├── README.md ├── backend ├── .gitignore ├── .mvn │ └── wrapper │ │ ├── maven-wrapper.jar │ │ └── maven-wrapper.properties ├── mvnw ├── mvnw.cmd ├── pom.xml └── src │ ├── main │ ├── java │ │ └── com │ │ │ └── example │ │ │ └── demo │ │ │ ├── DemoApplication.java │ │ │ ├── config │ │ │ └── SecurityConfig.java │ │ │ ├── controller │ │ │ └── HelloController.java │ │ │ └── jwt │ │ │ ├── CustomJwt.java │ │ │ └── CustomJwtConverter.java │ └── resources │ │ └── application.properties │ └── test │ └── java │ └── com │ └── example │ └── demo │ └── DemoApplicationTests.java ├── keycloak ├── Dockerfile ├── docker-compose.yml └── my-test-realm-realm.json └── webapp ├── .editorconfig ├── .gitignore ├── .vscode ├── extensions.json ├── launch.json └── tasks.json ├── README.md ├── angular.json ├── package-lock.json ├── package.json ├── src ├── app │ ├── app.component.html │ ├── app.component.scss │ ├── app.component.spec.ts │ ├── app.component.ts │ ├── app.config.ts │ └── app.routes.ts ├── assets │ └── .gitkeep ├── favicon.ico ├── index.html ├── main.ts └── styles.scss ├── tsconfig.app.json ├── tsconfig.json └── tsconfig.spec.json /README.md: -------------------------------------------------------------------------------- 1 | # fullstack-oauth2-angular-spring-boot-keycloak 2 | An OAuth2 fullstack example with keycloak, angular and spring boot. 3 | 4 | ## setup keycloak 5 | 6 | Go to `keycloak` folder, modify `Dockerfile` or `docker-compose.yml` (e.g. adjust the `postgres_data` volume) and start up postgres and keycloak via `docker compose up --build`. 7 | 8 | The file `my-test-realm-realm.json` is used to import a complete realm configuration, including clients, users, roles, etc... into keycloak. 9 | 10 | Realm: `my-test-realm`, Username: `testuser-1`, Password: `testuser1` 11 | 12 | You may create and configure your own realm by using the keycloak admin console. 13 | 14 | Check if the keycloak admin console is reachable (`http://localhost:8180/`). 15 | 16 | 17 | ## angular webapp 18 | 19 | Angular webapp is in `webapp`. Made with angular 17. 20 | 21 | Using [angular-oauth2-oidc](https://www.npmjs.com/package/angular-oauth2-oidc)! 22 | 23 | The `main.ts` file bootstraps the webapp by proving the http client and the oauthservice. Also initializing the oauthservice by providing a configuration, setup of silent token refresh, loading discovery document and login of user, if not already done. 24 | 25 | The component `AppComponent` provides a basic demo of logout and calling a protected API with the access token. 26 | 27 | ## spring-boot backend 28 | 29 | Spring boot backend is in `backend` folder. Requires Maven and Java 21. 30 | 31 | The class `SecurityConfig` configures the security filter chain, enabling CORS, makes sure that all requests must be authenticated, configures to be an oauth2 resource server (verify access token via JWT issuer) and to use a custom JWT converter to extract all relevant data from the JWT. 32 | 33 | The `application.properties` file has the JWT issuer configured, pointing to the locally running keycloak. 34 | 35 | The `CustomJwt` is a customized JWT containing all relevant information we need extracted from the JWT bearer token. 36 | 37 | The `HelloController` has a basic GET endpoint, CORS is configured to work with a locally running angular webapp. The GET method returns a message, but only for authorized users which have the authority `ROLE_fullstack-developer`. 38 | 39 | The granted authorities are extracted by the `CustomJwtConverter`. 40 | 41 | 42 | -------------------------------------------------------------------------------- /backend/.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/**/target/ 5 | !**/src/test/**/target/ 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | !**/src/main/**/build/ 30 | !**/src/test/**/build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | -------------------------------------------------------------------------------- /backend/.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tamani-coding/fullstack-oauth2-angular-spring-boot-keycloak/c989a6603f144022684940e2ad2c9a19acdee9fd/backend/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /backend/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar 3 | -------------------------------------------------------------------------------- /backend/mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # https://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Apache Maven Wrapper startup batch script, version 3.2.0 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | # e.g. to debug Maven itself, use 32 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | # ---------------------------------------------------------------------------- 35 | 36 | if [ -z "$MAVEN_SKIP_RC" ] ; then 37 | 38 | if [ -f /usr/local/etc/mavenrc ] ; then 39 | . /usr/local/etc/mavenrc 40 | fi 41 | 42 | if [ -f /etc/mavenrc ] ; then 43 | . /etc/mavenrc 44 | fi 45 | 46 | if [ -f "$HOME/.mavenrc" ] ; then 47 | . "$HOME/.mavenrc" 48 | fi 49 | 50 | fi 51 | 52 | # OS specific support. $var _must_ be set to either true or false. 53 | cygwin=false; 54 | darwin=false; 55 | mingw=false 56 | case "$(uname)" in 57 | CYGWIN*) cygwin=true ;; 58 | MINGW*) mingw=true;; 59 | Darwin*) darwin=true 60 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 61 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 62 | if [ -z "$JAVA_HOME" ]; then 63 | if [ -x "/usr/libexec/java_home" ]; then 64 | JAVA_HOME="$(/usr/libexec/java_home)"; export JAVA_HOME 65 | else 66 | JAVA_HOME="/Library/Java/Home"; export JAVA_HOME 67 | fi 68 | fi 69 | ;; 70 | esac 71 | 72 | if [ -z "$JAVA_HOME" ] ; then 73 | if [ -r /etc/gentoo-release ] ; then 74 | JAVA_HOME=$(java-config --jre-home) 75 | fi 76 | fi 77 | 78 | # For Cygwin, ensure paths are in UNIX format before anything is touched 79 | if $cygwin ; then 80 | [ -n "$JAVA_HOME" ] && 81 | JAVA_HOME=$(cygpath --unix "$JAVA_HOME") 82 | [ -n "$CLASSPATH" ] && 83 | CLASSPATH=$(cygpath --path --unix "$CLASSPATH") 84 | fi 85 | 86 | # For Mingw, ensure paths are in UNIX format before anything is touched 87 | if $mingw ; then 88 | [ -n "$JAVA_HOME" ] && [ -d "$JAVA_HOME" ] && 89 | JAVA_HOME="$(cd "$JAVA_HOME" || (echo "cannot cd into $JAVA_HOME."; exit 1); pwd)" 90 | fi 91 | 92 | if [ -z "$JAVA_HOME" ]; then 93 | javaExecutable="$(which javac)" 94 | if [ -n "$javaExecutable" ] && ! [ "$(expr "\"$javaExecutable\"" : '\([^ ]*\)')" = "no" ]; then 95 | # readlink(1) is not available as standard on Solaris 10. 96 | readLink=$(which readlink) 97 | if [ ! "$(expr "$readLink" : '\([^ ]*\)')" = "no" ]; then 98 | if $darwin ; then 99 | javaHome="$(dirname "\"$javaExecutable\"")" 100 | javaExecutable="$(cd "\"$javaHome\"" && pwd -P)/javac" 101 | else 102 | javaExecutable="$(readlink -f "\"$javaExecutable\"")" 103 | fi 104 | javaHome="$(dirname "\"$javaExecutable\"")" 105 | javaHome=$(expr "$javaHome" : '\(.*\)/bin') 106 | JAVA_HOME="$javaHome" 107 | export JAVA_HOME 108 | fi 109 | fi 110 | fi 111 | 112 | if [ -z "$JAVACMD" ] ; then 113 | if [ -n "$JAVA_HOME" ] ; then 114 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 115 | # IBM's JDK on AIX uses strange locations for the executables 116 | JAVACMD="$JAVA_HOME/jre/sh/java" 117 | else 118 | JAVACMD="$JAVA_HOME/bin/java" 119 | fi 120 | else 121 | JAVACMD="$(\unset -f command 2>/dev/null; \command -v java)" 122 | fi 123 | fi 124 | 125 | if [ ! -x "$JAVACMD" ] ; then 126 | echo "Error: JAVA_HOME is not defined correctly." >&2 127 | echo " We cannot execute $JAVACMD" >&2 128 | exit 1 129 | fi 130 | 131 | if [ -z "$JAVA_HOME" ] ; then 132 | echo "Warning: JAVA_HOME environment variable is not set." 133 | fi 134 | 135 | # traverses directory structure from process work directory to filesystem root 136 | # first directory with .mvn subdirectory is considered project base directory 137 | find_maven_basedir() { 138 | if [ -z "$1" ] 139 | then 140 | echo "Path not specified to find_maven_basedir" 141 | return 1 142 | fi 143 | 144 | basedir="$1" 145 | wdir="$1" 146 | while [ "$wdir" != '/' ] ; do 147 | if [ -d "$wdir"/.mvn ] ; then 148 | basedir=$wdir 149 | break 150 | fi 151 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 152 | if [ -d "${wdir}" ]; then 153 | wdir=$(cd "$wdir/.." || exit 1; pwd) 154 | fi 155 | # end of workaround 156 | done 157 | printf '%s' "$(cd "$basedir" || exit 1; pwd)" 158 | } 159 | 160 | # concatenates all lines of a file 161 | concat_lines() { 162 | if [ -f "$1" ]; then 163 | # Remove \r in case we run on Windows within Git Bash 164 | # and check out the repository with auto CRLF management 165 | # enabled. Otherwise, we may read lines that are delimited with 166 | # \r\n and produce $'-Xarg\r' rather than -Xarg due to word 167 | # splitting rules. 168 | tr -s '\r\n' ' ' < "$1" 169 | fi 170 | } 171 | 172 | log() { 173 | if [ "$MVNW_VERBOSE" = true ]; then 174 | printf '%s\n' "$1" 175 | fi 176 | } 177 | 178 | BASE_DIR=$(find_maven_basedir "$(dirname "$0")") 179 | if [ -z "$BASE_DIR" ]; then 180 | exit 1; 181 | fi 182 | 183 | MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR 184 | log "$MAVEN_PROJECTBASEDIR" 185 | 186 | ########################################################################################## 187 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 188 | # This allows using the maven wrapper in projects that prohibit checking in binary data. 189 | ########################################################################################## 190 | wrapperJarPath="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" 191 | if [ -r "$wrapperJarPath" ]; then 192 | log "Found $wrapperJarPath" 193 | else 194 | log "Couldn't find $wrapperJarPath, downloading it ..." 195 | 196 | if [ -n "$MVNW_REPOURL" ]; then 197 | wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar" 198 | else 199 | wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar" 200 | fi 201 | while IFS="=" read -r key value; do 202 | # Remove '\r' from value to allow usage on windows as IFS does not consider '\r' as a separator ( considers space, tab, new line ('\n'), and custom '=' ) 203 | safeValue=$(echo "$value" | tr -d '\r') 204 | case "$key" in (wrapperUrl) wrapperUrl="$safeValue"; break ;; 205 | esac 206 | done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties" 207 | log "Downloading from: $wrapperUrl" 208 | 209 | if $cygwin; then 210 | wrapperJarPath=$(cygpath --path --windows "$wrapperJarPath") 211 | fi 212 | 213 | if command -v wget > /dev/null; then 214 | log "Found wget ... using wget" 215 | [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--quiet" 216 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 217 | wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" 218 | else 219 | wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" 220 | fi 221 | elif command -v curl > /dev/null; then 222 | log "Found curl ... using curl" 223 | [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--silent" 224 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 225 | curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath" 226 | else 227 | curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath" 228 | fi 229 | else 230 | log "Falling back to using Java to download" 231 | javaSource="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.java" 232 | javaClass="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.class" 233 | # For Cygwin, switch paths to Windows format before running javac 234 | if $cygwin; then 235 | javaSource=$(cygpath --path --windows "$javaSource") 236 | javaClass=$(cygpath --path --windows "$javaClass") 237 | fi 238 | if [ -e "$javaSource" ]; then 239 | if [ ! -e "$javaClass" ]; then 240 | log " - Compiling MavenWrapperDownloader.java ..." 241 | ("$JAVA_HOME/bin/javac" "$javaSource") 242 | fi 243 | if [ -e "$javaClass" ]; then 244 | log " - Running MavenWrapperDownloader.java ..." 245 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$wrapperUrl" "$wrapperJarPath") || rm -f "$wrapperJarPath" 246 | fi 247 | fi 248 | fi 249 | fi 250 | ########################################################################################## 251 | # End of extension 252 | ########################################################################################## 253 | 254 | # If specified, validate the SHA-256 sum of the Maven wrapper jar file 255 | wrapperSha256Sum="" 256 | while IFS="=" read -r key value; do 257 | case "$key" in (wrapperSha256Sum) wrapperSha256Sum=$value; break ;; 258 | esac 259 | done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties" 260 | if [ -n "$wrapperSha256Sum" ]; then 261 | wrapperSha256Result=false 262 | if command -v sha256sum > /dev/null; then 263 | if echo "$wrapperSha256Sum $wrapperJarPath" | sha256sum -c > /dev/null 2>&1; then 264 | wrapperSha256Result=true 265 | fi 266 | elif command -v shasum > /dev/null; then 267 | if echo "$wrapperSha256Sum $wrapperJarPath" | shasum -a 256 -c > /dev/null 2>&1; then 268 | wrapperSha256Result=true 269 | fi 270 | else 271 | echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." 272 | echo "Please install either command, or disable validation by removing 'wrapperSha256Sum' from your maven-wrapper.properties." 273 | exit 1 274 | fi 275 | if [ $wrapperSha256Result = false ]; then 276 | echo "Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised." >&2 277 | echo "Investigate or delete $wrapperJarPath to attempt a clean download." >&2 278 | echo "If you updated your Maven version, you need to update the specified wrapperSha256Sum property." >&2 279 | exit 1 280 | fi 281 | fi 282 | 283 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 284 | 285 | # For Cygwin, switch paths to Windows format before running java 286 | if $cygwin; then 287 | [ -n "$JAVA_HOME" ] && 288 | JAVA_HOME=$(cygpath --path --windows "$JAVA_HOME") 289 | [ -n "$CLASSPATH" ] && 290 | CLASSPATH=$(cygpath --path --windows "$CLASSPATH") 291 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 292 | MAVEN_PROJECTBASEDIR=$(cygpath --path --windows "$MAVEN_PROJECTBASEDIR") 293 | fi 294 | 295 | # Provide a "standardized" way to retrieve the CLI args that will 296 | # work with both Windows and non-Windows executions. 297 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $*" 298 | export MAVEN_CMD_LINE_ARGS 299 | 300 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 301 | 302 | # shellcheck disable=SC2086 # safe args 303 | exec "$JAVACMD" \ 304 | $MAVEN_OPTS \ 305 | $MAVEN_DEBUG_OPTS \ 306 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 307 | "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 308 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 309 | -------------------------------------------------------------------------------- /backend/mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM https://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Apache Maven Wrapper startup batch script, version 3.2.0 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 28 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending 29 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 30 | @REM e.g. to debug Maven itself, use 31 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 32 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 33 | @REM ---------------------------------------------------------------------------- 34 | 35 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 36 | @echo off 37 | @REM set title of command window 38 | title %0 39 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' 40 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 41 | 42 | @REM set %HOME% to equivalent of $HOME 43 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 44 | 45 | @REM Execute a user defined script before this one 46 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 47 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 48 | if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %* 49 | if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %* 50 | :skipRcPre 51 | 52 | @setlocal 53 | 54 | set ERROR_CODE=0 55 | 56 | @REM To isolate internal variables from possible post scripts, we use another setlocal 57 | @setlocal 58 | 59 | @REM ==== START VALIDATION ==== 60 | if not "%JAVA_HOME%" == "" goto OkJHome 61 | 62 | echo. 63 | echo Error: JAVA_HOME not found in your environment. >&2 64 | echo Please set the JAVA_HOME variable in your environment to match the >&2 65 | echo location of your Java installation. >&2 66 | echo. 67 | goto error 68 | 69 | :OkJHome 70 | if exist "%JAVA_HOME%\bin\java.exe" goto init 71 | 72 | echo. 73 | echo Error: JAVA_HOME is set to an invalid directory. >&2 74 | echo JAVA_HOME = "%JAVA_HOME%" >&2 75 | echo Please set the JAVA_HOME variable in your environment to match the >&2 76 | echo location of your Java installation. >&2 77 | echo. 78 | goto error 79 | 80 | @REM ==== END VALIDATION ==== 81 | 82 | :init 83 | 84 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 85 | @REM Fallback to current working directory if not found. 86 | 87 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 88 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 89 | 90 | set EXEC_DIR=%CD% 91 | set WDIR=%EXEC_DIR% 92 | :findBaseDir 93 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 94 | cd .. 95 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 96 | set WDIR=%CD% 97 | goto findBaseDir 98 | 99 | :baseDirFound 100 | set MAVEN_PROJECTBASEDIR=%WDIR% 101 | cd "%EXEC_DIR%" 102 | goto endDetectBaseDir 103 | 104 | :baseDirNotFound 105 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 106 | cd "%EXEC_DIR%" 107 | 108 | :endDetectBaseDir 109 | 110 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 111 | 112 | @setlocal EnableExtensions EnableDelayedExpansion 113 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 114 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 115 | 116 | :endReadAdditionalConfig 117 | 118 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 121 | 122 | set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar" 123 | 124 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( 125 | IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B 126 | ) 127 | 128 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 129 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data. 130 | if exist %WRAPPER_JAR% ( 131 | if "%MVNW_VERBOSE%" == "true" ( 132 | echo Found %WRAPPER_JAR% 133 | ) 134 | ) else ( 135 | if not "%MVNW_REPOURL%" == "" ( 136 | SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar" 137 | ) 138 | if "%MVNW_VERBOSE%" == "true" ( 139 | echo Couldn't find %WRAPPER_JAR%, downloading it ... 140 | echo Downloading from: %WRAPPER_URL% 141 | ) 142 | 143 | powershell -Command "&{"^ 144 | "$webclient = new-object System.Net.WebClient;"^ 145 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ 146 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ 147 | "}"^ 148 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^ 149 | "}" 150 | if "%MVNW_VERBOSE%" == "true" ( 151 | echo Finished downloading %WRAPPER_JAR% 152 | ) 153 | ) 154 | @REM End of extension 155 | 156 | @REM If specified, validate the SHA-256 sum of the Maven wrapper jar file 157 | SET WRAPPER_SHA_256_SUM="" 158 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( 159 | IF "%%A"=="wrapperSha256Sum" SET WRAPPER_SHA_256_SUM=%%B 160 | ) 161 | IF NOT %WRAPPER_SHA_256_SUM%=="" ( 162 | powershell -Command "&{"^ 163 | "$hash = (Get-FileHash \"%WRAPPER_JAR%\" -Algorithm SHA256).Hash.ToLower();"^ 164 | "If('%WRAPPER_SHA_256_SUM%' -ne $hash){"^ 165 | " Write-Output 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';"^ 166 | " Write-Output 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';"^ 167 | " Write-Output 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';"^ 168 | " exit 1;"^ 169 | "}"^ 170 | "}" 171 | if ERRORLEVEL 1 goto error 172 | ) 173 | 174 | @REM Provide a "standardized" way to retrieve the CLI args that will 175 | @REM work with both Windows and non-Windows executions. 176 | set MAVEN_CMD_LINE_ARGS=%* 177 | 178 | %MAVEN_JAVA_EXE% ^ 179 | %JVM_CONFIG_MAVEN_PROPS% ^ 180 | %MAVEN_OPTS% ^ 181 | %MAVEN_DEBUG_OPTS% ^ 182 | -classpath %WRAPPER_JAR% ^ 183 | "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^ 184 | %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 185 | if ERRORLEVEL 1 goto error 186 | goto end 187 | 188 | :error 189 | set ERROR_CODE=1 190 | 191 | :end 192 | @endlocal & set ERROR_CODE=%ERROR_CODE% 193 | 194 | if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost 195 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 196 | if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" 197 | if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd" 198 | :skipRcPost 199 | 200 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 201 | if "%MAVEN_BATCH_PAUSE%"=="on" pause 202 | 203 | if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% 204 | 205 | cmd /C exit /B %ERROR_CODE% 206 | -------------------------------------------------------------------------------- /backend/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | org.springframework.boot 7 | spring-boot-starter-parent 8 | 3.1.5 9 | 10 | 11 | com.example 12 | demo 13 | 0.0.1-SNAPSHOT 14 | demo 15 | Demo project for Spring Boot 16 | 17 | 21 18 | 19 | 20 | 21 | org.springframework.boot 22 | spring-boot-starter-oauth2-resource-server 23 | 24 | 25 | org.springframework.boot 26 | spring-boot-starter-security 27 | 28 | 29 | org.springframework.boot 30 | spring-boot-starter-web 31 | 32 | 33 | 34 | org.springframework.boot 35 | spring-boot-starter-test 36 | test 37 | 38 | 39 | org.springframework.security 40 | spring-security-test 41 | test 42 | 43 | 44 | 45 | 46 | 47 | 48 | org.springframework.boot 49 | spring-boot-maven-plugin 50 | 51 | 52 | paketobuildpacks/builder-jammy-base:latest 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | -------------------------------------------------------------------------------- /backend/src/main/java/com/example/demo/DemoApplication.java: -------------------------------------------------------------------------------- 1 | package com.example.demo; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class DemoApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(DemoApplication.class, args); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /backend/src/main/java/com/example/demo/config/SecurityConfig.java: -------------------------------------------------------------------------------- 1 | package com.example.demo.config; 2 | 3 | import com.example.demo.jwt.CustomJwt; 4 | import com.example.demo.jwt.CustomJwtConverter; 5 | import org.springframework.context.annotation.Bean; 6 | import org.springframework.context.annotation.Configuration; 7 | import org.springframework.core.convert.converter.Converter; 8 | import org.springframework.security.config.Customizer; 9 | import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; 10 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 11 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 12 | import org.springframework.security.oauth2.jwt.Jwt; 13 | import org.springframework.security.web.SecurityFilterChain; 14 | 15 | @Configuration 16 | @EnableWebSecurity 17 | @EnableMethodSecurity 18 | public class SecurityConfig { 19 | 20 | @Bean 21 | public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { 22 | http.cors(Customizer.withDefaults()) 23 | .authorizeHttpRequests(authorize -> authorize 24 | .anyRequest().authenticated() 25 | ) 26 | .oauth2ResourceServer((oauth2) -> oauth2.jwt( 27 | jwt -> jwt.jwtAuthenticationConverter(customJwtConverter()) 28 | )); 29 | return http.build(); 30 | } 31 | 32 | @Bean 33 | public Converter customJwtConverter() { 34 | return new CustomJwtConverter(); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /backend/src/main/java/com/example/demo/controller/HelloController.java: -------------------------------------------------------------------------------- 1 | package com.example.demo.controller; 2 | 3 | import com.example.demo.jwt.CustomJwt; 4 | import org.springframework.security.access.prepost.PreAuthorize; 5 | import org.springframework.security.core.context.SecurityContextHolder; 6 | import org.springframework.web.bind.annotation.CrossOrigin; 7 | import org.springframework.web.bind.annotation.GetMapping; 8 | import org.springframework.web.bind.annotation.RequestMethod; 9 | import org.springframework.web.bind.annotation.RestController; 10 | 11 | import java.text.MessageFormat; 12 | 13 | @RestController 14 | @CrossOrigin( 15 | origins = "http://localhost:4200", 16 | allowedHeaders = "*", 17 | methods = { RequestMethod.GET } 18 | ) 19 | public class HelloController { 20 | 21 | @GetMapping("/hello") 22 | @PreAuthorize("hasAuthority('ROLE_fullstack-developer')") 23 | public Message hello() { 24 | var jwt = (CustomJwt) SecurityContextHolder.getContext().getAuthentication(); 25 | var message = MessageFormat 26 | .format("Hello fullstack master {0} {1}, how is it going today?", 27 | jwt.getFirstname(), jwt.getLastname()); 28 | return new Message(message); 29 | } 30 | 31 | record Message(String message) {} 32 | } 33 | -------------------------------------------------------------------------------- /backend/src/main/java/com/example/demo/jwt/CustomJwt.java: -------------------------------------------------------------------------------- 1 | package com.example.demo.jwt; 2 | 3 | import org.springframework.security.core.GrantedAuthority; 4 | import org.springframework.security.oauth2.jwt.Jwt; 5 | import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; 6 | 7 | import java.util.Collection; 8 | 9 | public class CustomJwt extends JwtAuthenticationToken { 10 | 11 | private String firstname; 12 | 13 | private String lastname; 14 | 15 | public CustomJwt(Jwt jwt, Collection authorities) { 16 | super(jwt, authorities); 17 | } 18 | 19 | public String getFirstname() { 20 | return firstname; 21 | } 22 | 23 | public void setFirstname(String firstname) { 24 | this.firstname = firstname; 25 | } 26 | 27 | public String getLastname() { 28 | return lastname; 29 | } 30 | 31 | public void setLastname(String lastname) { 32 | this.lastname = lastname; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /backend/src/main/java/com/example/demo/jwt/CustomJwtConverter.java: -------------------------------------------------------------------------------- 1 | package com.example.demo.jwt; 2 | 3 | import org.springframework.core.convert.converter.Converter; 4 | import org.springframework.lang.NonNull; 5 | import org.springframework.security.core.GrantedAuthority; 6 | import org.springframework.security.core.authority.SimpleGrantedAuthority; 7 | import org.springframework.security.oauth2.jwt.Jwt; 8 | 9 | import java.util.ArrayList; 10 | import java.util.Collection; 11 | import java.util.List; 12 | 13 | public class CustomJwtConverter implements Converter { 14 | 15 | @Override 16 | public CustomJwt convert(@NonNull Jwt jwt) { 17 | // Extract claims and authorities as needed 18 | Collection authorities = extractAuthorities(jwt); 19 | 20 | // You can also map other information from the Jwt to the custom token 21 | var customJwt = new CustomJwt(jwt, authorities); 22 | customJwt.setFirstname(jwt.getClaimAsString("given_name")); 23 | customJwt.setLastname(jwt.getClaimAsString("family_name")); 24 | return customJwt; 25 | } 26 | 27 | private Collection extractAuthorities(Jwt jwt) { 28 | var authorities = new ArrayList(); 29 | 30 | // ... your logic to extract and map the claims to GrantedAuthority ... 31 | var realm_access = jwt.getClaimAsMap("realm_access"); 32 | if (realm_access != null && realm_access.get("roles") != null) { 33 | var roles = realm_access.get("roles"); 34 | if (roles instanceof List l) { 35 | l.forEach(role -> 36 | authorities.add(new SimpleGrantedAuthority("ROLE_" + role)) 37 | ); 38 | } 39 | } 40 | 41 | return authorities; 42 | } 43 | } -------------------------------------------------------------------------------- /backend/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8180/realms/my-test-realm 2 | logging.level.org.springframework.security=TRACE -------------------------------------------------------------------------------- /backend/src/test/java/com/example/demo/DemoApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.example.demo; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.springframework.boot.test.context.SpringBootTest; 5 | 6 | @SpringBootTest 7 | class DemoApplicationTests { 8 | 9 | @Test 10 | void contextLoads() { 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /keycloak/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG KEYCLOAK_VERSION 2 | 3 | FROM quay.io/keycloak/keycloak:$KEYCLOAK_VERSION as builder 4 | 5 | # Configure a database vendor 6 | ENV KC_DB=postgres 7 | 8 | WORKDIR /opt/keycloak 9 | # for demonstration purposes only, please make sure to use proper certificates in production instead 10 | RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore 11 | RUN /opt/keycloak/bin/kc.sh build 12 | 13 | FROM quay.io/keycloak/keycloak:$KEYCLOAK_VERSION 14 | COPY --from=builder /opt/keycloak/ /opt/keycloak/ 15 | 16 | ENTRYPOINT ["/opt/keycloak/bin/kc.sh"] -------------------------------------------------------------------------------- /keycloak/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.9" 2 | services: 3 | postgres: 4 | container_name: db 5 | image: "postgres:14.4" 6 | healthcheck: 7 | test: [ "CMD", "pg_isready", "-q", "-d", "postgres", "-U", "postgres" ] 8 | timeout: 45s 9 | interval: 10s 10 | retries: 10 11 | volumes: 12 | # change this to your local path 13 | - "postgres_data:/c/tutorials/volume" 14 | environment: 15 | POSTGRES_USER: postgres 16 | POSTGRES_PASSWORD: postgres 17 | POSTGRES_DB: keycloak 18 | POSTGRES_HOST: postgres 19 | networks: 20 | - local 21 | ports: 22 | - "5432:5432" 23 | 24 | keycloak: 25 | container_name: keycloak 26 | build: 27 | context: . 28 | args: 29 | KEYCLOAK_VERSION: 22.0.0 30 | command: ['start', '--optimized', '--import-realm'] 31 | depends_on: 32 | - "postgres" 33 | environment: 34 | JAVA_OPTS_APPEND: -Dkeycloak.profile.feature.upload_scripts=enabled 35 | KC_DB_PASSWORD: postgres 36 | KC_DB_URL: jdbc:postgresql://postgres/keycloak 37 | KC_DB_USERNAME: postgres 38 | KC_HEALTH_ENABLED: 'true' 39 | KC_HTTP_ENABLED: 'true' 40 | KC_METRICS_ENABLED: 'true' 41 | KC_HOSTNAME_URL: http://localhost:8180 42 | KC_PROXY: reencrypt 43 | KEYCLOAK_ADMIN: admin 44 | KEYCLOAK_ADMIN_PASSWORD: password 45 | ports: 46 | - "8180:8080" 47 | - "8787:8787" # debug port 48 | networks: 49 | - local 50 | volumes: 51 | - ./my-test-realm-realm.json:/opt/keycloak/data/import/my-test-realm-realm.json 52 | 53 | networks: 54 | local: 55 | name: local 56 | driver: bridge 57 | 58 | volumes: 59 | postgres_data: -------------------------------------------------------------------------------- /keycloak/my-test-realm-realm.json: -------------------------------------------------------------------------------- 1 | { 2 | "id" : "308bba17-5f3a-48e7-afce-5acf7b6b4486", 3 | "realm" : "my-test-realm", 4 | "notBefore" : 0, 5 | "defaultSignatureAlgorithm" : "RS256", 6 | "revokeRefreshToken" : false, 7 | "refreshTokenMaxReuse" : 0, 8 | "accessTokenLifespan" : 300, 9 | "accessTokenLifespanForImplicitFlow" : 900, 10 | "ssoSessionIdleTimeout" : 1800, 11 | "ssoSessionMaxLifespan" : 36000, 12 | "ssoSessionIdleTimeoutRememberMe" : 0, 13 | "ssoSessionMaxLifespanRememberMe" : 0, 14 | "offlineSessionIdleTimeout" : 2592000, 15 | "offlineSessionMaxLifespanEnabled" : false, 16 | "offlineSessionMaxLifespan" : 5184000, 17 | "clientSessionIdleTimeout" : 0, 18 | "clientSessionMaxLifespan" : 0, 19 | "clientOfflineSessionIdleTimeout" : 0, 20 | "clientOfflineSessionMaxLifespan" : 0, 21 | "accessCodeLifespan" : 60, 22 | "accessCodeLifespanUserAction" : 300, 23 | "accessCodeLifespanLogin" : 1800, 24 | "actionTokenGeneratedByAdminLifespan" : 43200, 25 | "actionTokenGeneratedByUserLifespan" : 300, 26 | "oauth2DeviceCodeLifespan" : 600, 27 | "oauth2DevicePollingInterval" : 5, 28 | "enabled" : true, 29 | "sslRequired" : "external", 30 | "registrationAllowed" : false, 31 | "registrationEmailAsUsername" : false, 32 | "rememberMe" : false, 33 | "verifyEmail" : false, 34 | "loginWithEmailAllowed" : true, 35 | "duplicateEmailsAllowed" : false, 36 | "resetPasswordAllowed" : false, 37 | "editUsernameAllowed" : false, 38 | "bruteForceProtected" : false, 39 | "permanentLockout" : false, 40 | "maxFailureWaitSeconds" : 900, 41 | "minimumQuickLoginWaitSeconds" : 60, 42 | "waitIncrementSeconds" : 60, 43 | "quickLoginCheckMilliSeconds" : 1000, 44 | "maxDeltaTimeSeconds" : 43200, 45 | "failureFactor" : 30, 46 | "roles" : { 47 | "realm" : [ { 48 | "id" : "c87fa265-e70f-40e0-8d9f-1f44916d8a5c", 49 | "name" : "fullstack-developer", 50 | "description" : "fullstack-developer", 51 | "composite" : false, 52 | "clientRole" : false, 53 | "containerId" : "308bba17-5f3a-48e7-afce-5acf7b6b4486", 54 | "attributes" : { } 55 | }, { 56 | "id" : "9fb40a08-eb20-4227-bd5b-7b2b55770d3a", 57 | "name" : "offline_access", 58 | "description" : "${role_offline-access}", 59 | "composite" : false, 60 | "clientRole" : false, 61 | "containerId" : "308bba17-5f3a-48e7-afce-5acf7b6b4486", 62 | "attributes" : { } 63 | }, { 64 | "id" : "319abe3a-54ee-4034-b6a2-1fd180d1b5f1", 65 | "name" : "uma_authorization", 66 | "description" : "${role_uma_authorization}", 67 | "composite" : false, 68 | "clientRole" : false, 69 | "containerId" : "308bba17-5f3a-48e7-afce-5acf7b6b4486", 70 | "attributes" : { } 71 | }, { 72 | "id" : "45ae5383-54f4-4668-894e-ac1d2dc30a1d", 73 | "name" : "default-roles-my-test-realm", 74 | "description" : "${role_default-roles}", 75 | "composite" : true, 76 | "composites" : { 77 | "realm" : [ "offline_access", "uma_authorization" ], 78 | "client" : { 79 | "account" : [ "manage-account", "view-profile" ] 80 | } 81 | }, 82 | "clientRole" : false, 83 | "containerId" : "308bba17-5f3a-48e7-afce-5acf7b6b4486", 84 | "attributes" : { } 85 | } ], 86 | "client" : { 87 | "my-webapp-client" : [ ], 88 | "realm-management" : [ { 89 | "id" : "c8cd2a3f-b2ce-452d-91d7-cab61c4fbda6", 90 | "name" : "manage-clients", 91 | "description" : "${role_manage-clients}", 92 | "composite" : false, 93 | "clientRole" : true, 94 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 95 | "attributes" : { } 96 | }, { 97 | "id" : "f999044c-a9db-4ee5-815a-bd47d9f75cb9", 98 | "name" : "query-realms", 99 | "description" : "${role_query-realms}", 100 | "composite" : false, 101 | "clientRole" : true, 102 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 103 | "attributes" : { } 104 | }, { 105 | "id" : "59702caa-40ee-4790-830b-7d2128f96810", 106 | "name" : "view-events", 107 | "description" : "${role_view-events}", 108 | "composite" : false, 109 | "clientRole" : true, 110 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 111 | "attributes" : { } 112 | }, { 113 | "id" : "62f37b4d-dc5a-458e-83a8-77de26ced347", 114 | "name" : "impersonation", 115 | "description" : "${role_impersonation}", 116 | "composite" : false, 117 | "clientRole" : true, 118 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 119 | "attributes" : { } 120 | }, { 121 | "id" : "61c84530-9900-439b-b75f-857e9189eb9f", 122 | "name" : "view-clients", 123 | "description" : "${role_view-clients}", 124 | "composite" : true, 125 | "composites" : { 126 | "client" : { 127 | "realm-management" : [ "query-clients" ] 128 | } 129 | }, 130 | "clientRole" : true, 131 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 132 | "attributes" : { } 133 | }, { 134 | "id" : "3e88b503-2826-4dad-abac-7ddd99cf8e18", 135 | "name" : "create-client", 136 | "description" : "${role_create-client}", 137 | "composite" : false, 138 | "clientRole" : true, 139 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 140 | "attributes" : { } 141 | }, { 142 | "id" : "54b18494-8a51-4bc9-b539-f7c8d95b9aea", 143 | "name" : "view-authorization", 144 | "description" : "${role_view-authorization}", 145 | "composite" : false, 146 | "clientRole" : true, 147 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 148 | "attributes" : { } 149 | }, { 150 | "id" : "905d7027-f09d-4422-83d1-d6bdca31a74b", 151 | "name" : "manage-authorization", 152 | "description" : "${role_manage-authorization}", 153 | "composite" : false, 154 | "clientRole" : true, 155 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 156 | "attributes" : { } 157 | }, { 158 | "id" : "31484dd7-eaa5-4ed3-a36d-9d59451523ea", 159 | "name" : "manage-events", 160 | "description" : "${role_manage-events}", 161 | "composite" : false, 162 | "clientRole" : true, 163 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 164 | "attributes" : { } 165 | }, { 166 | "id" : "c710afef-f2e6-48bf-b384-a799c9043e1b", 167 | "name" : "view-realm", 168 | "description" : "${role_view-realm}", 169 | "composite" : false, 170 | "clientRole" : true, 171 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 172 | "attributes" : { } 173 | }, { 174 | "id" : "1e047ced-29cb-432f-ae10-16cf57c067fe", 175 | "name" : "query-groups", 176 | "description" : "${role_query-groups}", 177 | "composite" : false, 178 | "clientRole" : true, 179 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 180 | "attributes" : { } 181 | }, { 182 | "id" : "56031e8c-86ff-4afd-8e00-48ea33e0f5ee", 183 | "name" : "view-identity-providers", 184 | "description" : "${role_view-identity-providers}", 185 | "composite" : false, 186 | "clientRole" : true, 187 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 188 | "attributes" : { } 189 | }, { 190 | "id" : "dfcdb0bd-3639-4b49-a97e-b119f17ef92b", 191 | "name" : "manage-identity-providers", 192 | "description" : "${role_manage-identity-providers}", 193 | "composite" : false, 194 | "clientRole" : true, 195 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 196 | "attributes" : { } 197 | }, { 198 | "id" : "d2ca33d9-e9f7-4f19-8ee9-d8e3ac5ce0db", 199 | "name" : "manage-realm", 200 | "description" : "${role_manage-realm}", 201 | "composite" : false, 202 | "clientRole" : true, 203 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 204 | "attributes" : { } 205 | }, { 206 | "id" : "4c2157f3-24c8-48c4-ae98-d57f3d236d34", 207 | "name" : "view-users", 208 | "description" : "${role_view-users}", 209 | "composite" : true, 210 | "composites" : { 211 | "client" : { 212 | "realm-management" : [ "query-users", "query-groups" ] 213 | } 214 | }, 215 | "clientRole" : true, 216 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 217 | "attributes" : { } 218 | }, { 219 | "id" : "4943ca69-23a4-45fa-a5f0-bba15a56cd42", 220 | "name" : "manage-users", 221 | "description" : "${role_manage-users}", 222 | "composite" : false, 223 | "clientRole" : true, 224 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 225 | "attributes" : { } 226 | }, { 227 | "id" : "dcf96be7-d6fe-4479-be16-595fad69b375", 228 | "name" : "realm-admin", 229 | "description" : "${role_realm-admin}", 230 | "composite" : true, 231 | "composites" : { 232 | "client" : { 233 | "realm-management" : [ "manage-clients", "view-events", "query-realms", "view-clients", "impersonation", "create-client", "view-authorization", "view-realm", "manage-events", "manage-authorization", "view-identity-providers", "query-groups", "manage-realm", "manage-identity-providers", "view-users", "manage-users", "query-clients", "query-users" ] 234 | } 235 | }, 236 | "clientRole" : true, 237 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 238 | "attributes" : { } 239 | }, { 240 | "id" : "e99add5c-fc4b-4d1e-9cf2-9f5c1bc91f4e", 241 | "name" : "query-clients", 242 | "description" : "${role_query-clients}", 243 | "composite" : false, 244 | "clientRole" : true, 245 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 246 | "attributes" : { } 247 | }, { 248 | "id" : "9b7ee8e1-0837-49d8-9dda-ff9d19412840", 249 | "name" : "query-users", 250 | "description" : "${role_query-users}", 251 | "composite" : false, 252 | "clientRole" : true, 253 | "containerId" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 254 | "attributes" : { } 255 | } ], 256 | "security-admin-console" : [ ], 257 | "admin-cli" : [ ], 258 | "account-console" : [ ], 259 | "broker" : [ { 260 | "id" : "19470389-5147-44f6-a757-210e8f726a08", 261 | "name" : "read-token", 262 | "description" : "${role_read-token}", 263 | "composite" : false, 264 | "clientRole" : true, 265 | "containerId" : "9cb5718f-d8c1-4bba-b518-b101f3b56e64", 266 | "attributes" : { } 267 | } ], 268 | "account" : [ { 269 | "id" : "1be592a1-bb9f-407e-b0d5-44e7a659d520", 270 | "name" : "manage-account", 271 | "description" : "${role_manage-account}", 272 | "composite" : true, 273 | "composites" : { 274 | "client" : { 275 | "account" : [ "manage-account-links" ] 276 | } 277 | }, 278 | "clientRole" : true, 279 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6", 280 | "attributes" : { } 281 | }, { 282 | "id" : "31d10a79-0ce3-445a-84de-bff4a675fe70", 283 | "name" : "view-groups", 284 | "description" : "${role_view-groups}", 285 | "composite" : false, 286 | "clientRole" : true, 287 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6", 288 | "attributes" : { } 289 | }, { 290 | "id" : "2319f4da-5e32-414c-8dde-4e1ffe1da881", 291 | "name" : "view-consent", 292 | "description" : "${role_view-consent}", 293 | "composite" : false, 294 | "clientRole" : true, 295 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6", 296 | "attributes" : { } 297 | }, { 298 | "id" : "a8385270-5768-4634-9198-29bec4610dec", 299 | "name" : "manage-account-links", 300 | "description" : "${role_manage-account-links}", 301 | "composite" : false, 302 | "clientRole" : true, 303 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6", 304 | "attributes" : { } 305 | }, { 306 | "id" : "fb0400ea-4307-46df-9de3-48234e510cda", 307 | "name" : "view-applications", 308 | "description" : "${role_view-applications}", 309 | "composite" : false, 310 | "clientRole" : true, 311 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6", 312 | "attributes" : { } 313 | }, { 314 | "id" : "c2f7524a-5b3b-444e-a304-85d3216bef1c", 315 | "name" : "delete-account", 316 | "description" : "${role_delete-account}", 317 | "composite" : false, 318 | "clientRole" : true, 319 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6", 320 | "attributes" : { } 321 | }, { 322 | "id" : "1ac85c6a-5150-406e-820d-0e885cd4ca7a", 323 | "name" : "view-profile", 324 | "description" : "${role_view-profile}", 325 | "composite" : false, 326 | "clientRole" : true, 327 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6", 328 | "attributes" : { } 329 | }, { 330 | "id" : "5d0dcb37-a287-4f62-814e-ba55ba487a0d", 331 | "name" : "manage-consent", 332 | "description" : "${role_manage-consent}", 333 | "composite" : true, 334 | "composites" : { 335 | "client" : { 336 | "account" : [ "view-consent" ] 337 | } 338 | }, 339 | "clientRole" : true, 340 | "containerId" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6", 341 | "attributes" : { } 342 | } ] 343 | } 344 | }, 345 | "groups" : [ ], 346 | "defaultRole" : { 347 | "id" : "45ae5383-54f4-4668-894e-ac1d2dc30a1d", 348 | "name" : "default-roles-my-test-realm", 349 | "description" : "${role_default-roles}", 350 | "composite" : true, 351 | "clientRole" : false, 352 | "containerId" : "308bba17-5f3a-48e7-afce-5acf7b6b4486" 353 | }, 354 | "requiredCredentials" : [ "password" ], 355 | "otpPolicyType" : "totp", 356 | "otpPolicyAlgorithm" : "HmacSHA1", 357 | "otpPolicyInitialCounter" : 0, 358 | "otpPolicyDigits" : 6, 359 | "otpPolicyLookAheadWindow" : 1, 360 | "otpPolicyPeriod" : 30, 361 | "otpPolicyCodeReusable" : false, 362 | "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], 363 | "webAuthnPolicyRpEntityName" : "keycloak", 364 | "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], 365 | "webAuthnPolicyRpId" : "", 366 | "webAuthnPolicyAttestationConveyancePreference" : "not specified", 367 | "webAuthnPolicyAuthenticatorAttachment" : "not specified", 368 | "webAuthnPolicyRequireResidentKey" : "not specified", 369 | "webAuthnPolicyUserVerificationRequirement" : "not specified", 370 | "webAuthnPolicyCreateTimeout" : 0, 371 | "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, 372 | "webAuthnPolicyAcceptableAaguids" : [ ], 373 | "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", 374 | "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], 375 | "webAuthnPolicyPasswordlessRpId" : "", 376 | "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", 377 | "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", 378 | "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", 379 | "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", 380 | "webAuthnPolicyPasswordlessCreateTimeout" : 0, 381 | "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, 382 | "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], 383 | "users" : [ { 384 | "id" : "a4c6b48b-ed16-4091-8296-6a0a3762860a", 385 | "createdTimestamp" : 1700295868004, 386 | "username" : "testuser-1", 387 | "enabled" : true, 388 | "totp" : false, 389 | "emailVerified" : true, 390 | "firstName" : "test-firstname-1", 391 | "lastName" : "test-lastname-2", 392 | "email" : "test@test.com", 393 | "credentials" : [ { 394 | "id" : "cb93f699-cbfa-4ab9-a735-ad121c5d3fd6", 395 | "type" : "password", 396 | "createdDate" : 1700297549874, 397 | "secretData" : "{\"value\":\"uLXVYzxFfRkkeNjVhzsejr6xIWNlKlag+X9LtKXS28I=\",\"salt\":\"AJatupdb+N7gAkVpIskt7A==\",\"additionalParameters\":{}}", 398 | "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" 399 | } ], 400 | "disableableCredentialTypes" : [ ], 401 | "requiredActions" : [ ], 402 | "realmRoles" : [ "fullstack-developer", "default-roles-my-test-realm" ], 403 | "notBefore" : 0, 404 | "groups" : [ ] 405 | } ], 406 | "scopeMappings" : [ { 407 | "clientScope" : "offline_access", 408 | "roles" : [ "offline_access" ] 409 | } ], 410 | "clientScopeMappings" : { 411 | "account" : [ { 412 | "client" : "account-console", 413 | "roles" : [ "manage-account", "view-groups" ] 414 | } ] 415 | }, 416 | "clients" : [ { 417 | "id" : "6b9f51b0-72f6-4d1c-8ee3-453c48a136a6", 418 | "clientId" : "account", 419 | "name" : "${client_account}", 420 | "rootUrl" : "${authBaseUrl}", 421 | "baseUrl" : "/realms/my-test-realm/account/", 422 | "surrogateAuthRequired" : false, 423 | "enabled" : true, 424 | "alwaysDisplayInConsole" : false, 425 | "clientAuthenticatorType" : "client-secret", 426 | "redirectUris" : [ "/realms/my-test-realm/account/*" ], 427 | "webOrigins" : [ ], 428 | "notBefore" : 0, 429 | "bearerOnly" : false, 430 | "consentRequired" : false, 431 | "standardFlowEnabled" : true, 432 | "implicitFlowEnabled" : false, 433 | "directAccessGrantsEnabled" : false, 434 | "serviceAccountsEnabled" : false, 435 | "publicClient" : true, 436 | "frontchannelLogout" : false, 437 | "protocol" : "openid-connect", 438 | "attributes" : { 439 | "post.logout.redirect.uris" : "+" 440 | }, 441 | "authenticationFlowBindingOverrides" : { }, 442 | "fullScopeAllowed" : false, 443 | "nodeReRegistrationTimeout" : 0, 444 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], 445 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] 446 | }, { 447 | "id" : "5f6f1f37-4930-4372-8246-0bb3a4d115f2", 448 | "clientId" : "account-console", 449 | "name" : "${client_account-console}", 450 | "rootUrl" : "${authBaseUrl}", 451 | "baseUrl" : "/realms/my-test-realm/account/", 452 | "surrogateAuthRequired" : false, 453 | "enabled" : true, 454 | "alwaysDisplayInConsole" : false, 455 | "clientAuthenticatorType" : "client-secret", 456 | "redirectUris" : [ "/realms/my-test-realm/account/*" ], 457 | "webOrigins" : [ ], 458 | "notBefore" : 0, 459 | "bearerOnly" : false, 460 | "consentRequired" : false, 461 | "standardFlowEnabled" : true, 462 | "implicitFlowEnabled" : false, 463 | "directAccessGrantsEnabled" : false, 464 | "serviceAccountsEnabled" : false, 465 | "publicClient" : true, 466 | "frontchannelLogout" : false, 467 | "protocol" : "openid-connect", 468 | "attributes" : { 469 | "post.logout.redirect.uris" : "+", 470 | "pkce.code.challenge.method" : "S256" 471 | }, 472 | "authenticationFlowBindingOverrides" : { }, 473 | "fullScopeAllowed" : false, 474 | "nodeReRegistrationTimeout" : 0, 475 | "protocolMappers" : [ { 476 | "id" : "1f6b635b-3b46-4f04-8f3c-bcecacc8b007", 477 | "name" : "audience resolve", 478 | "protocol" : "openid-connect", 479 | "protocolMapper" : "oidc-audience-resolve-mapper", 480 | "consentRequired" : false, 481 | "config" : { } 482 | } ], 483 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], 484 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] 485 | }, { 486 | "id" : "7fc021d2-63b8-45e8-ab29-dcc1151c4286", 487 | "clientId" : "admin-cli", 488 | "name" : "${client_admin-cli}", 489 | "surrogateAuthRequired" : false, 490 | "enabled" : true, 491 | "alwaysDisplayInConsole" : false, 492 | "clientAuthenticatorType" : "client-secret", 493 | "redirectUris" : [ ], 494 | "webOrigins" : [ ], 495 | "notBefore" : 0, 496 | "bearerOnly" : false, 497 | "consentRequired" : false, 498 | "standardFlowEnabled" : false, 499 | "implicitFlowEnabled" : false, 500 | "directAccessGrantsEnabled" : true, 501 | "serviceAccountsEnabled" : false, 502 | "publicClient" : true, 503 | "frontchannelLogout" : false, 504 | "protocol" : "openid-connect", 505 | "attributes" : { }, 506 | "authenticationFlowBindingOverrides" : { }, 507 | "fullScopeAllowed" : false, 508 | "nodeReRegistrationTimeout" : 0, 509 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], 510 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] 511 | }, { 512 | "id" : "9cb5718f-d8c1-4bba-b518-b101f3b56e64", 513 | "clientId" : "broker", 514 | "name" : "${client_broker}", 515 | "surrogateAuthRequired" : false, 516 | "enabled" : true, 517 | "alwaysDisplayInConsole" : false, 518 | "clientAuthenticatorType" : "client-secret", 519 | "redirectUris" : [ ], 520 | "webOrigins" : [ ], 521 | "notBefore" : 0, 522 | "bearerOnly" : true, 523 | "consentRequired" : false, 524 | "standardFlowEnabled" : true, 525 | "implicitFlowEnabled" : false, 526 | "directAccessGrantsEnabled" : false, 527 | "serviceAccountsEnabled" : false, 528 | "publicClient" : false, 529 | "frontchannelLogout" : false, 530 | "protocol" : "openid-connect", 531 | "attributes" : { }, 532 | "authenticationFlowBindingOverrides" : { }, 533 | "fullScopeAllowed" : false, 534 | "nodeReRegistrationTimeout" : 0, 535 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], 536 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] 537 | }, { 538 | "id" : "af09449e-7dda-4b63-8c83-cc06130673e2", 539 | "clientId" : "my-webapp-client", 540 | "name" : "my-webapp-client", 541 | "description" : "", 542 | "rootUrl" : "http://localhost:4200", 543 | "adminUrl" : "http://localhost:4200", 544 | "baseUrl" : "http://localhost:4200", 545 | "surrogateAuthRequired" : false, 546 | "enabled" : true, 547 | "alwaysDisplayInConsole" : false, 548 | "clientAuthenticatorType" : "client-secret", 549 | "redirectUris" : [ "http://localhost:4200*" ], 550 | "webOrigins" : [ "http://localhost:4200" ], 551 | "notBefore" : 0, 552 | "bearerOnly" : false, 553 | "consentRequired" : false, 554 | "standardFlowEnabled" : true, 555 | "implicitFlowEnabled" : false, 556 | "directAccessGrantsEnabled" : true, 557 | "serviceAccountsEnabled" : false, 558 | "publicClient" : true, 559 | "frontchannelLogout" : true, 560 | "protocol" : "openid-connect", 561 | "attributes" : { 562 | "oidc.ciba.grant.enabled" : "false", 563 | "post.logout.redirect.uris" : "http://localhost:4200*", 564 | "oauth2.device.authorization.grant.enabled" : "false", 565 | "backchannel.logout.session.required" : "true", 566 | "backchannel.logout.revoke.offline.tokens" : "false" 567 | }, 568 | "authenticationFlowBindingOverrides" : { }, 569 | "fullScopeAllowed" : true, 570 | "nodeReRegistrationTimeout" : -1, 571 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], 572 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] 573 | }, { 574 | "id" : "175f98de-1e6f-4601-a99e-cf2fc8d8c814", 575 | "clientId" : "realm-management", 576 | "name" : "${client_realm-management}", 577 | "surrogateAuthRequired" : false, 578 | "enabled" : true, 579 | "alwaysDisplayInConsole" : false, 580 | "clientAuthenticatorType" : "client-secret", 581 | "redirectUris" : [ ], 582 | "webOrigins" : [ ], 583 | "notBefore" : 0, 584 | "bearerOnly" : true, 585 | "consentRequired" : false, 586 | "standardFlowEnabled" : true, 587 | "implicitFlowEnabled" : false, 588 | "directAccessGrantsEnabled" : false, 589 | "serviceAccountsEnabled" : false, 590 | "publicClient" : false, 591 | "frontchannelLogout" : false, 592 | "protocol" : "openid-connect", 593 | "attributes" : { }, 594 | "authenticationFlowBindingOverrides" : { }, 595 | "fullScopeAllowed" : false, 596 | "nodeReRegistrationTimeout" : 0, 597 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], 598 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] 599 | }, { 600 | "id" : "3451144c-6872-4edf-a513-8f0a186a24c8", 601 | "clientId" : "security-admin-console", 602 | "name" : "${client_security-admin-console}", 603 | "rootUrl" : "${authAdminUrl}", 604 | "baseUrl" : "/admin/my-test-realm/console/", 605 | "surrogateAuthRequired" : false, 606 | "enabled" : true, 607 | "alwaysDisplayInConsole" : false, 608 | "clientAuthenticatorType" : "client-secret", 609 | "redirectUris" : [ "/admin/my-test-realm/console/*" ], 610 | "webOrigins" : [ "+" ], 611 | "notBefore" : 0, 612 | "bearerOnly" : false, 613 | "consentRequired" : false, 614 | "standardFlowEnabled" : true, 615 | "implicitFlowEnabled" : false, 616 | "directAccessGrantsEnabled" : false, 617 | "serviceAccountsEnabled" : false, 618 | "publicClient" : true, 619 | "frontchannelLogout" : false, 620 | "protocol" : "openid-connect", 621 | "attributes" : { 622 | "post.logout.redirect.uris" : "+", 623 | "pkce.code.challenge.method" : "S256" 624 | }, 625 | "authenticationFlowBindingOverrides" : { }, 626 | "fullScopeAllowed" : false, 627 | "nodeReRegistrationTimeout" : 0, 628 | "protocolMappers" : [ { 629 | "id" : "fad0e084-8f30-4bdd-bf11-4279b81e4e0e", 630 | "name" : "locale", 631 | "protocol" : "openid-connect", 632 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 633 | "consentRequired" : false, 634 | "config" : { 635 | "userinfo.token.claim" : "true", 636 | "user.attribute" : "locale", 637 | "id.token.claim" : "true", 638 | "access.token.claim" : "true", 639 | "claim.name" : "locale", 640 | "jsonType.label" : "String" 641 | } 642 | } ], 643 | "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], 644 | "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] 645 | } ], 646 | "clientScopes" : [ { 647 | "id" : "1ecd253e-1447-4109-97b2-18e25a362aeb", 648 | "name" : "acr", 649 | "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", 650 | "protocol" : "openid-connect", 651 | "attributes" : { 652 | "include.in.token.scope" : "false", 653 | "display.on.consent.screen" : "false" 654 | }, 655 | "protocolMappers" : [ { 656 | "id" : "5be3f5b9-2473-4a49-9e3b-afea71ceb26e", 657 | "name" : "acr loa level", 658 | "protocol" : "openid-connect", 659 | "protocolMapper" : "oidc-acr-mapper", 660 | "consentRequired" : false, 661 | "config" : { 662 | "id.token.claim" : "true", 663 | "access.token.claim" : "true" 664 | } 665 | } ] 666 | }, { 667 | "id" : "2dbd827b-ac26-4d34-9e96-a26cd485bec0", 668 | "name" : "address", 669 | "description" : "OpenID Connect built-in scope: address", 670 | "protocol" : "openid-connect", 671 | "attributes" : { 672 | "include.in.token.scope" : "true", 673 | "display.on.consent.screen" : "true", 674 | "consent.screen.text" : "${addressScopeConsentText}" 675 | }, 676 | "protocolMappers" : [ { 677 | "id" : "00a79313-a471-4010-abac-ae672a79af8c", 678 | "name" : "address", 679 | "protocol" : "openid-connect", 680 | "protocolMapper" : "oidc-address-mapper", 681 | "consentRequired" : false, 682 | "config" : { 683 | "user.attribute.formatted" : "formatted", 684 | "user.attribute.country" : "country", 685 | "user.attribute.postal_code" : "postal_code", 686 | "userinfo.token.claim" : "true", 687 | "user.attribute.street" : "street", 688 | "id.token.claim" : "true", 689 | "user.attribute.region" : "region", 690 | "access.token.claim" : "true", 691 | "user.attribute.locality" : "locality" 692 | } 693 | } ] 694 | }, { 695 | "id" : "753fd81b-da65-4ee0-b595-346a658da9fd", 696 | "name" : "web-origins", 697 | "description" : "OpenID Connect scope for add allowed web origins to the access token", 698 | "protocol" : "openid-connect", 699 | "attributes" : { 700 | "include.in.token.scope" : "false", 701 | "display.on.consent.screen" : "false", 702 | "consent.screen.text" : "" 703 | }, 704 | "protocolMappers" : [ { 705 | "id" : "230daa7c-5b49-4d83-bec8-06c2a5a8cae3", 706 | "name" : "allowed web origins", 707 | "protocol" : "openid-connect", 708 | "protocolMapper" : "oidc-allowed-origins-mapper", 709 | "consentRequired" : false, 710 | "config" : { } 711 | } ] 712 | }, { 713 | "id" : "fb5f6e03-5e66-44f3-8cbd-dafb27c61b92", 714 | "name" : "offline_access", 715 | "description" : "OpenID Connect built-in scope: offline_access", 716 | "protocol" : "openid-connect", 717 | "attributes" : { 718 | "consent.screen.text" : "${offlineAccessScopeConsentText}", 719 | "display.on.consent.screen" : "true" 720 | } 721 | }, { 722 | "id" : "95e1179d-a1a2-498a-ad9d-81f3ab3eb7f9", 723 | "name" : "role_list", 724 | "description" : "SAML role list", 725 | "protocol" : "saml", 726 | "attributes" : { 727 | "consent.screen.text" : "${samlRoleListScopeConsentText}", 728 | "display.on.consent.screen" : "true" 729 | }, 730 | "protocolMappers" : [ { 731 | "id" : "a0ff412e-12fb-4117-8fcf-a83381e3e041", 732 | "name" : "role list", 733 | "protocol" : "saml", 734 | "protocolMapper" : "saml-role-list-mapper", 735 | "consentRequired" : false, 736 | "config" : { 737 | "single" : "false", 738 | "attribute.nameformat" : "Basic", 739 | "attribute.name" : "Role" 740 | } 741 | } ] 742 | }, { 743 | "id" : "aa26a01e-038a-4128-9179-5d7903332dfe", 744 | "name" : "profile", 745 | "description" : "OpenID Connect built-in scope: profile", 746 | "protocol" : "openid-connect", 747 | "attributes" : { 748 | "include.in.token.scope" : "true", 749 | "display.on.consent.screen" : "true", 750 | "consent.screen.text" : "${profileScopeConsentText}" 751 | }, 752 | "protocolMappers" : [ { 753 | "id" : "719a467a-4639-42c4-822b-7e1646a551aa", 754 | "name" : "website", 755 | "protocol" : "openid-connect", 756 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 757 | "consentRequired" : false, 758 | "config" : { 759 | "userinfo.token.claim" : "true", 760 | "user.attribute" : "website", 761 | "id.token.claim" : "true", 762 | "access.token.claim" : "true", 763 | "claim.name" : "website", 764 | "jsonType.label" : "String" 765 | } 766 | }, { 767 | "id" : "d7eeb9fe-7812-4e4c-b608-8453c123eff4", 768 | "name" : "zoneinfo", 769 | "protocol" : "openid-connect", 770 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 771 | "consentRequired" : false, 772 | "config" : { 773 | "userinfo.token.claim" : "true", 774 | "user.attribute" : "zoneinfo", 775 | "id.token.claim" : "true", 776 | "access.token.claim" : "true", 777 | "claim.name" : "zoneinfo", 778 | "jsonType.label" : "String" 779 | } 780 | }, { 781 | "id" : "c60850f5-7204-4ec5-952e-5147f11ae7cb", 782 | "name" : "locale", 783 | "protocol" : "openid-connect", 784 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 785 | "consentRequired" : false, 786 | "config" : { 787 | "userinfo.token.claim" : "true", 788 | "user.attribute" : "locale", 789 | "id.token.claim" : "true", 790 | "access.token.claim" : "true", 791 | "claim.name" : "locale", 792 | "jsonType.label" : "String" 793 | } 794 | }, { 795 | "id" : "c0a450eb-1e8c-474b-a675-b256456bcbeb", 796 | "name" : "full name", 797 | "protocol" : "openid-connect", 798 | "protocolMapper" : "oidc-full-name-mapper", 799 | "consentRequired" : false, 800 | "config" : { 801 | "id.token.claim" : "true", 802 | "access.token.claim" : "true", 803 | "userinfo.token.claim" : "true" 804 | } 805 | }, { 806 | "id" : "01b1a603-7708-41cb-a8ab-29397778af62", 807 | "name" : "username", 808 | "protocol" : "openid-connect", 809 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 810 | "consentRequired" : false, 811 | "config" : { 812 | "userinfo.token.claim" : "true", 813 | "user.attribute" : "username", 814 | "id.token.claim" : "true", 815 | "access.token.claim" : "true", 816 | "claim.name" : "preferred_username", 817 | "jsonType.label" : "String" 818 | } 819 | }, { 820 | "id" : "d97affa2-9c3d-4f85-8dbc-f3c1d154e297", 821 | "name" : "given name", 822 | "protocol" : "openid-connect", 823 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 824 | "consentRequired" : false, 825 | "config" : { 826 | "userinfo.token.claim" : "true", 827 | "user.attribute" : "firstName", 828 | "id.token.claim" : "true", 829 | "access.token.claim" : "true", 830 | "claim.name" : "given_name", 831 | "jsonType.label" : "String" 832 | } 833 | }, { 834 | "id" : "2800ce51-0d74-49bb-bab1-ff0a1223d8fd", 835 | "name" : "profile", 836 | "protocol" : "openid-connect", 837 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 838 | "consentRequired" : false, 839 | "config" : { 840 | "userinfo.token.claim" : "true", 841 | "user.attribute" : "profile", 842 | "id.token.claim" : "true", 843 | "access.token.claim" : "true", 844 | "claim.name" : "profile", 845 | "jsonType.label" : "String" 846 | } 847 | }, { 848 | "id" : "0f9d696c-c67f-4663-8f75-2b8f62959685", 849 | "name" : "picture", 850 | "protocol" : "openid-connect", 851 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 852 | "consentRequired" : false, 853 | "config" : { 854 | "userinfo.token.claim" : "true", 855 | "user.attribute" : "picture", 856 | "id.token.claim" : "true", 857 | "access.token.claim" : "true", 858 | "claim.name" : "picture", 859 | "jsonType.label" : "String" 860 | } 861 | }, { 862 | "id" : "d145bf82-dce8-4ce7-bbbf-0349558dac1d", 863 | "name" : "birthdate", 864 | "protocol" : "openid-connect", 865 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 866 | "consentRequired" : false, 867 | "config" : { 868 | "userinfo.token.claim" : "true", 869 | "user.attribute" : "birthdate", 870 | "id.token.claim" : "true", 871 | "access.token.claim" : "true", 872 | "claim.name" : "birthdate", 873 | "jsonType.label" : "String" 874 | } 875 | }, { 876 | "id" : "86a0dfa0-13bc-4dc0-83da-b8678f51fa90", 877 | "name" : "family name", 878 | "protocol" : "openid-connect", 879 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 880 | "consentRequired" : false, 881 | "config" : { 882 | "userinfo.token.claim" : "true", 883 | "user.attribute" : "lastName", 884 | "id.token.claim" : "true", 885 | "access.token.claim" : "true", 886 | "claim.name" : "family_name", 887 | "jsonType.label" : "String" 888 | } 889 | }, { 890 | "id" : "3c86cc81-ecea-4ff5-b064-8239454e7f12", 891 | "name" : "middle name", 892 | "protocol" : "openid-connect", 893 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 894 | "consentRequired" : false, 895 | "config" : { 896 | "userinfo.token.claim" : "true", 897 | "user.attribute" : "middleName", 898 | "id.token.claim" : "true", 899 | "access.token.claim" : "true", 900 | "claim.name" : "middle_name", 901 | "jsonType.label" : "String" 902 | } 903 | }, { 904 | "id" : "af6ef5c1-71ba-49df-8d1c-3991e5de62b2", 905 | "name" : "nickname", 906 | "protocol" : "openid-connect", 907 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 908 | "consentRequired" : false, 909 | "config" : { 910 | "userinfo.token.claim" : "true", 911 | "user.attribute" : "nickname", 912 | "id.token.claim" : "true", 913 | "access.token.claim" : "true", 914 | "claim.name" : "nickname", 915 | "jsonType.label" : "String" 916 | } 917 | }, { 918 | "id" : "3fb32330-9da0-416d-9c91-fdd671a0ff4e", 919 | "name" : "gender", 920 | "protocol" : "openid-connect", 921 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 922 | "consentRequired" : false, 923 | "config" : { 924 | "userinfo.token.claim" : "true", 925 | "user.attribute" : "gender", 926 | "id.token.claim" : "true", 927 | "access.token.claim" : "true", 928 | "claim.name" : "gender", 929 | "jsonType.label" : "String" 930 | } 931 | }, { 932 | "id" : "cddae699-fb86-4a01-b6a2-71dd98815220", 933 | "name" : "updated at", 934 | "protocol" : "openid-connect", 935 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 936 | "consentRequired" : false, 937 | "config" : { 938 | "userinfo.token.claim" : "true", 939 | "user.attribute" : "updatedAt", 940 | "id.token.claim" : "true", 941 | "access.token.claim" : "true", 942 | "claim.name" : "updated_at", 943 | "jsonType.label" : "long" 944 | } 945 | } ] 946 | }, { 947 | "id" : "8699da7e-5a23-46ac-9f20-32fac7b88db5", 948 | "name" : "phone", 949 | "description" : "OpenID Connect built-in scope: phone", 950 | "protocol" : "openid-connect", 951 | "attributes" : { 952 | "include.in.token.scope" : "true", 953 | "display.on.consent.screen" : "true", 954 | "consent.screen.text" : "${phoneScopeConsentText}" 955 | }, 956 | "protocolMappers" : [ { 957 | "id" : "98cc6d66-ef0c-41e7-95f9-32cf7cc5e3cf", 958 | "name" : "phone number verified", 959 | "protocol" : "openid-connect", 960 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 961 | "consentRequired" : false, 962 | "config" : { 963 | "userinfo.token.claim" : "true", 964 | "user.attribute" : "phoneNumberVerified", 965 | "id.token.claim" : "true", 966 | "access.token.claim" : "true", 967 | "claim.name" : "phone_number_verified", 968 | "jsonType.label" : "boolean" 969 | } 970 | }, { 971 | "id" : "316a17f6-0551-4e36-82a2-a615b2142325", 972 | "name" : "phone number", 973 | "protocol" : "openid-connect", 974 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 975 | "consentRequired" : false, 976 | "config" : { 977 | "userinfo.token.claim" : "true", 978 | "user.attribute" : "phoneNumber", 979 | "id.token.claim" : "true", 980 | "access.token.claim" : "true", 981 | "claim.name" : "phone_number", 982 | "jsonType.label" : "String" 983 | } 984 | } ] 985 | }, { 986 | "id" : "35284ae5-deb2-41f7-bcb5-26a765661525", 987 | "name" : "microprofile-jwt", 988 | "description" : "Microprofile - JWT built-in scope", 989 | "protocol" : "openid-connect", 990 | "attributes" : { 991 | "include.in.token.scope" : "true", 992 | "display.on.consent.screen" : "false" 993 | }, 994 | "protocolMappers" : [ { 995 | "id" : "9913ae53-c3cd-4bb9-8cfb-01157cd998a8", 996 | "name" : "upn", 997 | "protocol" : "openid-connect", 998 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 999 | "consentRequired" : false, 1000 | "config" : { 1001 | "userinfo.token.claim" : "true", 1002 | "user.attribute" : "username", 1003 | "id.token.claim" : "true", 1004 | "access.token.claim" : "true", 1005 | "claim.name" : "upn", 1006 | "jsonType.label" : "String" 1007 | } 1008 | }, { 1009 | "id" : "7a1b8512-86d1-4ab2-a9ce-bf1e7c35cac3", 1010 | "name" : "groups", 1011 | "protocol" : "openid-connect", 1012 | "protocolMapper" : "oidc-usermodel-realm-role-mapper", 1013 | "consentRequired" : false, 1014 | "config" : { 1015 | "multivalued" : "true", 1016 | "user.attribute" : "foo", 1017 | "id.token.claim" : "true", 1018 | "access.token.claim" : "true", 1019 | "claim.name" : "groups", 1020 | "jsonType.label" : "String" 1021 | } 1022 | } ] 1023 | }, { 1024 | "id" : "2336c715-1a7f-4bb2-a896-d930062f6210", 1025 | "name" : "roles", 1026 | "description" : "OpenID Connect scope for add user roles to the access token", 1027 | "protocol" : "openid-connect", 1028 | "attributes" : { 1029 | "include.in.token.scope" : "false", 1030 | "display.on.consent.screen" : "true", 1031 | "consent.screen.text" : "${rolesScopeConsentText}" 1032 | }, 1033 | "protocolMappers" : [ { 1034 | "id" : "8c3d8592-abe0-4a9e-a04c-3c126352175d", 1035 | "name" : "client roles", 1036 | "protocol" : "openid-connect", 1037 | "protocolMapper" : "oidc-usermodel-client-role-mapper", 1038 | "consentRequired" : false, 1039 | "config" : { 1040 | "user.attribute" : "foo", 1041 | "access.token.claim" : "true", 1042 | "claim.name" : "resource_access.${client_id}.roles", 1043 | "jsonType.label" : "String", 1044 | "multivalued" : "true" 1045 | } 1046 | }, { 1047 | "id" : "5800ec07-1509-4aa6-8b75-71f4b475fc16", 1048 | "name" : "realm roles", 1049 | "protocol" : "openid-connect", 1050 | "protocolMapper" : "oidc-usermodel-realm-role-mapper", 1051 | "consentRequired" : false, 1052 | "config" : { 1053 | "user.attribute" : "foo", 1054 | "access.token.claim" : "true", 1055 | "claim.name" : "realm_access.roles", 1056 | "jsonType.label" : "String", 1057 | "multivalued" : "true" 1058 | } 1059 | }, { 1060 | "id" : "35e5c4a1-f8b3-4073-b280-b72a0b4233ea", 1061 | "name" : "audience resolve", 1062 | "protocol" : "openid-connect", 1063 | "protocolMapper" : "oidc-audience-resolve-mapper", 1064 | "consentRequired" : false, 1065 | "config" : { } 1066 | } ] 1067 | }, { 1068 | "id" : "3ea9977d-c60a-4ccd-a716-9550a1b17ee7", 1069 | "name" : "email", 1070 | "description" : "OpenID Connect built-in scope: email", 1071 | "protocol" : "openid-connect", 1072 | "attributes" : { 1073 | "include.in.token.scope" : "true", 1074 | "display.on.consent.screen" : "true", 1075 | "consent.screen.text" : "${emailScopeConsentText}" 1076 | }, 1077 | "protocolMappers" : [ { 1078 | "id" : "ab2e137b-bbe4-4d7d-abcc-76c77bcd6410", 1079 | "name" : "email", 1080 | "protocol" : "openid-connect", 1081 | "protocolMapper" : "oidc-usermodel-attribute-mapper", 1082 | "consentRequired" : false, 1083 | "config" : { 1084 | "userinfo.token.claim" : "true", 1085 | "user.attribute" : "email", 1086 | "id.token.claim" : "true", 1087 | "access.token.claim" : "true", 1088 | "claim.name" : "email", 1089 | "jsonType.label" : "String" 1090 | } 1091 | }, { 1092 | "id" : "bd911738-7962-4c09-9718-3a59e2f19b6b", 1093 | "name" : "email verified", 1094 | "protocol" : "openid-connect", 1095 | "protocolMapper" : "oidc-usermodel-property-mapper", 1096 | "consentRequired" : false, 1097 | "config" : { 1098 | "userinfo.token.claim" : "true", 1099 | "user.attribute" : "emailVerified", 1100 | "id.token.claim" : "true", 1101 | "access.token.claim" : "true", 1102 | "claim.name" : "email_verified", 1103 | "jsonType.label" : "boolean" 1104 | } 1105 | } ] 1106 | } ], 1107 | "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], 1108 | "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], 1109 | "browserSecurityHeaders" : { 1110 | "contentSecurityPolicyReportOnly" : "", 1111 | "xContentTypeOptions" : "nosniff", 1112 | "referrerPolicy" : "no-referrer", 1113 | "xRobotsTag" : "none", 1114 | "xFrameOptions" : "SAMEORIGIN", 1115 | "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", 1116 | "xXSSProtection" : "1; mode=block", 1117 | "strictTransportSecurity" : "max-age=31536000; includeSubDomains" 1118 | }, 1119 | "smtpServer" : { }, 1120 | "eventsEnabled" : false, 1121 | "eventsListeners" : [ "jboss-logging" ], 1122 | "enabledEventTypes" : [ ], 1123 | "adminEventsEnabled" : false, 1124 | "adminEventsDetailsEnabled" : false, 1125 | "identityProviders" : [ ], 1126 | "identityProviderMappers" : [ ], 1127 | "components" : { 1128 | "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { 1129 | "id" : "12d8406f-481b-47eb-999f-f6f48d4a20d1", 1130 | "name" : "Full Scope Disabled", 1131 | "providerId" : "scope", 1132 | "subType" : "anonymous", 1133 | "subComponents" : { }, 1134 | "config" : { } 1135 | }, { 1136 | "id" : "3b1a5eb8-dffd-47d5-ae31-37a30ae1affa", 1137 | "name" : "Consent Required", 1138 | "providerId" : "consent-required", 1139 | "subType" : "anonymous", 1140 | "subComponents" : { }, 1141 | "config" : { } 1142 | }, { 1143 | "id" : "32ad9ae0-ccdd-4cd3-ac0b-0f41ef0b2cc1", 1144 | "name" : "Allowed Client Scopes", 1145 | "providerId" : "allowed-client-templates", 1146 | "subType" : "anonymous", 1147 | "subComponents" : { }, 1148 | "config" : { 1149 | "allow-default-scopes" : [ "true" ] 1150 | } 1151 | }, { 1152 | "id" : "90fb899b-8e49-4f5c-b703-4c2356c9d720", 1153 | "name" : "Max Clients Limit", 1154 | "providerId" : "max-clients", 1155 | "subType" : "anonymous", 1156 | "subComponents" : { }, 1157 | "config" : { 1158 | "max-clients" : [ "200" ] 1159 | } 1160 | }, { 1161 | "id" : "d02de79a-5987-49af-922c-178b18cfb23d", 1162 | "name" : "Allowed Protocol Mapper Types", 1163 | "providerId" : "allowed-protocol-mappers", 1164 | "subType" : "anonymous", 1165 | "subComponents" : { }, 1166 | "config" : { 1167 | "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] 1168 | } 1169 | }, { 1170 | "id" : "bed722ec-8307-46dd-97b5-9428d9e63c08", 1171 | "name" : "Trusted Hosts", 1172 | "providerId" : "trusted-hosts", 1173 | "subType" : "anonymous", 1174 | "subComponents" : { }, 1175 | "config" : { 1176 | "host-sending-registration-request-must-match" : [ "true" ], 1177 | "client-uris-must-match" : [ "true" ] 1178 | } 1179 | }, { 1180 | "id" : "eafd55e3-95eb-4e3f-88e0-e5d80873e546", 1181 | "name" : "Allowed Client Scopes", 1182 | "providerId" : "allowed-client-templates", 1183 | "subType" : "authenticated", 1184 | "subComponents" : { }, 1185 | "config" : { 1186 | "allow-default-scopes" : [ "true" ] 1187 | } 1188 | }, { 1189 | "id" : "f81144bf-6a02-4186-a0b4-baed0748f134", 1190 | "name" : "Allowed Protocol Mapper Types", 1191 | "providerId" : "allowed-protocol-mappers", 1192 | "subType" : "authenticated", 1193 | "subComponents" : { }, 1194 | "config" : { 1195 | "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-address-mapper" ] 1196 | } 1197 | } ], 1198 | "org.keycloak.keys.KeyProvider" : [ { 1199 | "id" : "2244f9b6-b49b-418c-9a56-8d93ebe94219", 1200 | "name" : "rsa-generated", 1201 | "providerId" : "rsa-generated", 1202 | "subComponents" : { }, 1203 | "config" : { 1204 | "privateKey" : [ "MIIEpAIBAAKCAQEA0YdWsIeiX5HCcs9eQjXDlWFObb3S/lcj8tOyfmg+7Hvq7MlZO6U7SxnHTOJMkO1SxpwFxLW4TyV0ZPOIJ3/ObAEClhQCmtjddHfSUjVAirqoJyxmfga2zvTxiuUrultrCjy2LDt94UswKvGvqX1fU7hAKjmB6U8KRtRckQJA9J8sshj8HnwZ8mAjiqqtN0XYIKShLEq3NvitQUZt70vf1rwe7MGeHDm3K+8zK7S94S06H3TihyitGKOolDUmdAMI8uKHtP9SbO+iKfnW5e6zlQb0l6yb81DYCFI46Pmot6S9ZUOGGpCJxq10VhkOO9W/LMFiP5A23RJ5sedyHg767QIDAQABAoIBAAQ1ApCx1uWyjT2otamAeQ7FsOfAMRcQeqhnoSsrmBPZTlEp0jcoRqwBdpoWTL5EnaEr3p77NrOtuowQxCUy49sRHCAVgvkT+kJaUFuvnD4M25wWjQpIkG22xyc1GcjFb1bgLpig9/j7/WaA8ThNTAqbMpXTQmBqYpG9T6YaIWH0y1Yo+KmagsMfdwZb+XetTANZAZx9hLWRkvma5Pu+R4QvnUJ/9IOFyZcE6+0/y6XnI9eWSRF7bzqFckdvtgHQgt0U0zGacahWxzHxAdKfQVIok+Uee3qPoMYKmjZyytUKoyrQP0sgtpDlhRMH+lT169pShMgrEcw/RFJ4+ZG4axECgYEA62tDzxxOd1yRhC6AGvpAd1II2iMs3HXNOCJorqdE2lVaCUOVYZnBew4HFX3KRy3sRt4pMAL7hcx5Co+3BEtwZKwRjJurT0sTLuPt+25bAQE99hjgzXydK5a6SyO6HHDqToc7wrFbeWqlodZS/1USeos5Bg2/td2sVL4Bkn2lzrkCgYEA49ikQ13QQsQQd1ttWlYB4NjWdbeO4mwPZVPioerZJ+1KYVrisjt6/rK1/hdVslj83uGOLnxf6GkAsWq6MzcLFoOdCuPwJCFUNGmqtYt7qb4KT7zDPztxSd/YlabcCuro2XejoV7lKoEYCI2Jhf5ZvrfVOTfa0kFbLZUx1a+0U9UCgYEA5B+TG9TgLEXlNGMi/AFYCsfRkB/Zzt/QNv8Q1X18+N0QXD3DOUqW9DlJoAe+xW64sIuC+eVJ+gODnzpYLK81gDhE4S3PuQyU0DFKYQQ05ype8mR1ImoImz5502oRZJH+Wo4s2KKoc2VmjwZycr3rJBhY74bPKNpfrdZZC6z5yPECgYEAyWgb7CDlk99U3u1GwO/+QQ/so6pa9/OluGBqmc7Lnuu3ME/yzLKfir3W+oEOE9Vt0md4E8eF0B/hqPM7HUKu3nwBOjs7b/S2Ro6RhGGEMwv2eX3W6fJVtoPVJJSXNl9o7bNARclosiXjZMwYoQWxt1Exfp7NI8b6HlUf9FCZCvECgYAwZt4y/3JFYgPBQ47W+ouHHzzq8n3xDRKppgc4oOHHIYCTur9CC3wytNRmzmLzopNw8qpcRzZxCuKTnT30mZJULWljLZ+SIJFCx9mwy2PQWSM5uE+S512XrWoYty0Scbd9VrKKfQ94srvy4jV9q9//Smo3A7frWCe8djnksBbtLA==" ], 1205 | "keyUse" : [ "SIG" ], 1206 | "certificate" : [ "MIICqTCCAZECBgGL4YX6fzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1teS10ZXN0LXJlYWxtMB4XDTIzMTExODA4MjAzNVoXDTMzMTExODA4MjIxNVowGDEWMBQGA1UEAwwNbXktdGVzdC1yZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGHVrCHol+RwnLPXkI1w5VhTm290v5XI/LTsn5oPux76uzJWTulO0sZx0ziTJDtUsacBcS1uE8ldGTziCd/zmwBApYUAprY3XR30lI1QIq6qCcsZn4Gts708YrlK7pbawo8tiw7feFLMCrxr6l9X1O4QCo5gelPCkbUXJECQPSfLLIY/B58GfJgI4qqrTdF2CCkoSxKtzb4rUFGbe9L39a8HuzBnhw5tyvvMyu0veEtOh904ocorRijqJQ1JnQDCPLih7T/Umzvoin51uXus5UG9Jesm/NQ2AhSOOj5qLekvWVDhhqQicatdFYZDjvVvyzBYj+QNt0SebHnch4O+u0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqZiHdPKGEt/4WKdubjE7QhyX7QP0YvbXzT0Vt4BePuZALaU9ATvXMOy86FA1rZQbGoNYymzzO/NFQNdLC81eW3oD9Twv58lNK/fM2hl+QoIH/0cS+oK2GOWfNTlCSunM//7C6UBefa77Xtb4U/0UEmpoEi9qmIvpky2XJ8mfArOMug+0QUhFk3FfCXdVozGm9boUwwIP1mFz32edOuzX7d/yLeU6rJeviP9FCgRNpb4fcbzWHsg/7TypKKn6RR9vSKUVgD6qtJyA4+IQKvSAoiX1juJsvqfaiguYUeuFPRJ9km/HFvXHMoRQDhL2tomULGbB7KHzoh58Sy7Z9jTLTg==" ], 1207 | "priority" : [ "100" ] 1208 | } 1209 | }, { 1210 | "id" : "cd98931c-40d5-4f61-bd57-be754aed13e6", 1211 | "name" : "hmac-generated", 1212 | "providerId" : "hmac-generated", 1213 | "subComponents" : { }, 1214 | "config" : { 1215 | "kid" : [ "4d5a6de0-eae3-4f22-9b92-1d4a648dc9f0" ], 1216 | "secret" : [ "ThfBe86zIKTDj5w3-xjqBZSNl76CaKPflqW5BlLqVJFcMElyc9Q0xS9ZSGNVG1SiulVru3odpiIn_ocUWJyhYw" ], 1217 | "priority" : [ "100" ], 1218 | "algorithm" : [ "HS256" ] 1219 | } 1220 | }, { 1221 | "id" : "821ae87e-656b-4ce8-8022-d6eb437e7b77", 1222 | "name" : "aes-generated", 1223 | "providerId" : "aes-generated", 1224 | "subComponents" : { }, 1225 | "config" : { 1226 | "kid" : [ "97a21898-b850-4293-b8e3-cd013d6dba4c" ], 1227 | "secret" : [ "rbrfPXayDtJzRR4jyqSVVg" ], 1228 | "priority" : [ "100" ] 1229 | } 1230 | }, { 1231 | "id" : "ac4128bd-4e0b-4a18-93ea-2d2b4257a516", 1232 | "name" : "rsa-enc-generated", 1233 | "providerId" : "rsa-enc-generated", 1234 | "subComponents" : { }, 1235 | "config" : { 1236 | "privateKey" : [ "MIIEowIBAAKCAQEAncp8IXxENJNWUNDoO2hWtamJBm8n+NPpgx0izNBVZTUsk6joRlEaCYqh2ARGTL8OUaB1ADXz8qGJDtBUcv5lRNaHOFyURDuNk2fcZWxN0ytjkhcvpWAMamU1aJLsymERgBDjlSUWTpurMmpCyW2xZmD9cMj1SDxLTgLrWXy5JVvVEoUM2BOMyZgcFSpE8HPcjuOdaqTCzFX/ugrk7A+4cN4JxOxgnbsp6ugR70eOqRBQKLafG0CHhsMSZRsHLHH9ChpuSDDLCcfbiMgjyp3h9tkqsr5hmWiwcjiITbF6pNYvpA1s5NEikbrPnvYLWq9vEfiLyYqSnL8+qW0/bnBFuQIDAQABAoIBABFalGnbYKX2oVrcivoDqOusVGNmhLsnVUqEARCNBiNOJJOt0zPulgJAIrofCDtHFPRRxSRriqOf8/Ky42LNS0Z1oKQIfI7/jLvOQ61M6sdDgZ0u2yDhTiRCcswIQq4kXFgdI2aDEG+/S6YNDUDZhVX4607E70MNTIvtIsSyBKvQwDR07WF//irUb68p3JXgq11BEgMzXz68ethG9gUaYj2VgrcN2oSHYMhe5O62COeKD8IP/QqjveU8vROdS8+NOGK6o7oyXo6Z2DR7QJB/GY5CQaXrYmDNIQrPUTnQU9MpDsozBI1radL2Q0yPsj761i5WTioh7PivqqN0Vza5mYECgYEA1c3vatb8rv/eB5CGoxBedBHIq3Wou5thuvy2rMHO/uwLHaL+4rxDpA2fakMrD99E2rnlLtfobfE7GwfEcoi9zxS9Qh2boxm8gAWFzeAV+533X5I8T9wLBLNEHn3s0VOk+LuL4kSOigV+EzmwURKfzd0oSBoE5kYAJ4msHy/BvvkCgYEAvO6TGV8nDmriEDMAQK67bOC3RiivHgQh196tgh5kuh+wM9SxXgITU4uWceU04fe/GxugtsTv0eAYULayCBE6sdqVPz61ahuFZJyBLEo1bTz2kww5/nuUJGsPFef4q+2Y0f6Pa3rDkYLLoW9wesd1cXuL+TC0UAjDZOcWVb2QrMECgYAFG9yisuxqyhZmG9/7uYJoR5yB7FfR086sByneSutFUCKb3K82f8UmAGVUxrIauP0ONO7zBZm6Ns9wv+jDy9ytPBOhps93QEAu1vLxjm84CfhFQltKlTl2LUptaBjmj5cbkm+vQnAdgDAZCYHbDhTfeG9j+aswTW/ngfSo8h0xEQKBgEHUUtbNS7t/TGNekeD3wQBv0AwXEuU/hVdFFGm5E1myvt9gZaieyoMaqQHoXiO6AhF87+Oe/PzAu1gsQB4FetELm2MdA3MEQddLnMqE1NbKHhQgd3iPMI/76Za1a/Tj5ZKNwwUtEkV6MF+Ah82QAADZjmz2Jm2YkBRxXFvloCpBAoGBAK3FqsvzRmb9nr6CVKqlVC4U2izGoi7JV6j9n12iSbo1FWepSBgS/U7eE0YyxaEyFcNLyyS9SmN7kuETZgJ2EfeDMPK+pAOsj2/oiC8imuTqa/Ehl5FL+QLh/bpCovHajOkT7mhkj8qf3OP1yBCcG/dI329B3OixYtxWOK3xNVgG" ], 1237 | "keyUse" : [ "ENC" ], 1238 | "certificate" : [ "MIICqTCCAZECBgGL4YX7MzANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1teS10ZXN0LXJlYWxtMB4XDTIzMTExODA4MjAzNloXDTMzMTExODA4MjIxNlowGDEWMBQGA1UEAwwNbXktdGVzdC1yZWFsbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3KfCF8RDSTVlDQ6DtoVrWpiQZvJ/jT6YMdIszQVWU1LJOo6EZRGgmKodgERky/DlGgdQA18/KhiQ7QVHL+ZUTWhzhclEQ7jZNn3GVsTdMrY5IXL6VgDGplNWiS7MphEYAQ45UlFk6bqzJqQsltsWZg/XDI9Ug8S04C61l8uSVb1RKFDNgTjMmYHBUqRPBz3I7jnWqkwsxV/7oK5OwPuHDeCcTsYJ27KeroEe9HjqkQUCi2nxtAh4bDEmUbByxx/QoabkgwywnH24jII8qd4fbZKrK+YZlosHI4iE2xeqTWL6QNbOTRIpG6z572C1qvbxH4i8mKkpy/PqltP25wRbkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYJQ4M39IC1Zt3V4Q6ulGhM3cw2ZhrDXn0PmKsFwQJ+BZoNmN74rAaJcCUrt+ZhKyHv2+HjX++mI4VEdMnZ49VnV8BN0l/R2mV088IUOT6wqgJImC8QwJzrrC3DVYB/20dm1lmtQltCdxV8Pj2Jje4zZ76FL85ulHSqG/unZPfBpjRQQOOld3qIXKea4umrLjVDkUf18fTvrhlyna5R9/jq+4IseofH8lbdsZcAJdn6vUB5GKf1+JzU40xBEL5TsvBRLh9/S61vvn/y996SpDd7BkEunExfxKpHJg5LiLOvxaHaxkgicUmurahPbOKZGB5FXawzVCFc1xFsPsfyknBA==" ], 1239 | "priority" : [ "100" ], 1240 | "algorithm" : [ "RSA-OAEP" ] 1241 | } 1242 | } ] 1243 | }, 1244 | "internationalizationEnabled" : false, 1245 | "supportedLocales" : [ ], 1246 | "authenticationFlows" : [ { 1247 | "id" : "1e0a8bf4-70ca-4317-b517-57486b17d23b", 1248 | "alias" : "Account verification options", 1249 | "description" : "Method with which to verity the existing account", 1250 | "providerId" : "basic-flow", 1251 | "topLevel" : false, 1252 | "builtIn" : true, 1253 | "authenticationExecutions" : [ { 1254 | "authenticator" : "idp-email-verification", 1255 | "authenticatorFlow" : false, 1256 | "requirement" : "ALTERNATIVE", 1257 | "priority" : 10, 1258 | "autheticatorFlow" : false, 1259 | "userSetupAllowed" : false 1260 | }, { 1261 | "authenticatorFlow" : true, 1262 | "requirement" : "ALTERNATIVE", 1263 | "priority" : 20, 1264 | "autheticatorFlow" : true, 1265 | "flowAlias" : "Verify Existing Account by Re-authentication", 1266 | "userSetupAllowed" : false 1267 | } ] 1268 | }, { 1269 | "id" : "3b0a5382-7c00-4d73-bca3-7de1a28190bf", 1270 | "alias" : "Browser - Conditional OTP", 1271 | "description" : "Flow to determine if the OTP is required for the authentication", 1272 | "providerId" : "basic-flow", 1273 | "topLevel" : false, 1274 | "builtIn" : true, 1275 | "authenticationExecutions" : [ { 1276 | "authenticator" : "conditional-user-configured", 1277 | "authenticatorFlow" : false, 1278 | "requirement" : "REQUIRED", 1279 | "priority" : 10, 1280 | "autheticatorFlow" : false, 1281 | "userSetupAllowed" : false 1282 | }, { 1283 | "authenticator" : "auth-otp-form", 1284 | "authenticatorFlow" : false, 1285 | "requirement" : "REQUIRED", 1286 | "priority" : 20, 1287 | "autheticatorFlow" : false, 1288 | "userSetupAllowed" : false 1289 | } ] 1290 | }, { 1291 | "id" : "794d73b3-bd64-44fa-8abe-f2608e53a5da", 1292 | "alias" : "Direct Grant - Conditional OTP", 1293 | "description" : "Flow to determine if the OTP is required for the authentication", 1294 | "providerId" : "basic-flow", 1295 | "topLevel" : false, 1296 | "builtIn" : true, 1297 | "authenticationExecutions" : [ { 1298 | "authenticator" : "conditional-user-configured", 1299 | "authenticatorFlow" : false, 1300 | "requirement" : "REQUIRED", 1301 | "priority" : 10, 1302 | "autheticatorFlow" : false, 1303 | "userSetupAllowed" : false 1304 | }, { 1305 | "authenticator" : "direct-grant-validate-otp", 1306 | "authenticatorFlow" : false, 1307 | "requirement" : "REQUIRED", 1308 | "priority" : 20, 1309 | "autheticatorFlow" : false, 1310 | "userSetupAllowed" : false 1311 | } ] 1312 | }, { 1313 | "id" : "9db600e5-dd7d-4381-a036-170d496c147f", 1314 | "alias" : "First broker login - Conditional OTP", 1315 | "description" : "Flow to determine if the OTP is required for the authentication", 1316 | "providerId" : "basic-flow", 1317 | "topLevel" : false, 1318 | "builtIn" : true, 1319 | "authenticationExecutions" : [ { 1320 | "authenticator" : "conditional-user-configured", 1321 | "authenticatorFlow" : false, 1322 | "requirement" : "REQUIRED", 1323 | "priority" : 10, 1324 | "autheticatorFlow" : false, 1325 | "userSetupAllowed" : false 1326 | }, { 1327 | "authenticator" : "auth-otp-form", 1328 | "authenticatorFlow" : false, 1329 | "requirement" : "REQUIRED", 1330 | "priority" : 20, 1331 | "autheticatorFlow" : false, 1332 | "userSetupAllowed" : false 1333 | } ] 1334 | }, { 1335 | "id" : "8e4af905-050b-435c-9921-f7693bc2b508", 1336 | "alias" : "Handle Existing Account", 1337 | "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", 1338 | "providerId" : "basic-flow", 1339 | "topLevel" : false, 1340 | "builtIn" : true, 1341 | "authenticationExecutions" : [ { 1342 | "authenticator" : "idp-confirm-link", 1343 | "authenticatorFlow" : false, 1344 | "requirement" : "REQUIRED", 1345 | "priority" : 10, 1346 | "autheticatorFlow" : false, 1347 | "userSetupAllowed" : false 1348 | }, { 1349 | "authenticatorFlow" : true, 1350 | "requirement" : "REQUIRED", 1351 | "priority" : 20, 1352 | "autheticatorFlow" : true, 1353 | "flowAlias" : "Account verification options", 1354 | "userSetupAllowed" : false 1355 | } ] 1356 | }, { 1357 | "id" : "342c83ef-ea1b-4f97-84ec-43d5b9777b19", 1358 | "alias" : "Reset - Conditional OTP", 1359 | "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", 1360 | "providerId" : "basic-flow", 1361 | "topLevel" : false, 1362 | "builtIn" : true, 1363 | "authenticationExecutions" : [ { 1364 | "authenticator" : "conditional-user-configured", 1365 | "authenticatorFlow" : false, 1366 | "requirement" : "REQUIRED", 1367 | "priority" : 10, 1368 | "autheticatorFlow" : false, 1369 | "userSetupAllowed" : false 1370 | }, { 1371 | "authenticator" : "reset-otp", 1372 | "authenticatorFlow" : false, 1373 | "requirement" : "REQUIRED", 1374 | "priority" : 20, 1375 | "autheticatorFlow" : false, 1376 | "userSetupAllowed" : false 1377 | } ] 1378 | }, { 1379 | "id" : "2cbfce99-e26c-4d2d-8567-1a8cb48dcb29", 1380 | "alias" : "User creation or linking", 1381 | "description" : "Flow for the existing/non-existing user alternatives", 1382 | "providerId" : "basic-flow", 1383 | "topLevel" : false, 1384 | "builtIn" : true, 1385 | "authenticationExecutions" : [ { 1386 | "authenticatorConfig" : "create unique user config", 1387 | "authenticator" : "idp-create-user-if-unique", 1388 | "authenticatorFlow" : false, 1389 | "requirement" : "ALTERNATIVE", 1390 | "priority" : 10, 1391 | "autheticatorFlow" : false, 1392 | "userSetupAllowed" : false 1393 | }, { 1394 | "authenticatorFlow" : true, 1395 | "requirement" : "ALTERNATIVE", 1396 | "priority" : 20, 1397 | "autheticatorFlow" : true, 1398 | "flowAlias" : "Handle Existing Account", 1399 | "userSetupAllowed" : false 1400 | } ] 1401 | }, { 1402 | "id" : "27af00d6-7f81-4c8c-b126-fc625365dbc7", 1403 | "alias" : "Verify Existing Account by Re-authentication", 1404 | "description" : "Reauthentication of existing account", 1405 | "providerId" : "basic-flow", 1406 | "topLevel" : false, 1407 | "builtIn" : true, 1408 | "authenticationExecutions" : [ { 1409 | "authenticator" : "idp-username-password-form", 1410 | "authenticatorFlow" : false, 1411 | "requirement" : "REQUIRED", 1412 | "priority" : 10, 1413 | "autheticatorFlow" : false, 1414 | "userSetupAllowed" : false 1415 | }, { 1416 | "authenticatorFlow" : true, 1417 | "requirement" : "CONDITIONAL", 1418 | "priority" : 20, 1419 | "autheticatorFlow" : true, 1420 | "flowAlias" : "First broker login - Conditional OTP", 1421 | "userSetupAllowed" : false 1422 | } ] 1423 | }, { 1424 | "id" : "3907688f-2011-4e27-812a-c4b86caa5391", 1425 | "alias" : "browser", 1426 | "description" : "browser based authentication", 1427 | "providerId" : "basic-flow", 1428 | "topLevel" : true, 1429 | "builtIn" : true, 1430 | "authenticationExecutions" : [ { 1431 | "authenticator" : "auth-cookie", 1432 | "authenticatorFlow" : false, 1433 | "requirement" : "ALTERNATIVE", 1434 | "priority" : 10, 1435 | "autheticatorFlow" : false, 1436 | "userSetupAllowed" : false 1437 | }, { 1438 | "authenticator" : "auth-spnego", 1439 | "authenticatorFlow" : false, 1440 | "requirement" : "DISABLED", 1441 | "priority" : 20, 1442 | "autheticatorFlow" : false, 1443 | "userSetupAllowed" : false 1444 | }, { 1445 | "authenticator" : "identity-provider-redirector", 1446 | "authenticatorFlow" : false, 1447 | "requirement" : "ALTERNATIVE", 1448 | "priority" : 25, 1449 | "autheticatorFlow" : false, 1450 | "userSetupAllowed" : false 1451 | }, { 1452 | "authenticatorFlow" : true, 1453 | "requirement" : "ALTERNATIVE", 1454 | "priority" : 30, 1455 | "autheticatorFlow" : true, 1456 | "flowAlias" : "forms", 1457 | "userSetupAllowed" : false 1458 | } ] 1459 | }, { 1460 | "id" : "929e9928-9648-4e12-a479-41f516d5f419", 1461 | "alias" : "clients", 1462 | "description" : "Base authentication for clients", 1463 | "providerId" : "client-flow", 1464 | "topLevel" : true, 1465 | "builtIn" : true, 1466 | "authenticationExecutions" : [ { 1467 | "authenticator" : "client-secret", 1468 | "authenticatorFlow" : false, 1469 | "requirement" : "ALTERNATIVE", 1470 | "priority" : 10, 1471 | "autheticatorFlow" : false, 1472 | "userSetupAllowed" : false 1473 | }, { 1474 | "authenticator" : "client-jwt", 1475 | "authenticatorFlow" : false, 1476 | "requirement" : "ALTERNATIVE", 1477 | "priority" : 20, 1478 | "autheticatorFlow" : false, 1479 | "userSetupAllowed" : false 1480 | }, { 1481 | "authenticator" : "client-secret-jwt", 1482 | "authenticatorFlow" : false, 1483 | "requirement" : "ALTERNATIVE", 1484 | "priority" : 30, 1485 | "autheticatorFlow" : false, 1486 | "userSetupAllowed" : false 1487 | }, { 1488 | "authenticator" : "client-x509", 1489 | "authenticatorFlow" : false, 1490 | "requirement" : "ALTERNATIVE", 1491 | "priority" : 40, 1492 | "autheticatorFlow" : false, 1493 | "userSetupAllowed" : false 1494 | } ] 1495 | }, { 1496 | "id" : "50b91487-fa67-4afe-b07f-296d7bef48f8", 1497 | "alias" : "direct grant", 1498 | "description" : "OpenID Connect Resource Owner Grant", 1499 | "providerId" : "basic-flow", 1500 | "topLevel" : true, 1501 | "builtIn" : true, 1502 | "authenticationExecutions" : [ { 1503 | "authenticator" : "direct-grant-validate-username", 1504 | "authenticatorFlow" : false, 1505 | "requirement" : "REQUIRED", 1506 | "priority" : 10, 1507 | "autheticatorFlow" : false, 1508 | "userSetupAllowed" : false 1509 | }, { 1510 | "authenticator" : "direct-grant-validate-password", 1511 | "authenticatorFlow" : false, 1512 | "requirement" : "REQUIRED", 1513 | "priority" : 20, 1514 | "autheticatorFlow" : false, 1515 | "userSetupAllowed" : false 1516 | }, { 1517 | "authenticatorFlow" : true, 1518 | "requirement" : "CONDITIONAL", 1519 | "priority" : 30, 1520 | "autheticatorFlow" : true, 1521 | "flowAlias" : "Direct Grant - Conditional OTP", 1522 | "userSetupAllowed" : false 1523 | } ] 1524 | }, { 1525 | "id" : "dbfcb55f-6f67-4894-9abe-1e92a305f4b1", 1526 | "alias" : "docker auth", 1527 | "description" : "Used by Docker clients to authenticate against the IDP", 1528 | "providerId" : "basic-flow", 1529 | "topLevel" : true, 1530 | "builtIn" : true, 1531 | "authenticationExecutions" : [ { 1532 | "authenticator" : "docker-http-basic-authenticator", 1533 | "authenticatorFlow" : false, 1534 | "requirement" : "REQUIRED", 1535 | "priority" : 10, 1536 | "autheticatorFlow" : false, 1537 | "userSetupAllowed" : false 1538 | } ] 1539 | }, { 1540 | "id" : "5d87b690-c92e-43c5-8bef-aed7ab29617c", 1541 | "alias" : "first broker login", 1542 | "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", 1543 | "providerId" : "basic-flow", 1544 | "topLevel" : true, 1545 | "builtIn" : true, 1546 | "authenticationExecutions" : [ { 1547 | "authenticatorConfig" : "review profile config", 1548 | "authenticator" : "idp-review-profile", 1549 | "authenticatorFlow" : false, 1550 | "requirement" : "REQUIRED", 1551 | "priority" : 10, 1552 | "autheticatorFlow" : false, 1553 | "userSetupAllowed" : false 1554 | }, { 1555 | "authenticatorFlow" : true, 1556 | "requirement" : "REQUIRED", 1557 | "priority" : 20, 1558 | "autheticatorFlow" : true, 1559 | "flowAlias" : "User creation or linking", 1560 | "userSetupAllowed" : false 1561 | } ] 1562 | }, { 1563 | "id" : "f53baa44-229f-45a4-af62-585d55afec1b", 1564 | "alias" : "forms", 1565 | "description" : "Username, password, otp and other auth forms.", 1566 | "providerId" : "basic-flow", 1567 | "topLevel" : false, 1568 | "builtIn" : true, 1569 | "authenticationExecutions" : [ { 1570 | "authenticator" : "auth-username-password-form", 1571 | "authenticatorFlow" : false, 1572 | "requirement" : "REQUIRED", 1573 | "priority" : 10, 1574 | "autheticatorFlow" : false, 1575 | "userSetupAllowed" : false 1576 | }, { 1577 | "authenticatorFlow" : true, 1578 | "requirement" : "CONDITIONAL", 1579 | "priority" : 20, 1580 | "autheticatorFlow" : true, 1581 | "flowAlias" : "Browser - Conditional OTP", 1582 | "userSetupAllowed" : false 1583 | } ] 1584 | }, { 1585 | "id" : "973b08f0-9889-4bb0-b08d-27b0d9fa53c6", 1586 | "alias" : "registration", 1587 | "description" : "registration flow", 1588 | "providerId" : "basic-flow", 1589 | "topLevel" : true, 1590 | "builtIn" : true, 1591 | "authenticationExecutions" : [ { 1592 | "authenticator" : "registration-page-form", 1593 | "authenticatorFlow" : true, 1594 | "requirement" : "REQUIRED", 1595 | "priority" : 10, 1596 | "autheticatorFlow" : true, 1597 | "flowAlias" : "registration form", 1598 | "userSetupAllowed" : false 1599 | } ] 1600 | }, { 1601 | "id" : "abe8610b-9ee4-4156-9ccc-15db4db685b1", 1602 | "alias" : "registration form", 1603 | "description" : "registration form", 1604 | "providerId" : "form-flow", 1605 | "topLevel" : false, 1606 | "builtIn" : true, 1607 | "authenticationExecutions" : [ { 1608 | "authenticator" : "registration-user-creation", 1609 | "authenticatorFlow" : false, 1610 | "requirement" : "REQUIRED", 1611 | "priority" : 20, 1612 | "autheticatorFlow" : false, 1613 | "userSetupAllowed" : false 1614 | }, { 1615 | "authenticator" : "registration-profile-action", 1616 | "authenticatorFlow" : false, 1617 | "requirement" : "REQUIRED", 1618 | "priority" : 40, 1619 | "autheticatorFlow" : false, 1620 | "userSetupAllowed" : false 1621 | }, { 1622 | "authenticator" : "registration-password-action", 1623 | "authenticatorFlow" : false, 1624 | "requirement" : "REQUIRED", 1625 | "priority" : 50, 1626 | "autheticatorFlow" : false, 1627 | "userSetupAllowed" : false 1628 | }, { 1629 | "authenticator" : "registration-recaptcha-action", 1630 | "authenticatorFlow" : false, 1631 | "requirement" : "DISABLED", 1632 | "priority" : 60, 1633 | "autheticatorFlow" : false, 1634 | "userSetupAllowed" : false 1635 | } ] 1636 | }, { 1637 | "id" : "1362bd93-1099-44d7-a73c-b592e7ea8609", 1638 | "alias" : "reset credentials", 1639 | "description" : "Reset credentials for a user if they forgot their password or something", 1640 | "providerId" : "basic-flow", 1641 | "topLevel" : true, 1642 | "builtIn" : true, 1643 | "authenticationExecutions" : [ { 1644 | "authenticator" : "reset-credentials-choose-user", 1645 | "authenticatorFlow" : false, 1646 | "requirement" : "REQUIRED", 1647 | "priority" : 10, 1648 | "autheticatorFlow" : false, 1649 | "userSetupAllowed" : false 1650 | }, { 1651 | "authenticator" : "reset-credential-email", 1652 | "authenticatorFlow" : false, 1653 | "requirement" : "REQUIRED", 1654 | "priority" : 20, 1655 | "autheticatorFlow" : false, 1656 | "userSetupAllowed" : false 1657 | }, { 1658 | "authenticator" : "reset-password", 1659 | "authenticatorFlow" : false, 1660 | "requirement" : "REQUIRED", 1661 | "priority" : 30, 1662 | "autheticatorFlow" : false, 1663 | "userSetupAllowed" : false 1664 | }, { 1665 | "authenticatorFlow" : true, 1666 | "requirement" : "CONDITIONAL", 1667 | "priority" : 40, 1668 | "autheticatorFlow" : true, 1669 | "flowAlias" : "Reset - Conditional OTP", 1670 | "userSetupAllowed" : false 1671 | } ] 1672 | }, { 1673 | "id" : "6cea0fb1-7e92-403d-b7c3-d237e20d0a89", 1674 | "alias" : "saml ecp", 1675 | "description" : "SAML ECP Profile Authentication Flow", 1676 | "providerId" : "basic-flow", 1677 | "topLevel" : true, 1678 | "builtIn" : true, 1679 | "authenticationExecutions" : [ { 1680 | "authenticator" : "http-basic-authenticator", 1681 | "authenticatorFlow" : false, 1682 | "requirement" : "REQUIRED", 1683 | "priority" : 10, 1684 | "autheticatorFlow" : false, 1685 | "userSetupAllowed" : false 1686 | } ] 1687 | } ], 1688 | "authenticatorConfig" : [ { 1689 | "id" : "cf9988c2-8b8c-4db0-b725-f9317b023d8a", 1690 | "alias" : "create unique user config", 1691 | "config" : { 1692 | "require.password.update.after.registration" : "false" 1693 | } 1694 | }, { 1695 | "id" : "a36acd81-9bc6-47e7-ad0d-05bc22dc3e34", 1696 | "alias" : "review profile config", 1697 | "config" : { 1698 | "update.profile.on.first.login" : "missing" 1699 | } 1700 | } ], 1701 | "requiredActions" : [ { 1702 | "alias" : "CONFIGURE_TOTP", 1703 | "name" : "Configure OTP", 1704 | "providerId" : "CONFIGURE_TOTP", 1705 | "enabled" : true, 1706 | "defaultAction" : false, 1707 | "priority" : 10, 1708 | "config" : { } 1709 | }, { 1710 | "alias" : "TERMS_AND_CONDITIONS", 1711 | "name" : "Terms and Conditions", 1712 | "providerId" : "TERMS_AND_CONDITIONS", 1713 | "enabled" : false, 1714 | "defaultAction" : false, 1715 | "priority" : 20, 1716 | "config" : { } 1717 | }, { 1718 | "alias" : "UPDATE_PASSWORD", 1719 | "name" : "Update Password", 1720 | "providerId" : "UPDATE_PASSWORD", 1721 | "enabled" : true, 1722 | "defaultAction" : false, 1723 | "priority" : 30, 1724 | "config" : { } 1725 | }, { 1726 | "alias" : "UPDATE_PROFILE", 1727 | "name" : "Update Profile", 1728 | "providerId" : "UPDATE_PROFILE", 1729 | "enabled" : true, 1730 | "defaultAction" : false, 1731 | "priority" : 40, 1732 | "config" : { } 1733 | }, { 1734 | "alias" : "VERIFY_EMAIL", 1735 | "name" : "Verify Email", 1736 | "providerId" : "VERIFY_EMAIL", 1737 | "enabled" : true, 1738 | "defaultAction" : false, 1739 | "priority" : 50, 1740 | "config" : { } 1741 | }, { 1742 | "alias" : "delete_account", 1743 | "name" : "Delete Account", 1744 | "providerId" : "delete_account", 1745 | "enabled" : false, 1746 | "defaultAction" : false, 1747 | "priority" : 60, 1748 | "config" : { } 1749 | }, { 1750 | "alias" : "CONFIGURE_RECOVERY_AUTHN_CODES", 1751 | "name" : "Recovery Authentication Codes", 1752 | "providerId" : "CONFIGURE_RECOVERY_AUTHN_CODES", 1753 | "enabled" : true, 1754 | "defaultAction" : false, 1755 | "priority" : 70, 1756 | "config" : { } 1757 | }, { 1758 | "alias" : "UPDATE_EMAIL", 1759 | "name" : "Update Email", 1760 | "providerId" : "UPDATE_EMAIL", 1761 | "enabled" : true, 1762 | "defaultAction" : false, 1763 | "priority" : 70, 1764 | "config" : { } 1765 | }, { 1766 | "alias" : "webauthn-register", 1767 | "name" : "Webauthn Register", 1768 | "providerId" : "webauthn-register", 1769 | "enabled" : true, 1770 | "defaultAction" : false, 1771 | "priority" : 70, 1772 | "config" : { } 1773 | }, { 1774 | "alias" : "webauthn-register-passwordless", 1775 | "name" : "Webauthn Register Passwordless", 1776 | "providerId" : "webauthn-register-passwordless", 1777 | "enabled" : true, 1778 | "defaultAction" : false, 1779 | "priority" : 80, 1780 | "config" : { } 1781 | }, { 1782 | "alias" : "update_user_locale", 1783 | "name" : "Update User Locale", 1784 | "providerId" : "update_user_locale", 1785 | "enabled" : true, 1786 | "defaultAction" : false, 1787 | "priority" : 1000, 1788 | "config" : { } 1789 | } ], 1790 | "browserFlow" : "browser", 1791 | "registrationFlow" : "registration", 1792 | "directGrantFlow" : "direct grant", 1793 | "resetCredentialsFlow" : "reset credentials", 1794 | "clientAuthenticationFlow" : "clients", 1795 | "dockerAuthenticationFlow" : "docker auth", 1796 | "attributes" : { 1797 | "cibaBackchannelTokenDeliveryMode" : "poll", 1798 | "cibaAuthRequestedUserHint" : "login_hint", 1799 | "oauth2DevicePollingInterval" : "5", 1800 | "clientOfflineSessionMaxLifespan" : "0", 1801 | "clientSessionIdleTimeout" : "0", 1802 | "actionTokenGeneratedByUserLifespan-execute-actions" : "", 1803 | "actionTokenGeneratedByUserLifespan-verify-email" : "", 1804 | "clientOfflineSessionIdleTimeout" : "0", 1805 | "actionTokenGeneratedByUserLifespan-reset-credentials" : "", 1806 | "cibaInterval" : "5", 1807 | "realmReusableOtpCode" : "false", 1808 | "cibaExpiresIn" : "120", 1809 | "oauth2DeviceCodeLifespan" : "600", 1810 | "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "", 1811 | "parRequestUriLifespan" : "60", 1812 | "clientSessionMaxLifespan" : "0", 1813 | "shortVerificationUri" : "" 1814 | }, 1815 | "keycloakVersion" : "22.0.0", 1816 | "userManagedAccessAllowed" : false, 1817 | "clientProfiles" : { 1818 | "profiles" : [ ] 1819 | }, 1820 | "clientPolicies" : { 1821 | "policies" : [ ] 1822 | } 1823 | } -------------------------------------------------------------------------------- /webapp/.editorconfig: -------------------------------------------------------------------------------- 1 | # Editor configuration, see https://editorconfig.org 2 | root = true 3 | 4 | [*] 5 | charset = utf-8 6 | indent_style = space 7 | indent_size = 2 8 | insert_final_newline = true 9 | trim_trailing_whitespace = true 10 | 11 | [*.ts] 12 | quote_type = single 13 | 14 | [*.md] 15 | max_line_length = off 16 | trim_trailing_whitespace = false 17 | -------------------------------------------------------------------------------- /webapp/.gitignore: -------------------------------------------------------------------------------- 1 | # See http://help.github.com/ignore-files/ for more about ignoring files. 2 | 3 | # Compiled output 4 | /dist 5 | /tmp 6 | /out-tsc 7 | /bazel-out 8 | 9 | # Node 10 | /node_modules 11 | npm-debug.log 12 | yarn-error.log 13 | 14 | # IDEs and editors 15 | .idea/ 16 | .project 17 | .classpath 18 | .c9/ 19 | *.launch 20 | .settings/ 21 | *.sublime-workspace 22 | 23 | # Visual Studio Code 24 | .vscode/* 25 | !.vscode/settings.json 26 | !.vscode/tasks.json 27 | !.vscode/launch.json 28 | !.vscode/extensions.json 29 | .history/* 30 | 31 | # Miscellaneous 32 | /.angular/cache 33 | .sass-cache/ 34 | /connect.lock 35 | /coverage 36 | /libpeerconnection.log 37 | testem.log 38 | /typings 39 | 40 | # System files 41 | .DS_Store 42 | Thumbs.db 43 | -------------------------------------------------------------------------------- /webapp/.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | // For more information, visit: https://go.microsoft.com/fwlink/?linkid=827846 3 | "recommendations": ["angular.ng-template"] 4 | } 5 | -------------------------------------------------------------------------------- /webapp/.vscode/launch.json: -------------------------------------------------------------------------------- 1 | { 2 | // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 3 | "version": "0.2.0", 4 | "configurations": [ 5 | { 6 | "name": "Launch Chrome", 7 | "request": "launch", 8 | "type": "chrome", 9 | "url": "http://localhost:4200", 10 | "webRoot": "${workspaceFolder}" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /webapp/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | // For more information, visit: https://go.microsoft.com/fwlink/?LinkId=733558 3 | "version": "2.0.0", 4 | "tasks": [ 5 | { 6 | "type": "npm", 7 | "script": "start", 8 | "isBackground": true, 9 | "problemMatcher": { 10 | "owner": "typescript", 11 | "pattern": "$tsc", 12 | "background": { 13 | "activeOnStart": true, 14 | "beginsPattern": { 15 | "regexp": "(.*?)" 16 | }, 17 | "endsPattern": { 18 | "regexp": "bundle generation complete" 19 | } 20 | } 21 | } 22 | }, 23 | { 24 | "type": "npm", 25 | "script": "test", 26 | "isBackground": true, 27 | "problemMatcher": { 28 | "owner": "typescript", 29 | "pattern": "$tsc", 30 | "background": { 31 | "activeOnStart": true, 32 | "beginsPattern": { 33 | "regexp": "(.*?)" 34 | }, 35 | "endsPattern": { 36 | "regexp": "bundle generation complete" 37 | } 38 | } 39 | } 40 | } 41 | ] 42 | } 43 | -------------------------------------------------------------------------------- /webapp/README.md: -------------------------------------------------------------------------------- 1 | # Webapp 2 | 3 | This project was generated with [Angular CLI](https://github.com/angular/angular-cli) version 17.0.1. 4 | 5 | ## Development server 6 | 7 | Run `ng serve` for a dev server. Navigate to `http://localhost:4200/`. The application will automatically reload if you change any of the source files. 8 | 9 | ## Code scaffolding 10 | 11 | Run `ng generate component component-name` to generate a new component. You can also use `ng generate directive|pipe|service|class|guard|interface|enum|module`. 12 | 13 | ## Build 14 | 15 | Run `ng build` to build the project. The build artifacts will be stored in the `dist/` directory. 16 | 17 | ## Running unit tests 18 | 19 | Run `ng test` to execute the unit tests via [Karma](https://karma-runner.github.io). 20 | 21 | ## Running end-to-end tests 22 | 23 | Run `ng e2e` to execute the end-to-end tests via a platform of your choice. To use this command, you need to first add a package that implements end-to-end testing capabilities. 24 | 25 | ## Further help 26 | 27 | To get more help on the Angular CLI use `ng help` or go check out the [Angular CLI Overview and Command Reference](https://angular.io/cli) page. 28 | -------------------------------------------------------------------------------- /webapp/angular.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "./node_modules/@angular/cli/lib/config/schema.json", 3 | "version": 1, 4 | "newProjectRoot": "projects", 5 | "projects": { 6 | "webapp": { 7 | "projectType": "application", 8 | "schematics": { 9 | "@schematics/angular:component": { 10 | "style": "scss" 11 | } 12 | }, 13 | "root": "", 14 | "sourceRoot": "src", 15 | "prefix": "app", 16 | "architect": { 17 | "build": { 18 | "builder": "@angular-devkit/build-angular:application", 19 | "options": { 20 | "outputPath": "dist/webapp", 21 | "index": "src/index.html", 22 | "browser": "src/main.ts", 23 | "polyfills": [ 24 | "zone.js" 25 | ], 26 | "tsConfig": "tsconfig.app.json", 27 | "inlineStyleLanguage": "scss", 28 | "assets": [ 29 | "src/favicon.ico", 30 | "src/assets" 31 | ], 32 | "styles": [ 33 | "src/styles.scss" 34 | ], 35 | "scripts": [] 36 | }, 37 | "configurations": { 38 | "production": { 39 | "budgets": [ 40 | { 41 | "type": "initial", 42 | "maximumWarning": "500kb", 43 | "maximumError": "1mb" 44 | }, 45 | { 46 | "type": "anyComponentStyle", 47 | "maximumWarning": "2kb", 48 | "maximumError": "4kb" 49 | } 50 | ], 51 | "outputHashing": "all" 52 | }, 53 | "development": { 54 | "optimization": false, 55 | "extractLicenses": false, 56 | "sourceMap": true 57 | } 58 | }, 59 | "defaultConfiguration": "production" 60 | }, 61 | "serve": { 62 | "builder": "@angular-devkit/build-angular:dev-server", 63 | "configurations": { 64 | "production": { 65 | "buildTarget": "webapp:build:production" 66 | }, 67 | "development": { 68 | "buildTarget": "webapp:build:development" 69 | } 70 | }, 71 | "defaultConfiguration": "development" 72 | }, 73 | "extract-i18n": { 74 | "builder": "@angular-devkit/build-angular:extract-i18n", 75 | "options": { 76 | "buildTarget": "webapp:build" 77 | } 78 | }, 79 | "test": { 80 | "builder": "@angular-devkit/build-angular:karma", 81 | "options": { 82 | "polyfills": [ 83 | "zone.js", 84 | "zone.js/testing" 85 | ], 86 | "tsConfig": "tsconfig.spec.json", 87 | "inlineStyleLanguage": "scss", 88 | "assets": [ 89 | "src/favicon.ico", 90 | "src/assets" 91 | ], 92 | "styles": [ 93 | "src/styles.scss" 94 | ], 95 | "scripts": [] 96 | } 97 | } 98 | } 99 | } 100 | } 101 | } 102 | -------------------------------------------------------------------------------- /webapp/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "webapp", 3 | "version": "0.0.0", 4 | "scripts": { 5 | "ng": "ng", 6 | "start": "ng serve", 7 | "build": "ng build", 8 | "watch": "ng build --watch --configuration development", 9 | "test": "ng test" 10 | }, 11 | "private": true, 12 | "dependencies": { 13 | "@angular/animations": "^17.0.0", 14 | "@angular/common": "^17.0.0", 15 | "@angular/compiler": "^17.0.0", 16 | "@angular/core": "^17.0.0", 17 | "@angular/forms": "^17.0.0", 18 | "@angular/platform-browser": "^17.0.0", 19 | "@angular/platform-browser-dynamic": "^17.0.0", 20 | "@angular/router": "^17.0.0", 21 | "angular-oauth2-oidc": "^15.0.1", 22 | "rxjs": "~7.8.0", 23 | "tslib": "^2.3.0", 24 | "zone.js": "~0.14.2" 25 | }, 26 | "devDependencies": { 27 | "@angular-devkit/build-angular": "^17.0.1", 28 | "@angular/cli": "^17.0.1", 29 | "@angular/compiler-cli": "^17.0.0", 30 | "@types/jasmine": "~5.1.0", 31 | "jasmine-core": "~5.1.0", 32 | "karma": "~6.4.0", 33 | "karma-chrome-launcher": "~3.2.0", 34 | "karma-coverage": "~2.2.0", 35 | "karma-jasmine": "~5.1.0", 36 | "karma-jasmine-html-reporter": "~2.1.0", 37 | "typescript": "~5.2.2" 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /webapp/src/app/app.component.html: -------------------------------------------------------------------------------- 1 |
2 |

Fullstack OAuth2 Keycloak

3 |
4 |
5 |
6 | 7 |
8 |
9 | 10 |
11 |
12 |
13 | {{ helloText }} 14 |
15 | -------------------------------------------------------------------------------- /webapp/src/app/app.component.scss: -------------------------------------------------------------------------------- 1 | div { 2 | font-family: 'Franklin Gothic Medium', 'Arial Narrow', Arial, sans-serif; 3 | font-size: x-large; 4 | margin-bottom: 1rem; 5 | margin-left: 2rem; 6 | display: flex; 7 | } 8 | 9 | button { 10 | font-family: 'Gill Sans', 'Gill Sans MT', Calibri, 'Trebuchet MS', sans-serif; 11 | font-weight: bold; 12 | border: 0; 13 | padding: 1rem; 14 | background-color: burlywood; 15 | cursor: pointer; 16 | } 17 | -------------------------------------------------------------------------------- /webapp/src/app/app.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { TestBed } from '@angular/core/testing'; 2 | import { AppComponent } from './app.component'; 3 | 4 | describe('AppComponent', () => { 5 | beforeEach(async () => { 6 | await TestBed.configureTestingModule({ 7 | imports: [AppComponent], 8 | }).compileComponents(); 9 | }); 10 | 11 | it('should create the app', () => { 12 | const fixture = TestBed.createComponent(AppComponent); 13 | const app = fixture.componentInstance; 14 | expect(app).toBeTruthy(); 15 | }); 16 | 17 | it(`should have the 'webapp' title`, () => { 18 | const fixture = TestBed.createComponent(AppComponent); 19 | const app = fixture.componentInstance; 20 | expect(app.title).toEqual('webapp'); 21 | }); 22 | 23 | it('should render title', () => { 24 | const fixture = TestBed.createComponent(AppComponent); 25 | fixture.detectChanges(); 26 | const compiled = fixture.nativeElement as HTMLElement; 27 | expect(compiled.querySelector('h1')?.textContent).toContain('Hello, webapp'); 28 | }); 29 | }); 30 | -------------------------------------------------------------------------------- /webapp/src/app/app.component.ts: -------------------------------------------------------------------------------- 1 | import { Component } from '@angular/core'; 2 | import { CommonModule } from '@angular/common'; 3 | import { RouterOutlet } from '@angular/router'; 4 | import { OAuthService } from 'angular-oauth2-oidc'; 5 | import { HttpClient, HttpHeaders } from '@angular/common/http'; 6 | 7 | @Component({ 8 | selector: 'app-root', 9 | standalone: true, 10 | imports: [CommonModule, RouterOutlet], 11 | templateUrl: './app.component.html', 12 | styleUrl: './app.component.scss' 13 | }) 14 | export class AppComponent { 15 | helloText = ''; 16 | 17 | constructor(private oauthService: OAuthService, private httpClient: HttpClient) { } 18 | 19 | logout() { 20 | this.oauthService.logOut(); 21 | } 22 | 23 | getHelloText() { 24 | this.httpClient.get<{ message: string }>('http://localhost:8080/hello', { 25 | headers: { 26 | 'Authorization': `Bearer ${this.oauthService.getAccessToken()}` 27 | } 28 | }).subscribe(result => { 29 | this.helloText = result.message; 30 | }); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /webapp/src/app/app.config.ts: -------------------------------------------------------------------------------- 1 | import { APP_INITIALIZER, ApplicationConfig } from '@angular/core'; 2 | import { provideRouter } from '@angular/router'; 3 | import { routes } from './app.routes'; 4 | import { AuthConfig, OAuthService, provideOAuthClient } from 'angular-oauth2-oidc'; 5 | import { provideHttpClient } from '@angular/common/http'; 6 | 7 | export const authCodeFlowConfig: AuthConfig = { 8 | issuer: 'http://localhost:8180/realms/my-test-realm', 9 | tokenEndpoint: 'http://localhost:8180/realms/my-test-realm/protocol/openid-connect/token', 10 | redirectUri: window.location.origin, 11 | clientId: 'my-webapp-client', 12 | responseType: 'code', 13 | scope: 'openid profile', 14 | showDebugInformation: true, 15 | }; 16 | 17 | function initializeOAuth(oauthService: OAuthService): Promise { 18 | return new Promise((resolve) => { 19 | oauthService.configure(authCodeFlowConfig); 20 | oauthService.setupAutomaticSilentRefresh(); 21 | oauthService.loadDiscoveryDocumentAndLogin() 22 | .then(() => resolve()); 23 | }); 24 | } 25 | 26 | export const appConfig: ApplicationConfig = { 27 | providers: [ 28 | provideRouter(routes), 29 | provideHttpClient(), 30 | provideOAuthClient(), 31 | { 32 | provide: APP_INITIALIZER, 33 | useFactory: (oauthService: OAuthService) => { 34 | return () => { 35 | initializeOAuth(oauthService); 36 | } 37 | }, 38 | multi: true, 39 | deps: [ 40 | OAuthService 41 | ] 42 | } 43 | ] 44 | }; 45 | -------------------------------------------------------------------------------- /webapp/src/app/app.routes.ts: -------------------------------------------------------------------------------- 1 | import { Routes } from '@angular/router'; 2 | 3 | export const routes: Routes = []; 4 | -------------------------------------------------------------------------------- /webapp/src/assets/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tamani-coding/fullstack-oauth2-angular-spring-boot-keycloak/c989a6603f144022684940e2ad2c9a19acdee9fd/webapp/src/assets/.gitkeep -------------------------------------------------------------------------------- /webapp/src/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tamani-coding/fullstack-oauth2-angular-spring-boot-keycloak/c989a6603f144022684940e2ad2c9a19acdee9fd/webapp/src/favicon.ico -------------------------------------------------------------------------------- /webapp/src/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Webapp 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /webapp/src/main.ts: -------------------------------------------------------------------------------- 1 | import { bootstrapApplication } from '@angular/platform-browser'; 2 | import { AppComponent } from './app/app.component'; 3 | import { appConfig } from './app/app.config'; 4 | 5 | bootstrapApplication(AppComponent, appConfig) 6 | .catch((err) => console.error(err)); 7 | -------------------------------------------------------------------------------- /webapp/src/styles.scss: -------------------------------------------------------------------------------- 1 | /* You can add global styles to this file, and also import other style files */ 2 | -------------------------------------------------------------------------------- /webapp/tsconfig.app.json: -------------------------------------------------------------------------------- 1 | /* To learn more about this file see: https://angular.io/config/tsconfig. */ 2 | { 3 | "extends": "./tsconfig.json", 4 | "compilerOptions": { 5 | "outDir": "./out-tsc/app", 6 | "types": [] 7 | }, 8 | "files": [ 9 | "src/main.ts" 10 | ], 11 | "include": [ 12 | "src/**/*.d.ts" 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /webapp/tsconfig.json: -------------------------------------------------------------------------------- 1 | /* To learn more about this file see: https://angular.io/config/tsconfig. */ 2 | { 3 | "compileOnSave": false, 4 | "compilerOptions": { 5 | "outDir": "./dist/out-tsc", 6 | "forceConsistentCasingInFileNames": true, 7 | "strict": true, 8 | "noImplicitOverride": true, 9 | "noPropertyAccessFromIndexSignature": true, 10 | "noImplicitReturns": true, 11 | "noFallthroughCasesInSwitch": true, 12 | "esModuleInterop": true, 13 | "sourceMap": true, 14 | "declaration": false, 15 | "experimentalDecorators": true, 16 | "moduleResolution": "node", 17 | "importHelpers": true, 18 | "target": "ES2022", 19 | "module": "ES2022", 20 | "useDefineForClassFields": false, 21 | "lib": [ 22 | "ES2022", 23 | "dom" 24 | ] 25 | }, 26 | "angularCompilerOptions": { 27 | "enableI18nLegacyMessageIdFormat": false, 28 | "strictInjectionParameters": true, 29 | "strictInputAccessModifiers": true, 30 | "strictTemplates": true 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /webapp/tsconfig.spec.json: -------------------------------------------------------------------------------- 1 | /* To learn more about this file see: https://angular.io/config/tsconfig. */ 2 | { 3 | "extends": "./tsconfig.json", 4 | "compilerOptions": { 5 | "outDir": "./out-tsc/spec", 6 | "types": [ 7 | "jasmine" 8 | ] 9 | }, 10 | "include": [ 11 | "src/**/*.spec.ts", 12 | "src/**/*.d.ts" 13 | ] 14 | } 15 | --------------------------------------------------------------------------------