171 | if ERRORLEVEL 1 goto error
172 | )
173 |
174 | @REM Provide a "standardized" way to retrieve the CLI args that will
175 | @REM work with both Windows and non-Windows executions.
176 | set MAVEN_CMD_LINE_ARGS=%*
177 |
178 | %MAVEN_JAVA_EXE% ^
179 | %JVM_CONFIG_MAVEN_PROPS% ^
180 | %MAVEN_OPTS% ^
181 | %MAVEN_DEBUG_OPTS% ^
182 | -classpath %WRAPPER_JAR% ^
183 | "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
184 | %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
185 | if ERRORLEVEL 1 goto error
186 | goto end
187 |
188 | :error
189 | set ERROR_CODE=1
190 |
191 | :end
192 | @endlocal & set ERROR_CODE=%ERROR_CODE%
193 |
194 | if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
195 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
196 | if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
197 | if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
198 | :skipRcPost
199 |
200 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
201 | if "%MAVEN_BATCH_PAUSE%"=="on" pause
202 |
203 | if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
204 |
205 | cmd /C exit /B %ERROR_CODE%
206 |
--------------------------------------------------------------------------------
/backend/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # https://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Apache Maven Wrapper startup batch script, version 3.2.0
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | # e.g. to debug Maven itself, use
32 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | # ----------------------------------------------------------------------------
35 |
36 | if [ -z "$MAVEN_SKIP_RC" ] ; then
37 |
38 | if [ -f /usr/local/etc/mavenrc ] ; then
39 | . /usr/local/etc/mavenrc
40 | fi
41 |
42 | if [ -f /etc/mavenrc ] ; then
43 | . /etc/mavenrc
44 | fi
45 |
46 | if [ -f "$HOME/.mavenrc" ] ; then
47 | . "$HOME/.mavenrc"
48 | fi
49 |
50 | fi
51 |
52 | # OS specific support. $var _must_ be set to either true or false.
53 | cygwin=false;
54 | darwin=false;
55 | mingw=false
56 | case "$(uname)" in
57 | CYGWIN*) cygwin=true ;;
58 | MINGW*) mingw=true;;
59 | Darwin*) darwin=true
60 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
61 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
62 | if [ -z "$JAVA_HOME" ]; then
63 | if [ -x "/usr/libexec/java_home" ]; then
64 | JAVA_HOME="$(/usr/libexec/java_home)"; export JAVA_HOME
65 | else
66 | JAVA_HOME="/Library/Java/Home"; export JAVA_HOME
67 | fi
68 | fi
69 | ;;
70 | esac
71 |
72 | if [ -z "$JAVA_HOME" ] ; then
73 | if [ -r /etc/gentoo-release ] ; then
74 | JAVA_HOME=$(java-config --jre-home)
75 | fi
76 | fi
77 |
78 | # For Cygwin, ensure paths are in UNIX format before anything is touched
79 | if $cygwin ; then
80 | [ -n "$JAVA_HOME" ] &&
81 | JAVA_HOME=$(cygpath --unix "$JAVA_HOME")
82 | [ -n "$CLASSPATH" ] &&
83 | CLASSPATH=$(cygpath --path --unix "$CLASSPATH")
84 | fi
85 |
86 | # For Mingw, ensure paths are in UNIX format before anything is touched
87 | if $mingw ; then
88 | [ -n "$JAVA_HOME" ] && [ -d "$JAVA_HOME" ] &&
89 | JAVA_HOME="$(cd "$JAVA_HOME" || (echo "cannot cd into $JAVA_HOME."; exit 1); pwd)"
90 | fi
91 |
92 | if [ -z "$JAVA_HOME" ]; then
93 | javaExecutable="$(which javac)"
94 | if [ -n "$javaExecutable" ] && ! [ "$(expr "\"$javaExecutable\"" : '\([^ ]*\)')" = "no" ]; then
95 | # readlink(1) is not available as standard on Solaris 10.
96 | readLink=$(which readlink)
97 | if [ ! "$(expr "$readLink" : '\([^ ]*\)')" = "no" ]; then
98 | if $darwin ; then
99 | javaHome="$(dirname "\"$javaExecutable\"")"
100 | javaExecutable="$(cd "\"$javaHome\"" && pwd -P)/javac"
101 | else
102 | javaExecutable="$(readlink -f "\"$javaExecutable\"")"
103 | fi
104 | javaHome="$(dirname "\"$javaExecutable\"")"
105 | javaHome=$(expr "$javaHome" : '\(.*\)/bin')
106 | JAVA_HOME="$javaHome"
107 | export JAVA_HOME
108 | fi
109 | fi
110 | fi
111 |
112 | if [ -z "$JAVACMD" ] ; then
113 | if [ -n "$JAVA_HOME" ] ; then
114 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
115 | # IBM's JDK on AIX uses strange locations for the executables
116 | JAVACMD="$JAVA_HOME/jre/sh/java"
117 | else
118 | JAVACMD="$JAVA_HOME/bin/java"
119 | fi
120 | else
121 | JAVACMD="$(\unset -f command 2>/dev/null; \command -v java)"
122 | fi
123 | fi
124 |
125 | if [ ! -x "$JAVACMD" ] ; then
126 | echo "Error: JAVA_HOME is not defined correctly." >&2
127 | echo " We cannot execute $JAVACMD" >&2
128 | exit 1
129 | fi
130 |
131 | if [ -z "$JAVA_HOME" ] ; then
132 | echo "Warning: JAVA_HOME environment variable is not set."
133 | fi
134 |
135 | # traverses directory structure from process work directory to filesystem root
136 | # first directory with .mvn subdirectory is considered project base directory
137 | find_maven_basedir() {
138 | if [ -z "$1" ]
139 | then
140 | echo "Path not specified to find_maven_basedir"
141 | return 1
142 | fi
143 |
144 | basedir="$1"
145 | wdir="$1"
146 | while [ "$wdir" != '/' ] ; do
147 | if [ -d "$wdir"/.mvn ] ; then
148 | basedir=$wdir
149 | break
150 | fi
151 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
152 | if [ -d "${wdir}" ]; then
153 | wdir=$(cd "$wdir/.." || exit 1; pwd)
154 | fi
155 | # end of workaround
156 | done
157 | printf '%s' "$(cd "$basedir" || exit 1; pwd)"
158 | }
159 |
160 | # concatenates all lines of a file
161 | concat_lines() {
162 | if [ -f "$1" ]; then
163 | # Remove \r in case we run on Windows within Git Bash
164 | # and check out the repository with auto CRLF management
165 | # enabled. Otherwise, we may read lines that are delimited with
166 | # \r\n and produce $'-Xarg\r' rather than -Xarg due to word
167 | # splitting rules.
168 | tr -s '\r\n' ' ' < "$1"
169 | fi
170 | }
171 |
172 | log() {
173 | if [ "$MVNW_VERBOSE" = true ]; then
174 | printf '%s\n' "$1"
175 | fi
176 | }
177 |
178 | BASE_DIR=$(find_maven_basedir "$(dirname "$0")")
179 | if [ -z "$BASE_DIR" ]; then
180 | exit 1;
181 | fi
182 |
183 | MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR
184 | log "$MAVEN_PROJECTBASEDIR"
185 |
186 | ##########################################################################################
187 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
188 | # This allows using the maven wrapper in projects that prohibit checking in binary data.
189 | ##########################################################################################
190 | wrapperJarPath="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar"
191 | if [ -r "$wrapperJarPath" ]; then
192 | log "Found $wrapperJarPath"
193 | else
194 | log "Couldn't find $wrapperJarPath, downloading it ..."
195 |
196 | if [ -n "$MVNW_REPOURL" ]; then
197 | wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
198 | else
199 | wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
200 | fi
201 | while IFS="=" read -r key value; do
202 | # Remove '\r' from value to allow usage on windows as IFS does not consider '\r' as a separator ( considers space, tab, new line ('\n'), and custom '=' )
203 | safeValue=$(echo "$value" | tr -d '\r')
204 | case "$key" in (wrapperUrl) wrapperUrl="$safeValue"; break ;;
205 | esac
206 | done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
207 | log "Downloading from: $wrapperUrl"
208 |
209 | if $cygwin; then
210 | wrapperJarPath=$(cygpath --path --windows "$wrapperJarPath")
211 | fi
212 |
213 | if command -v wget > /dev/null; then
214 | log "Found wget ... using wget"
215 | [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--quiet"
216 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
217 | wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
218 | else
219 | wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
220 | fi
221 | elif command -v curl > /dev/null; then
222 | log "Found curl ... using curl"
223 | [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--silent"
224 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
225 | curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
226 | else
227 | curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
228 | fi
229 | else
230 | log "Falling back to using Java to download"
231 | javaSource="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.java"
232 | javaClass="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.class"
233 | # For Cygwin, switch paths to Windows format before running javac
234 | if $cygwin; then
235 | javaSource=$(cygpath --path --windows "$javaSource")
236 | javaClass=$(cygpath --path --windows "$javaClass")
237 | fi
238 | if [ -e "$javaSource" ]; then
239 | if [ ! -e "$javaClass" ]; then
240 | log " - Compiling MavenWrapperDownloader.java ..."
241 | ("$JAVA_HOME/bin/javac" "$javaSource")
242 | fi
243 | if [ -e "$javaClass" ]; then
244 | log " - Running MavenWrapperDownloader.java ..."
245 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$wrapperUrl" "$wrapperJarPath") || rm -f "$wrapperJarPath"
246 | fi
247 | fi
248 | fi
249 | fi
250 | ##########################################################################################
251 | # End of extension
252 | ##########################################################################################
253 |
254 | # If specified, validate the SHA-256 sum of the Maven wrapper jar file
255 | wrapperSha256Sum=""
256 | while IFS="=" read -r key value; do
257 | case "$key" in (wrapperSha256Sum) wrapperSha256Sum=$value; break ;;
258 | esac
259 | done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
260 | if [ -n "$wrapperSha256Sum" ]; then
261 | wrapperSha256Result=false
262 | if command -v sha256sum > /dev/null; then
263 | if echo "$wrapperSha256Sum $wrapperJarPath" | sha256sum -c > /dev/null 2>&1; then
264 | wrapperSha256Result=true
265 | fi
266 | elif command -v shasum > /dev/null; then
267 | if echo "$wrapperSha256Sum $wrapperJarPath" | shasum -a 256 -c > /dev/null 2>&1; then
268 | wrapperSha256Result=true
269 | fi
270 | else
271 | echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available."
272 | echo "Please install either command, or disable validation by removing 'wrapperSha256Sum' from your maven-wrapper.properties."
273 | exit 1
274 | fi
275 | if [ $wrapperSha256Result = false ]; then
276 | echo "Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised." >&2
277 | echo "Investigate or delete $wrapperJarPath to attempt a clean download." >&2
278 | echo "If you updated your Maven version, you need to update the specified wrapperSha256Sum property." >&2
279 | exit 1
280 | fi
281 | fi
282 |
283 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
284 |
285 | # For Cygwin, switch paths to Windows format before running java
286 | if $cygwin; then
287 | [ -n "$JAVA_HOME" ] &&
288 | JAVA_HOME=$(cygpath --path --windows "$JAVA_HOME")
289 | [ -n "$CLASSPATH" ] &&
290 | CLASSPATH=$(cygpath --path --windows "$CLASSPATH")
291 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
292 | MAVEN_PROJECTBASEDIR=$(cygpath --path --windows "$MAVEN_PROJECTBASEDIR")
293 | fi
294 |
295 | # Provide a "standardized" way to retrieve the CLI args that will
296 | # work with both Windows and non-Windows executions.
297 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $*"
298 | export MAVEN_CMD_LINE_ARGS
299 |
300 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
301 |
302 | # shellcheck disable=SC2086 # safe args
303 | exec "$JAVACMD" \
304 | $MAVEN_OPTS \
305 | $MAVEN_DEBUG_OPTS \
306 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
307 | "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
308 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
309 |
--------------------------------------------------------------------------------
/keycloak/my-test-realm-realm.json:
--------------------------------------------------------------------------------
1 | {
2 | "id" : "308bba17-5f3a-48e7-afce-5acf7b6b4486",
3 | "realm" : "my-test-realm",
4 | "notBefore" : 0,
5 | "defaultSignatureAlgorithm" : "RS256",
6 | "revokeRefreshToken" : false,
7 | "refreshTokenMaxReuse" : 0,
8 | "accessTokenLifespan" : 300,
9 | "accessTokenLifespanForImplicitFlow" : 900,
10 | "ssoSessionIdleTimeout" : 1800,
11 | "ssoSessionMaxLifespan" : 36000,
12 | "ssoSessionIdleTimeoutRememberMe" : 0,
13 | "ssoSessionMaxLifespanRememberMe" : 0,
14 | "offlineSessionIdleTimeout" : 2592000,
15 | "offlineSessionMaxLifespanEnabled" : false,
16 | "offlineSessionMaxLifespan" : 5184000,
17 | "clientSessionIdleTimeout" : 0,
18 | "clientSessionMaxLifespan" : 0,
19 | "clientOfflineSessionIdleTimeout" : 0,
20 | "clientOfflineSessionMaxLifespan" : 0,
21 | "accessCodeLifespan" : 60,
22 | "accessCodeLifespanUserAction" : 300,
23 | "accessCodeLifespanLogin" : 1800,
24 | "actionTokenGeneratedByAdminLifespan" : 43200,
25 | "actionTokenGeneratedByUserLifespan" : 300,
26 | "oauth2DeviceCodeLifespan" : 600,
27 | "oauth2DevicePollingInterval" : 5,
28 | "enabled" : true,
29 | "sslRequired" : "external",
30 | "registrationAllowed" : false,
31 | "registrationEmailAsUsername" : false,
32 | "rememberMe" : false,
33 | "verifyEmail" : false,
34 | "loginWithEmailAllowed" : true,
35 | "duplicateEmailsAllowed" : false,
36 | "resetPasswordAllowed" : false,
37 | "editUsernameAllowed" : false,
38 | "bruteForceProtected" : false,
39 | "permanentLockout" : false,
40 | "maxFailureWaitSeconds" : 900,
41 | "minimumQuickLoginWaitSeconds" : 60,
42 | "waitIncrementSeconds" : 60,
43 | "quickLoginCheckMilliSeconds" : 1000,
44 | "maxDeltaTimeSeconds" : 43200,
45 | "failureFactor" : 30,
46 | "roles" : {
47 | "realm" : [ {
48 | "id" : "c87fa265-e70f-40e0-8d9f-1f44916d8a5c",
49 | "name" : "fullstack-developer",
50 | "description" : "fullstack-developer",
51 | "composite" : false,
52 | "clientRole" : false,
53 | "containerId" : "308bba17-5f3a-48e7-afce-5acf7b6b4486",
54 | "attributes" : { }
55 | }, {
56 | "id" : "9fb40a08-eb20-4227-bd5b-7b2b55770d3a",
57 | "name" : "offline_access",
58 | "description" : "${role_offline-access}",
59 | "composite" : false,
60 | "clientRole" : false,
61 | "containerId" : "308bba17-5f3a-48e7-afce-5acf7b6b4486",
62 | "attributes" : { }
63 | }, {
64 | "id" : "319abe3a-54ee-4034-b6a2-1fd180d1b5f1",
65 | "name" : "uma_authorization",
66 | "description" : "${role_uma_authorization}",
67 | "composite" : false,
68 | "clientRole" : false,
69 | "containerId" : "308bba17-5f3a-48e7-afce-5acf7b6b4486",
70 | "attributes" : { }
71 | }, {
72 | "id" : "45ae5383-54f4-4668-894e-ac1d2dc30a1d",
73 | "name" : "default-roles-my-test-realm",
74 | "description" : "${role_default-roles}",
75 | "composite" : true,
76 | "composites" : {
77 | "realm" : [ "offline_access", "uma_authorization" ],
78 | "client" : {
79 | "account" : [ "manage-account", "view-profile" ]
80 | }
81 | },
82 | "clientRole" : false,
83 | "containerId" : "308bba17-5f3a-48e7-afce-5acf7b6b4486",
84 | "attributes" : { }
85 | } ],
86 | "client" : {
87 | "my-webapp-client" : [ ],
88 | "realm-management" : [ {
89 | "id" : "c8cd2a3f-b2ce-452d-91d7-cab61c4fbda6",
90 | "name" : "manage-clients",
91 | "description" : "${role_manage-clients}",
92 | "composite" : false,
93 | "clientRole" : true,
94 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
95 | "attributes" : { }
96 | }, {
97 | "id" : "f999044c-a9db-4ee5-815a-bd47d9f75cb9",
98 | "name" : "query-realms",
99 | "description" : "${role_query-realms}",
100 | "composite" : false,
101 | "clientRole" : true,
102 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
103 | "attributes" : { }
104 | }, {
105 | "id" : "59702caa-40ee-4790-830b-7d2128f96810",
106 | "name" : "view-events",
107 | "description" : "${role_view-events}",
108 | "composite" : false,
109 | "clientRole" : true,
110 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
111 | "attributes" : { }
112 | }, {
113 | "id" : "62f37b4d-dc5a-458e-83a8-77de26ced347",
114 | "name" : "impersonation",
115 | "description" : "${role_impersonation}",
116 | "composite" : false,
117 | "clientRole" : true,
118 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
119 | "attributes" : { }
120 | }, {
121 | "id" : "61c84530-9900-439b-b75f-857e9189eb9f",
122 | "name" : "view-clients",
123 | "description" : "${role_view-clients}",
124 | "composite" : true,
125 | "composites" : {
126 | "client" : {
127 | "realm-management" : [ "query-clients" ]
128 | }
129 | },
130 | "clientRole" : true,
131 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
132 | "attributes" : { }
133 | }, {
134 | "id" : "3e88b503-2826-4dad-abac-7ddd99cf8e18",
135 | "name" : "create-client",
136 | "description" : "${role_create-client}",
137 | "composite" : false,
138 | "clientRole" : true,
139 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
140 | "attributes" : { }
141 | }, {
142 | "id" : "54b18494-8a51-4bc9-b539-f7c8d95b9aea",
143 | "name" : "view-authorization",
144 | "description" : "${role_view-authorization}",
145 | "composite" : false,
146 | "clientRole" : true,
147 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
148 | "attributes" : { }
149 | }, {
150 | "id" : "905d7027-f09d-4422-83d1-d6bdca31a74b",
151 | "name" : "manage-authorization",
152 | "description" : "${role_manage-authorization}",
153 | "composite" : false,
154 | "clientRole" : true,
155 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
156 | "attributes" : { }
157 | }, {
158 | "id" : "31484dd7-eaa5-4ed3-a36d-9d59451523ea",
159 | "name" : "manage-events",
160 | "description" : "${role_manage-events}",
161 | "composite" : false,
162 | "clientRole" : true,
163 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
164 | "attributes" : { }
165 | }, {
166 | "id" : "c710afef-f2e6-48bf-b384-a799c9043e1b",
167 | "name" : "view-realm",
168 | "description" : "${role_view-realm}",
169 | "composite" : false,
170 | "clientRole" : true,
171 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
172 | "attributes" : { }
173 | }, {
174 | "id" : "1e047ced-29cb-432f-ae10-16cf57c067fe",
175 | "name" : "query-groups",
176 | "description" : "${role_query-groups}",
177 | "composite" : false,
178 | "clientRole" : true,
179 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
180 | "attributes" : { }
181 | }, {
182 | "id" : "56031e8c-86ff-4afd-8e00-48ea33e0f5ee",
183 | "name" : "view-identity-providers",
184 | "description" : "${role_view-identity-providers}",
185 | "composite" : false,
186 | "clientRole" : true,
187 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
188 | "attributes" : { }
189 | }, {
190 | "id" : "dfcdb0bd-3639-4b49-a97e-b119f17ef92b",
191 | "name" : "manage-identity-providers",
192 | "description" : "${role_manage-identity-providers}",
193 | "composite" : false,
194 | "clientRole" : true,
195 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
196 | "attributes" : { }
197 | }, {
198 | "id" : "d2ca33d9-e9f7-4f19-8ee9-d8e3ac5ce0db",
199 | "name" : "manage-realm",
200 | "description" : "${role_manage-realm}",
201 | "composite" : false,
202 | "clientRole" : true,
203 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
204 | "attributes" : { }
205 | }, {
206 | "id" : "4c2157f3-24c8-48c4-ae98-d57f3d236d34",
207 | "name" : "view-users",
208 | "description" : "${role_view-users}",
209 | "composite" : true,
210 | "composites" : {
211 | "client" : {
212 | "realm-management" : [ "query-users", "query-groups" ]
213 | }
214 | },
215 | "clientRole" : true,
216 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
217 | "attributes" : { }
218 | }, {
219 | "id" : "4943ca69-23a4-45fa-a5f0-bba15a56cd42",
220 | "name" : "manage-users",
221 | "description" : "${role_manage-users}",
222 | "composite" : false,
223 | "clientRole" : true,
224 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
225 | "attributes" : { }
226 | }, {
227 | "id" : "dcf96be7-d6fe-4479-be16-595fad69b375",
228 | "name" : "realm-admin",
229 | "description" : "${role_realm-admin}",
230 | "composite" : true,
231 | "composites" : {
232 | "client" : {
233 | "realm-management" : [ "manage-clients", "view-events", "query-realms", "view-clients", "impersonation", "create-client", "view-authorization", "view-realm", "manage-events", "manage-authorization", "view-identity-providers", "query-groups", "manage-realm", "manage-identity-providers", "view-users", "manage-users", "query-clients", "query-users" ]
234 | }
235 | },
236 | "clientRole" : true,
237 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
238 | "attributes" : { }
239 | }, {
240 | "id" : "e99add5c-fc4b-4d1e-9cf2-9f5c1bc91f4e",
241 | "name" : "query-clients",
242 | "description" : "${role_query-clients}",
243 | "composite" : false,
244 | "clientRole" : true,
245 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
246 | "attributes" : { }
247 | }, {
248 | "id" : "9b7ee8e1-0837-49d8-9dda-ff9d19412840",
249 | "name" : "query-users",
250 | "description" : "${role_query-users}",
251 | "composite" : false,
252 | "clientRole" : true,
253 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
254 | "attributes" : { }
255 | } ],
256 | "security-admin-console" : [ ],
257 | "admin-cli" : [ ],
258 | "account-console" : [ ],
259 | "broker" : [ {
260 | "id" : "19470389-5147-44f6-a757-210e8f726a08",
261 | "name" : "read-token",
262 | "description" : "${role_read-token}",
263 | "composite" : false,
264 | "clientRole" : true,
265 | "containerId" : "9cb5718f-d8c1-4bba-b518-b101f3b56e64",
266 | "attributes" : { }
267 | } ],
268 | "account" : [ {
269 | "id" : "1be592a1-bb9f-407e-b0d5-44e7a659d520",
270 | "name" : "manage-account",
271 | "description" : "${role_manage-account}",
272 | "composite" : true,
273 | "composites" : {
274 | "client" : {
275 | "account" : [ "manage-account-links" ]
276 | }
277 | },
278 | "clientRole" : true,
279 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6",
280 | "attributes" : { }
281 | }, {
282 | "id" : "31d10a79-0ce3-445a-84de-bff4a675fe70",
283 | "name" : "view-groups",
284 | "description" : "${role_view-groups}",
285 | "composite" : false,
286 | "clientRole" : true,
287 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6",
288 | "attributes" : { }
289 | }, {
290 | "id" : "2319f4da-5e32-414c-8dde-4e1ffe1da881",
291 | "name" : "view-consent",
292 | "description" : "${role_view-consent}",
293 | "composite" : false,
294 | "clientRole" : true,
295 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6",
296 | "attributes" : { }
297 | }, {
298 | "id" : "a8385270-5768-4634-9198-29bec4610dec",
299 | "name" : "manage-account-links",
300 | "description" : "${role_manage-account-links}",
301 | "composite" : false,
302 | "clientRole" : true,
303 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6",
304 | "attributes" : { }
305 | }, {
306 | "id" : "fb0400ea-4307-46df-9de3-48234e510cda",
307 | "name" : "view-applications",
308 | "description" : "${role_view-applications}",
309 | "composite" : false,
310 | "clientRole" : true,
311 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6",
312 | "attributes" : { }
313 | }, {
314 | "id" : "c2f7524a-5b3b-444e-a304-85d3216bef1c",
315 | "name" : "delete-account",
316 | "description" : "${role_delete-account}",
317 | "composite" : false,
318 | "clientRole" : true,
319 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6",
320 | "attributes" : { }
321 | }, {
322 | "id" : "1ac85c6a-5150-406e-820d-0e885cd4ca7a",
323 | "name" : "view-profile",
324 | "description" : "${role_view-profile}",
325 | "composite" : false,
326 | "clientRole" : true,
327 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6",
328 | "attributes" : { }
329 | }, {
330 | "id" : "5d0dcb37-a287-4f62-814e-ba55ba487a0d",
331 | "name" : "manage-consent",
332 | "description" : "${role_manage-consent}",
333 | "composite" : true,
334 | "composites" : {
335 | "client" : {
336 | "account" : [ "view-consent" ]
337 | }
338 | },
339 | "clientRole" : true,
340 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6",
341 | "attributes" : { }
342 | } ]
343 | }
344 | },
345 | "groups" : [ ],
346 | "defaultRole" : {
347 | "id" : "45ae5383-54f4-4668-894e-ac1d2dc30a1d",
348 | "name" : "default-roles-my-test-realm",
349 | "description" : "${role_default-roles}",
350 | "composite" : true,
351 | "clientRole" : false,
352 | "containerId" : "308bba17-5f3a-48e7-afce-5acf7b6b4486"
353 | },
354 | "requiredCredentials" : [ "password" ],
355 | "otpPolicyType" : "totp",
356 | "otpPolicyAlgorithm" : "HmacSHA1",
357 | "otpPolicyInitialCounter" : 0,
358 | "otpPolicyDigits" : 6,
359 | "otpPolicyLookAheadWindow" : 1,
360 | "otpPolicyPeriod" : 30,
361 | "otpPolicyCodeReusable" : false,
362 | "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ],
363 | "webAuthnPolicyRpEntityName" : "keycloak",
364 | "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
365 | "webAuthnPolicyRpId" : "",
366 | "webAuthnPolicyAttestationConveyancePreference" : "not specified",
367 | "webAuthnPolicyAuthenticatorAttachment" : "not specified",
368 | "webAuthnPolicyRequireResidentKey" : "not specified",
369 | "webAuthnPolicyUserVerificationRequirement" : "not specified",
370 | "webAuthnPolicyCreateTimeout" : 0,
371 | "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
372 | "webAuthnPolicyAcceptableAaguids" : [ ],
373 | "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
374 | "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
375 | "webAuthnPolicyPasswordlessRpId" : "",
376 | "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
377 | "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
378 | "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
379 | "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
380 | "webAuthnPolicyPasswordlessCreateTimeout" : 0,
381 | "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
382 | "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
383 | "users" : [ {
384 | "id" : "a4c6b48b-ed16-4091-8296-6a0a3762860a",
385 | "createdTimestamp" : 1700295868004,
386 | "username" : "testuser-1",
387 | "enabled" : true,
388 | "totp" : false,
389 | "emailVerified" : true,
390 | "firstName" : "test-firstname-1",
391 | "lastName" : "test-lastname-2",
392 | "email" : "test@test.com",
393 | "credentials" : [ {
394 | "id" : "cb93f699-cbfa-4ab9-a735-ad121c5d3fd6",
395 | "type" : "password",
396 | "createdDate" : 1700297549874,
397 | "secretData" : "{\"value\":\"uLXVYzxFfRkkeNjVhzsejr6xIWNlKlag+X9LtKXS28I=\",\"salt\":\"AJatupdb+N7gAkVpIskt7A==\",\"additionalParameters\":{}}",
398 | "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
399 | } ],
400 | "disableableCredentialTypes" : [ ],
401 | "requiredActions" : [ ],
402 | "realmRoles" : [ "fullstack-developer", "default-roles-my-test-realm" ],
403 | "notBefore" : 0,
404 | "groups" : [ ]
405 | } ],
406 | "scopeMappings" : [ {
407 | "clientScope" : "offline_access",
408 | "roles" : [ "offline_access" ]
409 | } ],
410 | "clientScopeMappings" : {
411 | "account" : [ {
412 | "client" : "account-console",
413 | "roles" : [ "manage-account", "view-groups" ]
414 | } ]
415 | },
416 | "clients" : [ {
417 | "id" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6",
418 | "clientId" : "account",
419 | "name" : "${client_account}",
420 | "rootUrl" : "${authBaseUrl}",
421 | "baseUrl" : "/realms/my-test-realm/account/",
422 | "surrogateAuthRequired" : false,
423 | "enabled" : true,
424 | "alwaysDisplayInConsole" : false,
425 | "clientAuthenticatorType" : "client-secret",
426 | "redirectUris" : [ "/realms/my-test-realm/account/*" ],
427 | "webOrigins" : [ ],
428 | "notBefore" : 0,
429 | "bearerOnly" : false,
430 | "consentRequired" : false,
431 | "standardFlowEnabled" : true,
432 | "implicitFlowEnabled" : false,
433 | "directAccessGrantsEnabled" : false,
434 | "serviceAccountsEnabled" : false,
435 | "publicClient" : true,
436 | "frontchannelLogout" : false,
437 | "protocol" : "openid-connect",
438 | "attributes" : {
439 | "post.logout.redirect.uris" : "+"
440 | },
441 | "authenticationFlowBindingOverrides" : { },
442 | "fullScopeAllowed" : false,
443 | "nodeReRegistrationTimeout" : 0,
444 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
445 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
446 | }, {
447 | "id" : "5f6f1f37-4930-4372-8246-0bb3a4d115f2",
448 | "clientId" : "account-console",
449 | "name" : "${client_account-console}",
450 | "rootUrl" : "${authBaseUrl}",
451 | "baseUrl" : "/realms/my-test-realm/account/",
452 | "surrogateAuthRequired" : false,
453 | "enabled" : true,
454 | "alwaysDisplayInConsole" : false,
455 | "clientAuthenticatorType" : "client-secret",
456 | "redirectUris" : [ "/realms/my-test-realm/account/*" ],
457 | "webOrigins" : [ ],
458 | "notBefore" : 0,
459 | "bearerOnly" : false,
460 | "consentRequired" : false,
461 | "standardFlowEnabled" : true,
462 | "implicitFlowEnabled" : false,
463 | "directAccessGrantsEnabled" : false,
464 | "serviceAccountsEnabled" : false,
465 | "publicClient" : true,
466 | "frontchannelLogout" : false,
467 | "protocol" : "openid-connect",
468 | "attributes" : {
469 | "post.logout.redirect.uris" : "+",
470 | "pkce.code.challenge.method" : "S256"
471 | },
472 | "authenticationFlowBindingOverrides" : { },
473 | "fullScopeAllowed" : false,
474 | "nodeReRegistrationTimeout" : 0,
475 | "protocolMappers" : [ {
476 | "id" : "1f6b635b-3b46-4f04-8f3c-bcecacc8b007",
477 | "name" : "audience resolve",
478 | "protocol" : "openid-connect",
479 | "protocolMapper" : "oidc-audience-resolve-mapper",
480 | "consentRequired" : false,
481 | "config" : { }
482 | } ],
483 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
484 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
485 | }, {
486 | "id" : "7fc021d2-63b8-45e8-ab29-dcc1151c4286",
487 | "clientId" : "admin-cli",
488 | "name" : "${client_admin-cli}",
489 | "surrogateAuthRequired" : false,
490 | "enabled" : true,
491 | "alwaysDisplayInConsole" : false,
492 | "clientAuthenticatorType" : "client-secret",
493 | "redirectUris" : [ ],
494 | "webOrigins" : [ ],
495 | "notBefore" : 0,
496 | "bearerOnly" : false,
497 | "consentRequired" : false,
498 | "standardFlowEnabled" : false,
499 | "implicitFlowEnabled" : false,
500 | "directAccessGrantsEnabled" : true,
501 | "serviceAccountsEnabled" : false,
502 | "publicClient" : true,
503 | "frontchannelLogout" : false,
504 | "protocol" : "openid-connect",
505 | "attributes" : { },
506 | "authenticationFlowBindingOverrides" : { },
507 | "fullScopeAllowed" : false,
508 | "nodeReRegistrationTimeout" : 0,
509 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
510 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
511 | }, {
512 | "id" : "9cb5718f-d8c1-4bba-b518-b101f3b56e64",
513 | "clientId" : "broker",
514 | "name" : "${client_broker}",
515 | "surrogateAuthRequired" : false,
516 | "enabled" : true,
517 | "alwaysDisplayInConsole" : false,
518 | "clientAuthenticatorType" : "client-secret",
519 | "redirectUris" : [ ],
520 | "webOrigins" : [ ],
521 | "notBefore" : 0,
522 | "bearerOnly" : true,
523 | "consentRequired" : false,
524 | "standardFlowEnabled" : true,
525 | "implicitFlowEnabled" : false,
526 | "directAccessGrantsEnabled" : false,
527 | "serviceAccountsEnabled" : false,
528 | "publicClient" : false,
529 | "frontchannelLogout" : false,
530 | "protocol" : "openid-connect",
531 | "attributes" : { },
532 | "authenticationFlowBindingOverrides" : { },
533 | "fullScopeAllowed" : false,
534 | "nodeReRegistrationTimeout" : 0,
535 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
536 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
537 | }, {
538 | "id" : "af09449e-7dda-4b63-8c83-cc06130673e2",
539 | "clientId" : "my-webapp-client",
540 | "name" : "my-webapp-client",
541 | "description" : "",
542 | "rootUrl" : "http://localhost:4200",
543 | "adminUrl" : "http://localhost:4200",
544 | "baseUrl" : "http://localhost:4200",
545 | "surrogateAuthRequired" : false,
546 | "enabled" : true,
547 | "alwaysDisplayInConsole" : false,
548 | "clientAuthenticatorType" : "client-secret",
549 | "redirectUris" : [ "http://localhost:4200*" ],
550 | "webOrigins" : [ "http://localhost:4200" ],
551 | "notBefore" : 0,
552 | "bearerOnly" : false,
553 | "consentRequired" : false,
554 | "standardFlowEnabled" : true,
555 | "implicitFlowEnabled" : false,
556 | "directAccessGrantsEnabled" : true,
557 | "serviceAccountsEnabled" : false,
558 | "publicClient" : true,
559 | "frontchannelLogout" : true,
560 | "protocol" : "openid-connect",
561 | "attributes" : {
562 | "oidc.ciba.grant.enabled" : "false",
563 | "post.logout.redirect.uris" : "http://localhost:4200*",
564 | "oauth2.device.authorization.grant.enabled" : "false",
565 | "backchannel.logout.session.required" : "true",
566 | "backchannel.logout.revoke.offline.tokens" : "false"
567 | },
568 | "authenticationFlowBindingOverrides" : { },
569 | "fullScopeAllowed" : true,
570 | "nodeReRegistrationTimeout" : -1,
571 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
572 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
573 | }, {
574 | "id" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814",
575 | "clientId" : "realm-management",
576 | "name" : "${client_realm-management}",
577 | "surrogateAuthRequired" : false,
578 | "enabled" : true,
579 | "alwaysDisplayInConsole" : false,
580 | "clientAuthenticatorType" : "client-secret",
581 | "redirectUris" : [ ],
582 | "webOrigins" : [ ],
583 | "notBefore" : 0,
584 | "bearerOnly" : true,
585 | "consentRequired" : false,
586 | "standardFlowEnabled" : true,
587 | "implicitFlowEnabled" : false,
588 | "directAccessGrantsEnabled" : false,
589 | "serviceAccountsEnabled" : false,
590 | "publicClient" : false,
591 | "frontchannelLogout" : false,
592 | "protocol" : "openid-connect",
593 | "attributes" : { },
594 | "authenticationFlowBindingOverrides" : { },
595 | "fullScopeAllowed" : false,
596 | "nodeReRegistrationTimeout" : 0,
597 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
598 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
599 | }, {
600 | "id" : "3451144c-6872-4edf-a513-8f0a186a24c8",
601 | "clientId" : "security-admin-console",
602 | "name" : "${client_security-admin-console}",
603 | "rootUrl" : "${authAdminUrl}",
604 | "baseUrl" : "/admin/my-test-realm/console/",
605 | "surrogateAuthRequired" : false,
606 | "enabled" : true,
607 | "alwaysDisplayInConsole" : false,
608 | "clientAuthenticatorType" : "client-secret",
609 | "redirectUris" : [ "/admin/my-test-realm/console/*" ],
610 | "webOrigins" : [ "+" ],
611 | "notBefore" : 0,
612 | "bearerOnly" : false,
613 | "consentRequired" : false,
614 | "standardFlowEnabled" : true,
615 | "implicitFlowEnabled" : false,
616 | "directAccessGrantsEnabled" : false,
617 | "serviceAccountsEnabled" : false,
618 | "publicClient" : true,
619 | "frontchannelLogout" : false,
620 | "protocol" : "openid-connect",
621 | "attributes" : {
622 | "post.logout.redirect.uris" : "+",
623 | "pkce.code.challenge.method" : "S256"
624 | },
625 | "authenticationFlowBindingOverrides" : { },
626 | "fullScopeAllowed" : false,
627 | "nodeReRegistrationTimeout" : 0,
628 | "protocolMappers" : [ {
629 | "id" : "fad0e084-8f30-4bdd-bf11-4279b81e4e0e",
630 | "name" : "locale",
631 | "protocol" : "openid-connect",
632 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
633 | "consentRequired" : false,
634 | "config" : {
635 | "userinfo.token.claim" : "true",
636 | "user.attribute" : "locale",
637 | "id.token.claim" : "true",
638 | "access.token.claim" : "true",
639 | "claim.name" : "locale",
640 | "jsonType.label" : "String"
641 | }
642 | } ],
643 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
644 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
645 | } ],
646 | "clientScopes" : [ {
647 | "id" : "1ecd253e-1447-4109-97b2-18e25a362aeb",
648 | "name" : "acr",
649 | "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
650 | "protocol" : "openid-connect",
651 | "attributes" : {
652 | "include.in.token.scope" : "false",
653 | "display.on.consent.screen" : "false"
654 | },
655 | "protocolMappers" : [ {
656 | "id" : "5be3f5b9-2473-4a49-9e3b-afea71ceb26e",
657 | "name" : "acr loa level",
658 | "protocol" : "openid-connect",
659 | "protocolMapper" : "oidc-acr-mapper",
660 | "consentRequired" : false,
661 | "config" : {
662 | "id.token.claim" : "true",
663 | "access.token.claim" : "true"
664 | }
665 | } ]
666 | }, {
667 | "id" : "2dbd827b-ac26-4d34-9e96-a26cd485bec0",
668 | "name" : "address",
669 | "description" : "OpenID Connect built-in scope: address",
670 | "protocol" : "openid-connect",
671 | "attributes" : {
672 | "include.in.token.scope" : "true",
673 | "display.on.consent.screen" : "true",
674 | "consent.screen.text" : "${addressScopeConsentText}"
675 | },
676 | "protocolMappers" : [ {
677 | "id" : "00a79313-a471-4010-abac-ae672a79af8c",
678 | "name" : "address",
679 | "protocol" : "openid-connect",
680 | "protocolMapper" : "oidc-address-mapper",
681 | "consentRequired" : false,
682 | "config" : {
683 | "user.attribute.formatted" : "formatted",
684 | "user.attribute.country" : "country",
685 | "user.attribute.postal_code" : "postal_code",
686 | "userinfo.token.claim" : "true",
687 | "user.attribute.street" : "street",
688 | "id.token.claim" : "true",
689 | "user.attribute.region" : "region",
690 | "access.token.claim" : "true",
691 | "user.attribute.locality" : "locality"
692 | }
693 | } ]
694 | }, {
695 | "id" : "753fd81b-da65-4ee0-b595-346a658da9fd",
696 | "name" : "web-origins",
697 | "description" : "OpenID Connect scope for add allowed web origins to the access token",
698 | "protocol" : "openid-connect",
699 | "attributes" : {
700 | "include.in.token.scope" : "false",
701 | "display.on.consent.screen" : "false",
702 | "consent.screen.text" : ""
703 | },
704 | "protocolMappers" : [ {
705 | "id" : "230daa7c-5b49-4d83-bec8-06c2a5a8cae3",
706 | "name" : "allowed web origins",
707 | "protocol" : "openid-connect",
708 | "protocolMapper" : "oidc-allowed-origins-mapper",
709 | "consentRequired" : false,
710 | "config" : { }
711 | } ]
712 | }, {
713 | "id" : "fb5f6e03-5e66-44f3-8cbd-dafb27c61b92",
714 | "name" : "offline_access",
715 | "description" : "OpenID Connect built-in scope: offline_access",
716 | "protocol" : "openid-connect",
717 | "attributes" : {
718 | "consent.screen.text" : "${offlineAccessScopeConsentText}",
719 | "display.on.consent.screen" : "true"
720 | }
721 | }, {
722 | "id" : "95e1179d-a1a2-498a-ad9d-81f3ab3eb7f9",
723 | "name" : "role_list",
724 | "description" : "SAML role list",
725 | "protocol" : "saml",
726 | "attributes" : {
727 | "consent.screen.text" : "${samlRoleListScopeConsentText}",
728 | "display.on.consent.screen" : "true"
729 | },
730 | "protocolMappers" : [ {
731 | "id" : "a0ff412e-12fb-4117-8fcf-a83381e3e041",
732 | "name" : "role list",
733 | "protocol" : "saml",
734 | "protocolMapper" : "saml-role-list-mapper",
735 | "consentRequired" : false,
736 | "config" : {
737 | "single" : "false",
738 | "attribute.nameformat" : "Basic",
739 | "attribute.name" : "Role"
740 | }
741 | } ]
742 | }, {
743 | "id" : "aa26a01e-038a-4128-9179-5d7903332dfe",
744 | "name" : "profile",
745 | "description" : "OpenID Connect built-in scope: profile",
746 | "protocol" : "openid-connect",
747 | "attributes" : {
748 | "include.in.token.scope" : "true",
749 | "display.on.consent.screen" : "true",
750 | "consent.screen.text" : "${profileScopeConsentText}"
751 | },
752 | "protocolMappers" : [ {
753 | "id" : "719a467a-4639-42c4-822b-7e1646a551aa",
754 | "name" : "website",
755 | "protocol" : "openid-connect",
756 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
757 | "consentRequired" : false,
758 | "config" : {
759 | "userinfo.token.claim" : "true",
760 | "user.attribute" : "website",
761 | "id.token.claim" : "true",
762 | "access.token.claim" : "true",
763 | "claim.name" : "website",
764 | "jsonType.label" : "String"
765 | }
766 | }, {
767 | "id" : "d7eeb9fe-7812-4e4c-b608-8453c123eff4",
768 | "name" : "zoneinfo",
769 | "protocol" : "openid-connect",
770 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
771 | "consentRequired" : false,
772 | "config" : {
773 | "userinfo.token.claim" : "true",
774 | "user.attribute" : "zoneinfo",
775 | "id.token.claim" : "true",
776 | "access.token.claim" : "true",
777 | "claim.name" : "zoneinfo",
778 | "jsonType.label" : "String"
779 | }
780 | }, {
781 | "id" : "c60850f5-7204-4ec5-952e-5147f11ae7cb",
782 | "name" : "locale",
783 | "protocol" : "openid-connect",
784 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
785 | "consentRequired" : false,
786 | "config" : {
787 | "userinfo.token.claim" : "true",
788 | "user.attribute" : "locale",
789 | "id.token.claim" : "true",
790 | "access.token.claim" : "true",
791 | "claim.name" : "locale",
792 | "jsonType.label" : "String"
793 | }
794 | }, {
795 | "id" : "c0a450eb-1e8c-474b-a675-b256456bcbeb",
796 | "name" : "full name",
797 | "protocol" : "openid-connect",
798 | "protocolMapper" : "oidc-full-name-mapper",
799 | "consentRequired" : false,
800 | "config" : {
801 | "id.token.claim" : "true",
802 | "access.token.claim" : "true",
803 | "userinfo.token.claim" : "true"
804 | }
805 | }, {
806 | "id" : "01b1a603-7708-41cb-a8ab-29397778af62",
807 | "name" : "username",
808 | "protocol" : "openid-connect",
809 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
810 | "consentRequired" : false,
811 | "config" : {
812 | "userinfo.token.claim" : "true",
813 | "user.attribute" : "username",
814 | "id.token.claim" : "true",
815 | "access.token.claim" : "true",
816 | "claim.name" : "preferred_username",
817 | "jsonType.label" : "String"
818 | }
819 | }, {
820 | "id" : "d97affa2-9c3d-4f85-8dbc-f3c1d154e297",
821 | "name" : "given name",
822 | "protocol" : "openid-connect",
823 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
824 | "consentRequired" : false,
825 | "config" : {
826 | "userinfo.token.claim" : "true",
827 | "user.attribute" : "firstName",
828 | "id.token.claim" : "true",
829 | "access.token.claim" : "true",
830 | "claim.name" : "given_name",
831 | "jsonType.label" : "String"
832 | }
833 | }, {
834 | "id" : "2800ce51-0d74-49bb-bab1-ff0a1223d8fd",
835 | "name" : "profile",
836 | "protocol" : "openid-connect",
837 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
838 | "consentRequired" : false,
839 | "config" : {
840 | "userinfo.token.claim" : "true",
841 | "user.attribute" : "profile",
842 | "id.token.claim" : "true",
843 | "access.token.claim" : "true",
844 | "claim.name" : "profile",
845 | "jsonType.label" : "String"
846 | }
847 | }, {
848 | "id" : "0f9d696c-c67f-4663-8f75-2b8f62959685",
849 | "name" : "picture",
850 | "protocol" : "openid-connect",
851 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
852 | "consentRequired" : false,
853 | "config" : {
854 | "userinfo.token.claim" : "true",
855 | "user.attribute" : "picture",
856 | "id.token.claim" : "true",
857 | "access.token.claim" : "true",
858 | "claim.name" : "picture",
859 | "jsonType.label" : "String"
860 | }
861 | }, {
862 | "id" : "d145bf82-dce8-4ce7-bbbf-0349558dac1d",
863 | "name" : "birthdate",
864 | "protocol" : "openid-connect",
865 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
866 | "consentRequired" : false,
867 | "config" : {
868 | "userinfo.token.claim" : "true",
869 | "user.attribute" : "birthdate",
870 | "id.token.claim" : "true",
871 | "access.token.claim" : "true",
872 | "claim.name" : "birthdate",
873 | "jsonType.label" : "String"
874 | }
875 | }, {
876 | "id" : "86a0dfa0-13bc-4dc0-83da-b8678f51fa90",
877 | "name" : "family name",
878 | "protocol" : "openid-connect",
879 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
880 | "consentRequired" : false,
881 | "config" : {
882 | "userinfo.token.claim" : "true",
883 | "user.attribute" : "lastName",
884 | "id.token.claim" : "true",
885 | "access.token.claim" : "true",
886 | "claim.name" : "family_name",
887 | "jsonType.label" : "String"
888 | }
889 | }, {
890 | "id" : "3c86cc81-ecea-4ff5-b064-8239454e7f12",
891 | "name" : "middle name",
892 | "protocol" : "openid-connect",
893 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
894 | "consentRequired" : false,
895 | "config" : {
896 | "userinfo.token.claim" : "true",
897 | "user.attribute" : "middleName",
898 | "id.token.claim" : "true",
899 | "access.token.claim" : "true",
900 | "claim.name" : "middle_name",
901 | "jsonType.label" : "String"
902 | }
903 | }, {
904 | "id" : "af6ef5c1-71ba-49df-8d1c-3991e5de62b2",
905 | "name" : "nickname",
906 | "protocol" : "openid-connect",
907 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
908 | "consentRequired" : false,
909 | "config" : {
910 | "userinfo.token.claim" : "true",
911 | "user.attribute" : "nickname",
912 | "id.token.claim" : "true",
913 | "access.token.claim" : "true",
914 | "claim.name" : "nickname",
915 | "jsonType.label" : "String"
916 | }
917 | }, {
918 | "id" : "3fb32330-9da0-416d-9c91-fdd671a0ff4e",
919 | "name" : "gender",
920 | "protocol" : "openid-connect",
921 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
922 | "consentRequired" : false,
923 | "config" : {
924 | "userinfo.token.claim" : "true",
925 | "user.attribute" : "gender",
926 | "id.token.claim" : "true",
927 | "access.token.claim" : "true",
928 | "claim.name" : "gender",
929 | "jsonType.label" : "String"
930 | }
931 | }, {
932 | "id" : "cddae699-fb86-4a01-b6a2-71dd98815220",
933 | "name" : "updated at",
934 | "protocol" : "openid-connect",
935 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
936 | "consentRequired" : false,
937 | "config" : {
938 | "userinfo.token.claim" : "true",
939 | "user.attribute" : "updatedAt",
940 | "id.token.claim" : "true",
941 | "access.token.claim" : "true",
942 | "claim.name" : "updated_at",
943 | "jsonType.label" : "long"
944 | }
945 | } ]
946 | }, {
947 | "id" : "8699da7e-5a23-46ac-9f20-32fac7b88db5",
948 | "name" : "phone",
949 | "description" : "OpenID Connect built-in scope: phone",
950 | "protocol" : "openid-connect",
951 | "attributes" : {
952 | "include.in.token.scope" : "true",
953 | "display.on.consent.screen" : "true",
954 | "consent.screen.text" : "${phoneScopeConsentText}"
955 | },
956 | "protocolMappers" : [ {
957 | "id" : "98cc6d66-ef0c-41e7-95f9-32cf7cc5e3cf",
958 | "name" : "phone number verified",
959 | "protocol" : "openid-connect",
960 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
961 | "consentRequired" : false,
962 | "config" : {
963 | "userinfo.token.claim" : "true",
964 | "user.attribute" : "phoneNumberVerified",
965 | "id.token.claim" : "true",
966 | "access.token.claim" : "true",
967 | "claim.name" : "phone_number_verified",
968 | "jsonType.label" : "boolean"
969 | }
970 | }, {
971 | "id" : "316a17f6-0551-4e36-82a2-a615b2142325",
972 | "name" : "phone number",
973 | "protocol" : "openid-connect",
974 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
975 | "consentRequired" : false,
976 | "config" : {
977 | "userinfo.token.claim" : "true",
978 | "user.attribute" : "phoneNumber",
979 | "id.token.claim" : "true",
980 | "access.token.claim" : "true",
981 | "claim.name" : "phone_number",
982 | "jsonType.label" : "String"
983 | }
984 | } ]
985 | }, {
986 | "id" : "35284ae5-deb2-41f7-bcb5-26a765661525",
987 | "name" : "microprofile-jwt",
988 | "description" : "Microprofile - JWT built-in scope",
989 | "protocol" : "openid-connect",
990 | "attributes" : {
991 | "include.in.token.scope" : "true",
992 | "display.on.consent.screen" : "false"
993 | },
994 | "protocolMappers" : [ {
995 | "id" : "9913ae53-c3cd-4bb9-8cfb-01157cd998a8",
996 | "name" : "upn",
997 | "protocol" : "openid-connect",
998 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
999 | "consentRequired" : false,
1000 | "config" : {
1001 | "userinfo.token.claim" : "true",
1002 | "user.attribute" : "username",
1003 | "id.token.claim" : "true",
1004 | "access.token.claim" : "true",
1005 | "claim.name" : "upn",
1006 | "jsonType.label" : "String"
1007 | }
1008 | }, {
1009 | "id" : "7a1b8512-86d1-4ab2-a9ce-bf1e7c35cac3",
1010 | "name" : "groups",
1011 | "protocol" : "openid-connect",
1012 | "protocolMapper" : "oidc-usermodel-realm-role-mapper",
1013 | "consentRequired" : false,
1014 | "config" : {
1015 | "multivalued" : "true",
1016 | "user.attribute" : "foo",
1017 | "id.token.claim" : "true",
1018 | "access.token.claim" : "true",
1019 | "claim.name" : "groups",
1020 | "jsonType.label" : "String"
1021 | }
1022 | } ]
1023 | }, {
1024 | "id" : "2336c715-1a7f-4bb2-a896-d930062f6210",
1025 | "name" : "roles",
1026 | "description" : "OpenID Connect scope for add user roles to the access token",
1027 | "protocol" : "openid-connect",
1028 | "attributes" : {
1029 | "include.in.token.scope" : "false",
1030 | "display.on.consent.screen" : "true",
1031 | "consent.screen.text" : "${rolesScopeConsentText}"
1032 | },
1033 | "protocolMappers" : [ {
1034 | "id" : "8c3d8592-abe0-4a9e-a04c-3c126352175d",
1035 | "name" : "client roles",
1036 | "protocol" : "openid-connect",
1037 | "protocolMapper" : "oidc-usermodel-client-role-mapper",
1038 | "consentRequired" : false,
1039 | "config" : {
1040 | "user.attribute" : "foo",
1041 | "access.token.claim" : "true",
1042 | "claim.name" : "resource_access.${client_id}.roles",
1043 | "jsonType.label" : "String",
1044 | "multivalued" : "true"
1045 | }
1046 | }, {
1047 | "id" : "5800ec07-1509-4aa6-8b75-71f4b475fc16",
1048 | "name" : "realm roles",
1049 | "protocol" : "openid-connect",
1050 | "protocolMapper" : "oidc-usermodel-realm-role-mapper",
1051 | "consentRequired" : false,
1052 | "config" : {
1053 | "user.attribute" : "foo",
1054 | "access.token.claim" : "true",
1055 | "claim.name" : "realm_access.roles",
1056 | "jsonType.label" : "String",
1057 | "multivalued" : "true"
1058 | }
1059 | }, {
1060 | "id" : "35e5c4a1-f8b3-4073-b280-b72a0b4233ea",
1061 | "name" : "audience resolve",
1062 | "protocol" : "openid-connect",
1063 | "protocolMapper" : "oidc-audience-resolve-mapper",
1064 | "consentRequired" : false,
1065 | "config" : { }
1066 | } ]
1067 | }, {
1068 | "id" : "3ea9977d-c60a-4ccd-a716-9550a1b17ee7",
1069 | "name" : "email",
1070 | "description" : "OpenID Connect built-in scope: email",
1071 | "protocol" : "openid-connect",
1072 | "attributes" : {
1073 | "include.in.token.scope" : "true",
1074 | "display.on.consent.screen" : "true",
1075 | "consent.screen.text" : "${emailScopeConsentText}"
1076 | },
1077 | "protocolMappers" : [ {
1078 | "id" : "ab2e137b-bbe4-4d7d-abcc-76c77bcd6410",
1079 | "name" : "email",
1080 | "protocol" : "openid-connect",
1081 | "protocolMapper" : "oidc-usermodel-attribute-mapper",
1082 | "consentRequired" : false,
1083 | "config" : {
1084 | "userinfo.token.claim" : "true",
1085 | "user.attribute" : "email",
1086 | "id.token.claim" : "true",
1087 | "access.token.claim" : "true",
1088 | "claim.name" : "email",
1089 | "jsonType.label" : "String"
1090 | }
1091 | }, {
1092 | "id" : "bd911738-7962-4c09-9718-3a59e2f19b6b",
1093 | "name" : "email verified",
1094 | "protocol" : "openid-connect",
1095 | "protocolMapper" : "oidc-usermodel-property-mapper",
1096 | "consentRequired" : false,
1097 | "config" : {
1098 | "userinfo.token.claim" : "true",
1099 | "user.attribute" : "emailVerified",
1100 | "id.token.claim" : "true",
1101 | "access.token.claim" : "true",
1102 | "claim.name" : "email_verified",
1103 | "jsonType.label" : "boolean"
1104 | }
1105 | } ]
1106 | } ],
1107 | "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ],
1108 | "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ],
1109 | "browserSecurityHeaders" : {
1110 | "contentSecurityPolicyReportOnly" : "",
1111 | "xContentTypeOptions" : "nosniff",
1112 | "referrerPolicy" : "no-referrer",
1113 | "xRobotsTag" : "none",
1114 | "xFrameOptions" : "SAMEORIGIN",
1115 | "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
1116 | "xXSSProtection" : "1; mode=block",
1117 | "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
1118 | },
1119 | "smtpServer" : { },
1120 | "eventsEnabled" : false,
1121 | "eventsListeners" : [ "jboss-logging" ],
1122 | "enabledEventTypes" : [ ],
1123 | "adminEventsEnabled" : false,
1124 | "adminEventsDetailsEnabled" : false,
1125 | "identityProviders" : [ ],
1126 | "identityProviderMappers" : [ ],
1127 | "components" : {
1128 | "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
1129 | "id" : "12d8406f-481b-47eb-999f-f6f48d4a20d1",
1130 | "name" : "Full Scope Disabled",
1131 | "providerId" : "scope",
1132 | "subType" : "anonymous",
1133 | "subComponents" : { },
1134 | "config" : { }
1135 | }, {
1136 | "id" : "3b1a5eb8-dffd-47d5-ae31-37a30ae1affa",
1137 | "name" : "Consent Required",
1138 | "providerId" : "consent-required",
1139 | "subType" : "anonymous",
1140 | "subComponents" : { },
1141 | "config" : { }
1142 | }, {
1143 | "id" : "32ad9ae0-ccdd-4cd3-ac0b-0f41ef0b2cc1",
1144 | "name" : "Allowed Client Scopes",
1145 | "providerId" : "allowed-client-templates",
1146 | "subType" : "anonymous",
1147 | "subComponents" : { },
1148 | "config" : {
1149 | "allow-default-scopes" : [ "true" ]
1150 | }
1151 | }, {
1152 | "id" : "90fb899b-8e49-4f5c-b703-4c2356c9d720",
1153 | "name" : "Max Clients Limit",
1154 | "providerId" : "max-clients",
1155 | "subType" : "anonymous",
1156 | "subComponents" : { },
1157 | "config" : {
1158 | "max-clients" : [ "200" ]
1159 | }
1160 | }, {
1161 | "id" : "d02de79a-5987-49af-922c-178b18cfb23d",
1162 | "name" : "Allowed Protocol Mapper Types",
1163 | "providerId" : "allowed-protocol-mappers",
1164 | "subType" : "anonymous",
1165 | "subComponents" : { },
1166 | "config" : {
1167 | "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ]
1168 | }
1169 | }, {
1170 | "id" : "bed722ec-8307-46dd-97b5-9428d9e63c08",
1171 | "name" : "Trusted Hosts",
1172 | "providerId" : "trusted-hosts",
1173 | "subType" : "anonymous",
1174 | "subComponents" : { },
1175 | "config" : {
1176 | "host-sending-registration-request-must-match" : [ "true" ],
1177 | "client-uris-must-match" : [ "true" ]
1178 | }
1179 | }, {
1180 | "id" : "eafd55e3-95eb-4e3f-88e0-e5d80873e546",
1181 | "name" : "Allowed Client Scopes",
1182 | "providerId" : "allowed-client-templates",
1183 | "subType" : "authenticated",
1184 | "subComponents" : { },
1185 | "config" : {
1186 | "allow-default-scopes" : [ "true" ]
1187 | }
1188 | }, {
1189 | "id" : "f81144bf-6a02-4186-a0b4-baed0748f134",
1190 | "name" : "Allowed Protocol Mapper Types",
1191 | "providerId" : "allowed-protocol-mappers",
1192 | "subType" : "authenticated",
1193 | "subComponents" : { },
1194 | "config" : {
1195 | "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-address-mapper" ]
1196 | }
1197 | } ],
1198 | "org.keycloak.keys.KeyProvider" : [ {
1199 | "id" : "2244f9b6-b49b-418c-9a56-8d93ebe94219",
1200 | "name" : "rsa-generated",
1201 | "providerId" : "rsa-generated",
1202 | "subComponents" : { },
1203 | "config" : {
1204 | "privateKey" : [ "MIIEpAIBAAKCAQEA0YdWsIeiX5HCcs9eQjXDlWFObb3S/lcj8tOyfmg+7Hvq7MlZO6U7SxnHTOJMkO1SxpwFxLW4TyV0ZPOIJ3/ObAEClhQCmtjddHfSUjVAirqoJyxmfga2zvTxiuUrultrCjy2LDt94UswKvGvqX1fU7hAKjmB6U8KRtRckQJA9J8sshj8HnwZ8mAjiqqtN0XYIKShLEq3NvitQUZt70vf1rwe7MGeHDm3K+8zK7S94S06H3TihyitGKOolDUmdAMI8uKHtP9SbO+iKfnW5e6zlQb0l6yb81DYCFI46Pmot6S9ZUOGGpCJxq10VhkOO9W/LMFiP5A23RJ5sedyHg767QIDAQABAoIBAAQ1ApCx1uWyjT2otamAeQ7FsOfAMRcQeqhnoSsrmBPZTlEp0jcoRqwBdpoWTL5EnaEr3p77NrOtuowQxCUy49sRHCAVgvkT+kJaUFuvnD4M25wWjQpIkG22xyc1GcjFb1bgLpig9/j7/WaA8ThNTAqbMpXTQmBqYpG9T6YaIWH0y1Yo+KmagsMfdwZb+XetTANZAZx9hLWRkvma5Pu+R4QvnUJ/9IOFyZcE6+0/y6XnI9eWSRF7bzqFckdvtgHQgt0U0zGacahWxzHxAdKfQVIok+Uee3qPoMYKmjZyytUKoyrQP0sgtpDlhRMH+lT169pShMgrEcw/RFJ4+ZG4axECgYEA62tDzxxOd1yRhC6AGvpAd1II2iMs3HXNOCJorqdE2lVaCUOVYZnBew4HFX3KRy3sRt4pMAL7hcx5Co+3BEtwZKwRjJurT0sTLuPt+25bAQE99hjgzXydK5a6SyO6HHDqToc7wrFbeWqlodZS/1USeos5Bg2/td2sVL4Bkn2lzrkCgYEA49ikQ13QQsQQd1ttWlYB4NjWdbeO4mwPZVPioerZJ+1KYVrisjt6/rK1/hdVslj83uGOLnxf6GkAsWq6MzcLFoOdCuPwJCFUNGmqtYt7qb4KT7zDPztxSd/YlabcCuro2XejoV7lKoEYCI2Jhf5ZvrfVOTfa0kFbLZUx1a+0U9UCgYEA5B+TG9TgLEXlNGMi/AFYCsfRkB/Zzt/QNv8Q1X18+N0QXD3DOUqW9DlJoAe+xW64sIuC+eVJ+gODnzpYLK81gDhE4S3PuQyU0DFKYQQ05ype8mR1ImoImz5502oRZJH+Wo4s2KKoc2VmjwZycr3rJBhY74bPKNpfrdZZC6z5yPECgYEAyWgb7CDlk99U3u1GwO/+QQ/so6pa9/OluGBqmc7Lnuu3ME/yzLKfir3W+oEOE9Vt0md4E8eF0B/hqPM7HUKu3nwBOjs7b/S2Ro6RhGGEMwv2eX3W6fJVtoPVJJSXNl9o7bNARclosiXjZMwYoQWxt1Exfp7NI8b6HlUf9FCZCvECgYAwZt4y/3JFYgPBQ47W+ouHHzzq8n3xDRKppgc4oOHHIYCTur9CC3wytNRmzmLzopNw8qpcRzZxCuKTnT30mZJULWljLZ+SIJFCx9mwy2PQWSM5uE+S512XrWoYty0Scbd9VrKKfQ94srvy4jV9q9//Smo3A7frWCe8djnksBbtLA==" ],
1205 | "keyUse" : [ "SIG" ],
1206 | "certificate" : [ "MIICqTCCAZECBgGL4YX6fzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1teS10ZXN0LXJlYWxtMB4XDTIzMTExODA4MjAzNVoXDTMzMTExODA4MjIxNVowGDEWMBQGA1UEAwwNbXktdGVzdC1yZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGHVrCHol+RwnLPXkI1w5VhTm290v5XI/LTsn5oPux76uzJWTulO0sZx0ziTJDtUsacBcS1uE8ldGTziCd/zmwBApYUAprY3XR30lI1QIq6qCcsZn4Gts708YrlK7pbawo8tiw7feFLMCrxr6l9X1O4QCo5gelPCkbUXJECQPSfLLIY/B58GfJgI4qqrTdF2CCkoSxKtzb4rUFGbe9L39a8HuzBnhw5tyvvMyu0veEtOh904ocorRijqJQ1JnQDCPLih7T/Umzvoin51uXus5UG9Jesm/NQ2AhSOOj5qLekvWVDhhqQicatdFYZDjvVvyzBYj+QNt0SebHnch4O+u0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqZiHdPKGEt/4WKdubjE7QhyX7QP0YvbXzT0Vt4BePuZALaU9ATvXMOy86FA1rZQbGoNYymzzO/NFQNdLC81eW3oD9Twv58lNK/fM2hl+QoIH/0cS+oK2GOWfNTlCSunM//7C6UBefa77Xtb4U/0UEmpoEi9qmIvpky2XJ8mfArOMug+0QUhFk3FfCXdVozGm9boUwwIP1mFz32edOuzX7d/yLeU6rJeviP9FCgRNpb4fcbzWHsg/7TypKKn6RR9vSKUVgD6qtJyA4+IQKvSAoiX1juJsvqfaiguYUeuFPRJ9km/HFvXHMoRQDhL2tomULGbB7KHzoh58Sy7Z9jTLTg==" ],
1207 | "priority" : [ "100" ]
1208 | }
1209 | }, {
1210 | "id" : "cd98931c-40d5-4f61-bd57-be754aed13e6",
1211 | "name" : "hmac-generated",
1212 | "providerId" : "hmac-generated",
1213 | "subComponents" : { },
1214 | "config" : {
1215 | "kid" : [ "4d5a6de0-eae3-4f22-9b92-1d4a648dc9f0" ],
1216 | "secret" : [ "ThfBe86zIKTDj5w3-xjqBZSNl76CaKPflqW5BlLqVJFcMElyc9Q0xS9ZSGNVG1SiulVru3odpiIn_ocUWJyhYw" ],
1217 | "priority" : [ "100" ],
1218 | "algorithm" : [ "HS256" ]
1219 | }
1220 | }, {
1221 | "id" : "821ae87e-656b-4ce8-8022-d6eb437e7b77",
1222 | "name" : "aes-generated",
1223 | "providerId" : "aes-generated",
1224 | "subComponents" : { },
1225 | "config" : {
1226 | "kid" : [ "97a21898-b850-4293-b8e3-cd013d6dba4c" ],
1227 | "secret" : [ "rbrfPXayDtJzRR4jyqSVVg" ],
1228 | "priority" : [ "100" ]
1229 | }
1230 | }, {
1231 | "id" : "ac4128bd-4e0b-4a18-93ea-2d2b4257a516",
1232 | "name" : "rsa-enc-generated",
1233 | "providerId" : "rsa-enc-generated",
1234 | "subComponents" : { },
1235 | "config" : {
1236 | "privateKey" : [ "MIIEowIBAAKCAQEAncp8IXxENJNWUNDoO2hWtamJBm8n+NPpgx0izNBVZTUsk6joRlEaCYqh2ARGTL8OUaB1ADXz8qGJDtBUcv5lRNaHOFyURDuNk2fcZWxN0ytjkhcvpWAMamU1aJLsymERgBDjlSUWTpurMmpCyW2xZmD9cMj1SDxLTgLrWXy5JVvVEoUM2BOMyZgcFSpE8HPcjuOdaqTCzFX/ugrk7A+4cN4JxOxgnbsp6ugR70eOqRBQKLafG0CHhsMSZRsHLHH9ChpuSDDLCcfbiMgjyp3h9tkqsr5hmWiwcjiITbF6pNYvpA1s5NEikbrPnvYLWq9vEfiLyYqSnL8+qW0/bnBFuQIDAQABAoIBABFalGnbYKX2oVrcivoDqOusVGNmhLsnVUqEARCNBiNOJJOt0zPulgJAIrofCDtHFPRRxSRriqOf8/Ky42LNS0Z1oKQIfI7/jLvOQ61M6sdDgZ0u2yDhTiRCcswIQq4kXFgdI2aDEG+/S6YNDUDZhVX4607E70MNTIvtIsSyBKvQwDR07WF//irUb68p3JXgq11BEgMzXz68ethG9gUaYj2VgrcN2oSHYMhe5O62COeKD8IP/QqjveU8vROdS8+NOGK6o7oyXo6Z2DR7QJB/GY5CQaXrYmDNIQrPUTnQU9MpDsozBI1radL2Q0yPsj761i5WTioh7PivqqN0Vza5mYECgYEA1c3vatb8rv/eB5CGoxBedBHIq3Wou5thuvy2rMHO/uwLHaL+4rxDpA2fakMrD99E2rnlLtfobfE7GwfEcoi9zxS9Qh2boxm8gAWFzeAV+533X5I8T9wLBLNEHn3s0VOk+LuL4kSOigV+EzmwURKfzd0oSBoE5kYAJ4msHy/BvvkCgYEAvO6TGV8nDmriEDMAQK67bOC3RiivHgQh196tgh5kuh+wM9SxXgITU4uWceU04fe/GxugtsTv0eAYULayCBE6sdqVPz61ahuFZJyBLEo1bTz2kww5/nuUJGsPFef4q+2Y0f6Pa3rDkYLLoW9wesd1cXuL+TC0UAjDZOcWVb2QrMECgYAFG9yisuxqyhZmG9/7uYJoR5yB7FfR086sByneSutFUCKb3K82f8UmAGVUxrIauP0ONO7zBZm6Ns9wv+jDy9ytPBOhps93QEAu1vLxjm84CfhFQltKlTl2LUptaBjmj5cbkm+vQnAdgDAZCYHbDhTfeG9j+aswTW/ngfSo8h0xEQKBgEHUUtbNS7t/TGNekeD3wQBv0AwXEuU/hVdFFGm5E1myvt9gZaieyoMaqQHoXiO6AhF87+Oe/PzAu1gsQB4FetELm2MdA3MEQddLnMqE1NbKHhQgd3iPMI/76Za1a/Tj5ZKNwwUtEkV6MF+Ah82QAADZjmz2Jm2YkBRxXFvloCpBAoGBAK3FqsvzRmb9nr6CVKqlVC4U2izGoi7JV6j9n12iSbo1FWepSBgS/U7eE0YyxaEyFcNLyyS9SmN7kuETZgJ2EfeDMPK+pAOsj2/oiC8imuTqa/Ehl5FL+QLh/bpCovHajOkT7mhkj8qf3OP1yBCcG/dI329B3OixYtxWOK3xNVgG" ],
1237 | "keyUse" : [ "ENC" ],
1238 | "certificate" : [ "MIICqTCCAZECBgGL4YX7MzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1teS10ZXN0LXJlYWxtMB4XDTIzMTExODA4MjAzNloXDTMzMTExODA4MjIxNlowGDEWMBQGA1UEAwwNbXktdGVzdC1yZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3KfCF8RDSTVlDQ6DtoVrWpiQZvJ/jT6YMdIszQVWU1LJOo6EZRGgmKodgERky/DlGgdQA18/KhiQ7QVHL+ZUTWhzhclEQ7jZNn3GVsTdMrY5IXL6VgDGplNWiS7MphEYAQ45UlFk6bqzJqQsltsWZg/XDI9Ug8S04C61l8uSVb1RKFDNgTjMmYHBUqRPBz3I7jnWqkwsxV/7oK5OwPuHDeCcTsYJ27KeroEe9HjqkQUCi2nxtAh4bDEmUbByxx/QoabkgwywnH24jII8qd4fbZKrK+YZlosHI4iE2xeqTWL6QNbOTRIpG6z572C1qvbxH4i8mKkpy/PqltP25wRbkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYJQ4M39IC1Zt3V4Q6ulGhM3cw2ZhrDXn0PmKsFwQJ+BZoNmN74rAaJcCUrt+ZhKyHv2+HjX++mI4VEdMnZ49VnV8BN0l/R2mV088IUOT6wqgJImC8QwJzrrC3DVYB/20dm1lmtQltCdxV8Pj2Jje4zZ76FL85ulHSqG/unZPfBpjRQQOOld3qIXKea4umrLjVDkUf18fTvrhlyna5R9/jq+4IseofH8lbdsZcAJdn6vUB5GKf1+JzU40xBEL5TsvBRLh9/S61vvn/y996SpDd7BkEunExfxKpHJg5LiLOvxaHaxkgicUmurahPbOKZGB5FXawzVCFc1xFsPsfyknBA==" ],
1239 | "priority" : [ "100" ],
1240 | "algorithm" : [ "RSA-OAEP" ]
1241 | }
1242 | } ]
1243 | },
1244 | "internationalizationEnabled" : false,
1245 | "supportedLocales" : [ ],
1246 | "authenticationFlows" : [ {
1247 | "id" : "1e0a8bf4-70ca-4317-b517-57486b17d23b",
1248 | "alias" : "Account verification options",
1249 | "description" : "Method with which to verity the existing account",
1250 | "providerId" : "basic-flow",
1251 | "topLevel" : false,
1252 | "builtIn" : true,
1253 | "authenticationExecutions" : [ {
1254 | "authenticator" : "idp-email-verification",
1255 | "authenticatorFlow" : false,
1256 | "requirement" : "ALTERNATIVE",
1257 | "priority" : 10,
1258 | "autheticatorFlow" : false,
1259 | "userSetupAllowed" : false
1260 | }, {
1261 | "authenticatorFlow" : true,
1262 | "requirement" : "ALTERNATIVE",
1263 | "priority" : 20,
1264 | "autheticatorFlow" : true,
1265 | "flowAlias" : "Verify Existing Account by Re-authentication",
1266 | "userSetupAllowed" : false
1267 | } ]
1268 | }, {
1269 | "id" : "3b0a5382-7c00-4d73-bca3-7de1a28190bf",
1270 | "alias" : "Browser - Conditional OTP",
1271 | "description" : "Flow to determine if the OTP is required for the authentication",
1272 | "providerId" : "basic-flow",
1273 | "topLevel" : false,
1274 | "builtIn" : true,
1275 | "authenticationExecutions" : [ {
1276 | "authenticator" : "conditional-user-configured",
1277 | "authenticatorFlow" : false,
1278 | "requirement" : "REQUIRED",
1279 | "priority" : 10,
1280 | "autheticatorFlow" : false,
1281 | "userSetupAllowed" : false
1282 | }, {
1283 | "authenticator" : "auth-otp-form",
1284 | "authenticatorFlow" : false,
1285 | "requirement" : "REQUIRED",
1286 | "priority" : 20,
1287 | "autheticatorFlow" : false,
1288 | "userSetupAllowed" : false
1289 | } ]
1290 | }, {
1291 | "id" : "794d73b3-bd64-44fa-8abe-f2608e53a5da",
1292 | "alias" : "Direct Grant - Conditional OTP",
1293 | "description" : "Flow to determine if the OTP is required for the authentication",
1294 | "providerId" : "basic-flow",
1295 | "topLevel" : false,
1296 | "builtIn" : true,
1297 | "authenticationExecutions" : [ {
1298 | "authenticator" : "conditional-user-configured",
1299 | "authenticatorFlow" : false,
1300 | "requirement" : "REQUIRED",
1301 | "priority" : 10,
1302 | "autheticatorFlow" : false,
1303 | "userSetupAllowed" : false
1304 | }, {
1305 | "authenticator" : "direct-grant-validate-otp",
1306 | "authenticatorFlow" : false,
1307 | "requirement" : "REQUIRED",
1308 | "priority" : 20,
1309 | "autheticatorFlow" : false,
1310 | "userSetupAllowed" : false
1311 | } ]
1312 | }, {
1313 | "id" : "9db600e5-dd7d-4381-a036-170d496c147f",
1314 | "alias" : "First broker login - Conditional OTP",
1315 | "description" : "Flow to determine if the OTP is required for the authentication",
1316 | "providerId" : "basic-flow",
1317 | "topLevel" : false,
1318 | "builtIn" : true,
1319 | "authenticationExecutions" : [ {
1320 | "authenticator" : "conditional-user-configured",
1321 | "authenticatorFlow" : false,
1322 | "requirement" : "REQUIRED",
1323 | "priority" : 10,
1324 | "autheticatorFlow" : false,
1325 | "userSetupAllowed" : false
1326 | }, {
1327 | "authenticator" : "auth-otp-form",
1328 | "authenticatorFlow" : false,
1329 | "requirement" : "REQUIRED",
1330 | "priority" : 20,
1331 | "autheticatorFlow" : false,
1332 | "userSetupAllowed" : false
1333 | } ]
1334 | }, {
1335 | "id" : "8e4af905-050b-435c-9921-f7693bc2b508",
1336 | "alias" : "Handle Existing Account",
1337 | "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
1338 | "providerId" : "basic-flow",
1339 | "topLevel" : false,
1340 | "builtIn" : true,
1341 | "authenticationExecutions" : [ {
1342 | "authenticator" : "idp-confirm-link",
1343 | "authenticatorFlow" : false,
1344 | "requirement" : "REQUIRED",
1345 | "priority" : 10,
1346 | "autheticatorFlow" : false,
1347 | "userSetupAllowed" : false
1348 | }, {
1349 | "authenticatorFlow" : true,
1350 | "requirement" : "REQUIRED",
1351 | "priority" : 20,
1352 | "autheticatorFlow" : true,
1353 | "flowAlias" : "Account verification options",
1354 | "userSetupAllowed" : false
1355 | } ]
1356 | }, {
1357 | "id" : "342c83ef-ea1b-4f97-84ec-43d5b9777b19",
1358 | "alias" : "Reset - Conditional OTP",
1359 | "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
1360 | "providerId" : "basic-flow",
1361 | "topLevel" : false,
1362 | "builtIn" : true,
1363 | "authenticationExecutions" : [ {
1364 | "authenticator" : "conditional-user-configured",
1365 | "authenticatorFlow" : false,
1366 | "requirement" : "REQUIRED",
1367 | "priority" : 10,
1368 | "autheticatorFlow" : false,
1369 | "userSetupAllowed" : false
1370 | }, {
1371 | "authenticator" : "reset-otp",
1372 | "authenticatorFlow" : false,
1373 | "requirement" : "REQUIRED",
1374 | "priority" : 20,
1375 | "autheticatorFlow" : false,
1376 | "userSetupAllowed" : false
1377 | } ]
1378 | }, {
1379 | "id" : "2cbfce99-e26c-4d2d-8567-1a8cb48dcb29",
1380 | "alias" : "User creation or linking",
1381 | "description" : "Flow for the existing/non-existing user alternatives",
1382 | "providerId" : "basic-flow",
1383 | "topLevel" : false,
1384 | "builtIn" : true,
1385 | "authenticationExecutions" : [ {
1386 | "authenticatorConfig" : "create unique user config",
1387 | "authenticator" : "idp-create-user-if-unique",
1388 | "authenticatorFlow" : false,
1389 | "requirement" : "ALTERNATIVE",
1390 | "priority" : 10,
1391 | "autheticatorFlow" : false,
1392 | "userSetupAllowed" : false
1393 | }, {
1394 | "authenticatorFlow" : true,
1395 | "requirement" : "ALTERNATIVE",
1396 | "priority" : 20,
1397 | "autheticatorFlow" : true,
1398 | "flowAlias" : "Handle Existing Account",
1399 | "userSetupAllowed" : false
1400 | } ]
1401 | }, {
1402 | "id" : "27af00d6-7f81-4c8c-b126-fc625365dbc7",
1403 | "alias" : "Verify Existing Account by Re-authentication",
1404 | "description" : "Reauthentication of existing account",
1405 | "providerId" : "basic-flow",
1406 | "topLevel" : false,
1407 | "builtIn" : true,
1408 | "authenticationExecutions" : [ {
1409 | "authenticator" : "idp-username-password-form",
1410 | "authenticatorFlow" : false,
1411 | "requirement" : "REQUIRED",
1412 | "priority" : 10,
1413 | "autheticatorFlow" : false,
1414 | "userSetupAllowed" : false
1415 | }, {
1416 | "authenticatorFlow" : true,
1417 | "requirement" : "CONDITIONAL",
1418 | "priority" : 20,
1419 | "autheticatorFlow" : true,
1420 | "flowAlias" : "First broker login - Conditional OTP",
1421 | "userSetupAllowed" : false
1422 | } ]
1423 | }, {
1424 | "id" : "3907688f-2011-4e27-812a-c4b86caa5391",
1425 | "alias" : "browser",
1426 | "description" : "browser based authentication",
1427 | "providerId" : "basic-flow",
1428 | "topLevel" : true,
1429 | "builtIn" : true,
1430 | "authenticationExecutions" : [ {
1431 | "authenticator" : "auth-cookie",
1432 | "authenticatorFlow" : false,
1433 | "requirement" : "ALTERNATIVE",
1434 | "priority" : 10,
1435 | "autheticatorFlow" : false,
1436 | "userSetupAllowed" : false
1437 | }, {
1438 | "authenticator" : "auth-spnego",
1439 | "authenticatorFlow" : false,
1440 | "requirement" : "DISABLED",
1441 | "priority" : 20,
1442 | "autheticatorFlow" : false,
1443 | "userSetupAllowed" : false
1444 | }, {
1445 | "authenticator" : "identity-provider-redirector",
1446 | "authenticatorFlow" : false,
1447 | "requirement" : "ALTERNATIVE",
1448 | "priority" : 25,
1449 | "autheticatorFlow" : false,
1450 | "userSetupAllowed" : false
1451 | }, {
1452 | "authenticatorFlow" : true,
1453 | "requirement" : "ALTERNATIVE",
1454 | "priority" : 30,
1455 | "autheticatorFlow" : true,
1456 | "flowAlias" : "forms",
1457 | "userSetupAllowed" : false
1458 | } ]
1459 | }, {
1460 | "id" : "929e9928-9648-4e12-a479-41f516d5f419",
1461 | "alias" : "clients",
1462 | "description" : "Base authentication for clients",
1463 | "providerId" : "client-flow",
1464 | "topLevel" : true,
1465 | "builtIn" : true,
1466 | "authenticationExecutions" : [ {
1467 | "authenticator" : "client-secret",
1468 | "authenticatorFlow" : false,
1469 | "requirement" : "ALTERNATIVE",
1470 | "priority" : 10,
1471 | "autheticatorFlow" : false,
1472 | "userSetupAllowed" : false
1473 | }, {
1474 | "authenticator" : "client-jwt",
1475 | "authenticatorFlow" : false,
1476 | "requirement" : "ALTERNATIVE",
1477 | "priority" : 20,
1478 | "autheticatorFlow" : false,
1479 | "userSetupAllowed" : false
1480 | }, {
1481 | "authenticator" : "client-secret-jwt",
1482 | "authenticatorFlow" : false,
1483 | "requirement" : "ALTERNATIVE",
1484 | "priority" : 30,
1485 | "autheticatorFlow" : false,
1486 | "userSetupAllowed" : false
1487 | }, {
1488 | "authenticator" : "client-x509",
1489 | "authenticatorFlow" : false,
1490 | "requirement" : "ALTERNATIVE",
1491 | "priority" : 40,
1492 | "autheticatorFlow" : false,
1493 | "userSetupAllowed" : false
1494 | } ]
1495 | }, {
1496 | "id" : "50b91487-fa67-4afe-b07f-296d7bef48f8",
1497 | "alias" : "direct grant",
1498 | "description" : "OpenID Connect Resource Owner Grant",
1499 | "providerId" : "basic-flow",
1500 | "topLevel" : true,
1501 | "builtIn" : true,
1502 | "authenticationExecutions" : [ {
1503 | "authenticator" : "direct-grant-validate-username",
1504 | "authenticatorFlow" : false,
1505 | "requirement" : "REQUIRED",
1506 | "priority" : 10,
1507 | "autheticatorFlow" : false,
1508 | "userSetupAllowed" : false
1509 | }, {
1510 | "authenticator" : "direct-grant-validate-password",
1511 | "authenticatorFlow" : false,
1512 | "requirement" : "REQUIRED",
1513 | "priority" : 20,
1514 | "autheticatorFlow" : false,
1515 | "userSetupAllowed" : false
1516 | }, {
1517 | "authenticatorFlow" : true,
1518 | "requirement" : "CONDITIONAL",
1519 | "priority" : 30,
1520 | "autheticatorFlow" : true,
1521 | "flowAlias" : "Direct Grant - Conditional OTP",
1522 | "userSetupAllowed" : false
1523 | } ]
1524 | }, {
1525 | "id" : "dbfcb55f-6f67-4894-9abe-1e92a305f4b1",
1526 | "alias" : "docker auth",
1527 | "description" : "Used by Docker clients to authenticate against the IDP",
1528 | "providerId" : "basic-flow",
1529 | "topLevel" : true,
1530 | "builtIn" : true,
1531 | "authenticationExecutions" : [ {
1532 | "authenticator" : "docker-http-basic-authenticator",
1533 | "authenticatorFlow" : false,
1534 | "requirement" : "REQUIRED",
1535 | "priority" : 10,
1536 | "autheticatorFlow" : false,
1537 | "userSetupAllowed" : false
1538 | } ]
1539 | }, {
1540 | "id" : "5d87b690-c92e-43c5-8bef-aed7ab29617c",
1541 | "alias" : "first broker login",
1542 | "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
1543 | "providerId" : "basic-flow",
1544 | "topLevel" : true,
1545 | "builtIn" : true,
1546 | "authenticationExecutions" : [ {
1547 | "authenticatorConfig" : "review profile config",
1548 | "authenticator" : "idp-review-profile",
1549 | "authenticatorFlow" : false,
1550 | "requirement" : "REQUIRED",
1551 | "priority" : 10,
1552 | "autheticatorFlow" : false,
1553 | "userSetupAllowed" : false
1554 | }, {
1555 | "authenticatorFlow" : true,
1556 | "requirement" : "REQUIRED",
1557 | "priority" : 20,
1558 | "autheticatorFlow" : true,
1559 | "flowAlias" : "User creation or linking",
1560 | "userSetupAllowed" : false
1561 | } ]
1562 | }, {
1563 | "id" : "f53baa44-229f-45a4-af62-585d55afec1b",
1564 | "alias" : "forms",
1565 | "description" : "Username, password, otp and other auth forms.",
1566 | "providerId" : "basic-flow",
1567 | "topLevel" : false,
1568 | "builtIn" : true,
1569 | "authenticationExecutions" : [ {
1570 | "authenticator" : "auth-username-password-form",
1571 | "authenticatorFlow" : false,
1572 | "requirement" : "REQUIRED",
1573 | "priority" : 10,
1574 | "autheticatorFlow" : false,
1575 | "userSetupAllowed" : false
1576 | }, {
1577 | "authenticatorFlow" : true,
1578 | "requirement" : "CONDITIONAL",
1579 | "priority" : 20,
1580 | "autheticatorFlow" : true,
1581 | "flowAlias" : "Browser - Conditional OTP",
1582 | "userSetupAllowed" : false
1583 | } ]
1584 | }, {
1585 | "id" : "973b08f0-9889-4bb0-b08d-27b0d9fa53c6",
1586 | "alias" : "registration",
1587 | "description" : "registration flow",
1588 | "providerId" : "basic-flow",
1589 | "topLevel" : true,
1590 | "builtIn" : true,
1591 | "authenticationExecutions" : [ {
1592 | "authenticator" : "registration-page-form",
1593 | "authenticatorFlow" : true,
1594 | "requirement" : "REQUIRED",
1595 | "priority" : 10,
1596 | "autheticatorFlow" : true,
1597 | "flowAlias" : "registration form",
1598 | "userSetupAllowed" : false
1599 | } ]
1600 | }, {
1601 | "id" : "abe8610b-9ee4-4156-9ccc-15db4db685b1",
1602 | "alias" : "registration form",
1603 | "description" : "registration form",
1604 | "providerId" : "form-flow",
1605 | "topLevel" : false,
1606 | "builtIn" : true,
1607 | "authenticationExecutions" : [ {
1608 | "authenticator" : "registration-user-creation",
1609 | "authenticatorFlow" : false,
1610 | "requirement" : "REQUIRED",
1611 | "priority" : 20,
1612 | "autheticatorFlow" : false,
1613 | "userSetupAllowed" : false
1614 | }, {
1615 | "authenticator" : "registration-profile-action",
1616 | "authenticatorFlow" : false,
1617 | "requirement" : "REQUIRED",
1618 | "priority" : 40,
1619 | "autheticatorFlow" : false,
1620 | "userSetupAllowed" : false
1621 | }, {
1622 | "authenticator" : "registration-password-action",
1623 | "authenticatorFlow" : false,
1624 | "requirement" : "REQUIRED",
1625 | "priority" : 50,
1626 | "autheticatorFlow" : false,
1627 | "userSetupAllowed" : false
1628 | }, {
1629 | "authenticator" : "registration-recaptcha-action",
1630 | "authenticatorFlow" : false,
1631 | "requirement" : "DISABLED",
1632 | "priority" : 60,
1633 | "autheticatorFlow" : false,
1634 | "userSetupAllowed" : false
1635 | } ]
1636 | }, {
1637 | "id" : "1362bd93-1099-44d7-a73c-b592e7ea8609",
1638 | "alias" : "reset credentials",
1639 | "description" : "Reset credentials for a user if they forgot their password or something",
1640 | "providerId" : "basic-flow",
1641 | "topLevel" : true,
1642 | "builtIn" : true,
1643 | "authenticationExecutions" : [ {
1644 | "authenticator" : "reset-credentials-choose-user",
1645 | "authenticatorFlow" : false,
1646 | "requirement" : "REQUIRED",
1647 | "priority" : 10,
1648 | "autheticatorFlow" : false,
1649 | "userSetupAllowed" : false
1650 | }, {
1651 | "authenticator" : "reset-credential-email",
1652 | "authenticatorFlow" : false,
1653 | "requirement" : "REQUIRED",
1654 | "priority" : 20,
1655 | "autheticatorFlow" : false,
1656 | "userSetupAllowed" : false
1657 | }, {
1658 | "authenticator" : "reset-password",
1659 | "authenticatorFlow" : false,
1660 | "requirement" : "REQUIRED",
1661 | "priority" : 30,
1662 | "autheticatorFlow" : false,
1663 | "userSetupAllowed" : false
1664 | }, {
1665 | "authenticatorFlow" : true,
1666 | "requirement" : "CONDITIONAL",
1667 | "priority" : 40,
1668 | "autheticatorFlow" : true,
1669 | "flowAlias" : "Reset - Conditional OTP",
1670 | "userSetupAllowed" : false
1671 | } ]
1672 | }, {
1673 | "id" : "6cea0fb1-7e92-403d-b7c3-d237e20d0a89",
1674 | "alias" : "saml ecp",
1675 | "description" : "SAML ECP Profile Authentication Flow",
1676 | "providerId" : "basic-flow",
1677 | "topLevel" : true,
1678 | "builtIn" : true,
1679 | "authenticationExecutions" : [ {
1680 | "authenticator" : "http-basic-authenticator",
1681 | "authenticatorFlow" : false,
1682 | "requirement" : "REQUIRED",
1683 | "priority" : 10,
1684 | "autheticatorFlow" : false,
1685 | "userSetupAllowed" : false
1686 | } ]
1687 | } ],
1688 | "authenticatorConfig" : [ {
1689 | "id" : "cf9988c2-8b8c-4db0-b725-f9317b023d8a",
1690 | "alias" : "create unique user config",
1691 | "config" : {
1692 | "require.password.update.after.registration" : "false"
1693 | }
1694 | }, {
1695 | "id" : "a36acd81-9bc6-47e7-ad0d-05bc22dc3e34",
1696 | "alias" : "review profile config",
1697 | "config" : {
1698 | "update.profile.on.first.login" : "missing"
1699 | }
1700 | } ],
1701 | "requiredActions" : [ {
1702 | "alias" : "CONFIGURE_TOTP",
1703 | "name" : "Configure OTP",
1704 | "providerId" : "CONFIGURE_TOTP",
1705 | "enabled" : true,
1706 | "defaultAction" : false,
1707 | "priority" : 10,
1708 | "config" : { }
1709 | }, {
1710 | "alias" : "TERMS_AND_CONDITIONS",
1711 | "name" : "Terms and Conditions",
1712 | "providerId" : "TERMS_AND_CONDITIONS",
1713 | "enabled" : false,
1714 | "defaultAction" : false,
1715 | "priority" : 20,
1716 | "config" : { }
1717 | }, {
1718 | "alias" : "UPDATE_PASSWORD",
1719 | "name" : "Update Password",
1720 | "providerId" : "UPDATE_PASSWORD",
1721 | "enabled" : true,
1722 | "defaultAction" : false,
1723 | "priority" : 30,
1724 | "config" : { }
1725 | }, {
1726 | "alias" : "UPDATE_PROFILE",
1727 | "name" : "Update Profile",
1728 | "providerId" : "UPDATE_PROFILE",
1729 | "enabled" : true,
1730 | "defaultAction" : false,
1731 | "priority" : 40,
1732 | "config" : { }
1733 | }, {
1734 | "alias" : "VERIFY_EMAIL",
1735 | "name" : "Verify Email",
1736 | "providerId" : "VERIFY_EMAIL",
1737 | "enabled" : true,
1738 | "defaultAction" : false,
1739 | "priority" : 50,
1740 | "config" : { }
1741 | }, {
1742 | "alias" : "delete_account",
1743 | "name" : "Delete Account",
1744 | "providerId" : "delete_account",
1745 | "enabled" : false,
1746 | "defaultAction" : false,
1747 | "priority" : 60,
1748 | "config" : { }
1749 | }, {
1750 | "alias" : "CONFIGURE_RECOVERY_AUTHN_CODES",
1751 | "name" : "Recovery Authentication Codes",
1752 | "providerId" : "CONFIGURE_RECOVERY_AUTHN_CODES",
1753 | "enabled" : true,
1754 | "defaultAction" : false,
1755 | "priority" : 70,
1756 | "config" : { }
1757 | }, {
1758 | "alias" : "UPDATE_EMAIL",
1759 | "name" : "Update Email",
1760 | "providerId" : "UPDATE_EMAIL",
1761 | "enabled" : true,
1762 | "defaultAction" : false,
1763 | "priority" : 70,
1764 | "config" : { }
1765 | }, {
1766 | "alias" : "webauthn-register",
1767 | "name" : "Webauthn Register",
1768 | "providerId" : "webauthn-register",
1769 | "enabled" : true,
1770 | "defaultAction" : false,
1771 | "priority" : 70,
1772 | "config" : { }
1773 | }, {
1774 | "alias" : "webauthn-register-passwordless",
1775 | "name" : "Webauthn Register Passwordless",
1776 | "providerId" : "webauthn-register-passwordless",
1777 | "enabled" : true,
1778 | "defaultAction" : false,
1779 | "priority" : 80,
1780 | "config" : { }
1781 | }, {
1782 | "alias" : "update_user_locale",
1783 | "name" : "Update User Locale",
1784 | "providerId" : "update_user_locale",
1785 | "enabled" : true,
1786 | "defaultAction" : false,
1787 | "priority" : 1000,
1788 | "config" : { }
1789 | } ],
1790 | "browserFlow" : "browser",
1791 | "registrationFlow" : "registration",
1792 | "directGrantFlow" : "direct grant",
1793 | "resetCredentialsFlow" : "reset credentials",
1794 | "clientAuthenticationFlow" : "clients",
1795 | "dockerAuthenticationFlow" : "docker auth",
1796 | "attributes" : {
1797 | "cibaBackchannelTokenDeliveryMode" : "poll",
1798 | "cibaAuthRequestedUserHint" : "login_hint",
1799 | "oauth2DevicePollingInterval" : "5",
1800 | "clientOfflineSessionMaxLifespan" : "0",
1801 | "clientSessionIdleTimeout" : "0",
1802 | "actionTokenGeneratedByUserLifespan-execute-actions" : "",
1803 | "actionTokenGeneratedByUserLifespan-verify-email" : "",
1804 | "clientOfflineSessionIdleTimeout" : "0",
1805 | "actionTokenGeneratedByUserLifespan-reset-credentials" : "",
1806 | "cibaInterval" : "5",
1807 | "realmReusableOtpCode" : "false",
1808 | "cibaExpiresIn" : "120",
1809 | "oauth2DeviceCodeLifespan" : "600",
1810 | "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "",
1811 | "parRequestUriLifespan" : "60",
1812 | "clientSessionMaxLifespan" : "0",
1813 | "shortVerificationUri" : ""
1814 | },
1815 | "keycloakVersion" : "22.0.0",
1816 | "userManagedAccessAllowed" : false,
1817 | "clientProfiles" : {
1818 | "profiles" : [ ]
1819 | },
1820 | "clientPolicies" : {
1821 | "policies" : [ ]
1822 | }
1823 | }
--------------------------------------------------------------------------------