diff --git a/dev-env/docker-compose-dev.yml b/dev-env/docker-compose-dev.yml
index 7f6f21c26..0c11807b5 100644
--- a/dev-env/docker-compose-dev.yml
+++ b/dev-env/docker-compose-dev.yml
@@ -9,6 +9,7 @@ services:
depends_on:
- dev_dataverse
- dev_frontend
+ - dev_keycloak
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./docker-dev-volumes/nginx/logs:/var/log/nginx/
@@ -46,7 +47,11 @@ services:
DATAVERSE_DB_HOST: postgres
DATAVERSE_DB_PASSWORD: secret
DATAVERSE_DB_USER: ${DATAVERSE_DB_USER}
- DATAVERSE_FEATURE_API_SESSION_AUTH: 1
+ DATAVERSE_FEATURE_API_BEARER_AUTH: 1
+ DATAVERSE_AUTH_OIDC_ENABLED: 1
+ DATAVERSE_AUTH_OIDC_CLIENT_ID: test
+ DATAVERSE_AUTH_OIDC_CLIENT_SECRET: 94XHrfNRwXsjqTqApRrwWmhDLDHpIYV8
+ DATAVERSE_AUTH_OIDC_AUTH_SERVER_URL: http://keycloak.mydomain.com:9080/realms/test
JVM_ARGS: -Ddataverse.pid.providers=fake
-Ddataverse.pid.default-provider=fake
-Ddataverse.pid.fake.type=FAKE
@@ -66,6 +71,9 @@ services:
-Ddataverse.files.s3.connection-pool-size=2048
-Ddataverse.files.s3.custom-endpoint-region=us-east-1
-Ddataverse.files.s3.custom-endpoint-url=https://s3.us-east-1.amazonaws.com
+ expose:
+ - '8080'
+ # TODO: The port has been opened for the redirection to /oauth2/callback.xhtml after a JSF OIDC login. We may prefer to change this to use the proxy.
ports:
- '8080:8080'
networks:
@@ -172,6 +180,30 @@ services:
tmpfs:
- /mail:mode=770,size=128M,uid=1000,gid=1000
+ dev_keycloak:
+ container_name: 'dev_keycloak'
+ image: 'quay.io/keycloak/keycloak:21.0'
+ hostname: keycloak
+ command:
+ - 'start-dev'
+ - '--import-realm'
+ environment:
+ - KC_HTTP_PORT=9080
+ - KC_HOSTNAME=localhost
+ - KC_HOSTNAME_PORT=8000
+ - KC_HOSTNAME_ADMIN_URL=http://localhost:8000
+ - KEYCLOAK_ADMIN=kcadmin
+ - KEYCLOAK_ADMIN_PASSWORD=kcpassword
+ - KEYCLOAK_LOGLEVEL=DEBUG
+ networks:
+ dataverse:
+ aliases:
+ - keycloak.mydomain.com
+ expose:
+ - 9080
+ volumes:
+ - './keycloak/test-realm.json:/opt/keycloak/data/import/test-realm.json'
+
networks:
dataverse:
driver: bridge
diff --git a/dev-env/keycloak/test-realm.json b/dev-env/keycloak/test-realm.json
new file mode 100644
index 000000000..ba6721d80
--- /dev/null
+++ b/dev-env/keycloak/test-realm.json
@@ -0,0 +1,2217 @@
+{
+ "id": "80a7e04b-a2b5-4891-a2d1-5ad4e915f983",
+ "realm": "test",
+ "displayName": "",
+ "displayNameHtml": "",
+ "notBefore": 0,
+ "defaultSignatureAlgorithm": "RS256",
+ "revokeRefreshToken": false,
+ "refreshTokenMaxReuse": 0,
+ "accessTokenLifespan": 300,
+ "accessTokenLifespanForImplicitFlow": 900,
+ "ssoSessionIdleTimeout": 1800,
+ "ssoSessionMaxLifespan": 36000,
+ "ssoSessionIdleTimeoutRememberMe": 0,
+ "ssoSessionMaxLifespanRememberMe": 0,
+ "offlineSessionIdleTimeout": 2592000,
+ "offlineSessionMaxLifespanEnabled": false,
+ "offlineSessionMaxLifespan": 5184000,
+ "clientSessionIdleTimeout": 0,
+ "clientSessionMaxLifespan": 0,
+ "clientOfflineSessionIdleTimeout": 0,
+ "clientOfflineSessionMaxLifespan": 0,
+ "accessCodeLifespan": 60,
+ "accessCodeLifespanUserAction": 300,
+ "accessCodeLifespanLogin": 1800,
+ "actionTokenGeneratedByAdminLifespan": 43200,
+ "actionTokenGeneratedByUserLifespan": 300,
+ "oauth2DeviceCodeLifespan": 600,
+ "oauth2DevicePollingInterval": 5,
+ "enabled": true,
+ "sslRequired": "none",
+ "registrationAllowed": false,
+ "registrationEmailAsUsername": false,
+ "rememberMe": false,
+ "verifyEmail": false,
+ "loginWithEmailAllowed": true,
+ "duplicateEmailsAllowed": false,
+ "resetPasswordAllowed": false,
+ "editUsernameAllowed": false,
+ "bruteForceProtected": false,
+ "permanentLockout": false,
+ "maxFailureWaitSeconds": 900,
+ "minimumQuickLoginWaitSeconds": 60,
+ "waitIncrementSeconds": 60,
+ "quickLoginCheckMilliSeconds": 1000,
+ "maxDeltaTimeSeconds": 43200,
+ "failureFactor": 30,
+ "roles": {
+ "realm": [
+ {
+ "id": "075daee1-5ab2-44b5-adbf-fa49a3da8305",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "80a7e04b-a2b5-4891-a2d1-5ad4e915f983",
+ "attributes": {}
+ },
+ {
+ "id": "b4ff9091-ddf9-4536-b175-8cfa3e331d71",
+ "name": "default-roles-test",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "composites": {
+ "realm": ["offline_access", "uma_authorization"],
+ "client": {
+ "account": ["view-profile", "manage-account"]
+ }
+ },
+ "clientRole": false,
+ "containerId": "80a7e04b-a2b5-4891-a2d1-5ad4e915f983",
+ "attributes": {}
+ },
+ {
+ "id": "e6d31555-6be6-4dee-bc6a-40a53108e4c2",
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "80a7e04b-a2b5-4891-a2d1-5ad4e915f983",
+ "attributes": {}
+ }
+ ],
+ "client": {
+ "realm-management": [
+ {
+ "id": "1955bd12-5f86-4a74-b130-d68a8ef6f0ee",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "1109c350-9ab1-426c-9876-ef67d4310f35",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "980c3fd3-1ae3-4b8f-9a00-d764c939035f",
+ "name": "query-users",
+ "description": "${role_query-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "5363e601-0f9d-4633-a8c8-28cb0f859b7b",
+ "name": "query-groups",
+ "description": "${role_query-groups}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "59aa7992-ad78-48db-868a-25d6e1d7db50",
+ "name": "realm-admin",
+ "description": "${role_realm-admin}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "impersonation",
+ "view-authorization",
+ "query-users",
+ "query-groups",
+ "manage-clients",
+ "manage-realm",
+ "view-identity-providers",
+ "query-realms",
+ "manage-authorization",
+ "manage-identity-providers",
+ "manage-users",
+ "view-users",
+ "view-realm",
+ "create-client",
+ "view-clients",
+ "manage-events",
+ "query-clients",
+ "view-events"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "112f53c2-897d-4c01-81db-b8dc10c5b995",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "c7f57bbd-ef32-4a64-9888-7b8abd90777a",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "8885dac8-0af3-45af-94ce-eff5e801bb80",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "2673346c-b0ef-4e01-8a90-be03866093af",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "b7182885-9e57-445f-8dae-17c16eb31b5d",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "ba7bfe0c-cb07-4a47-b92c-b8132b57e181",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "13a8f0fc-647d-4bfe-b525-73956898e550",
+ "name": "query-realms",
+ "description": "${role_query-realms}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "ef4c57dc-78c2-4f9a-8d2b-0e97d46fc842",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "2875da34-006c-4b7f-bfc8-9ae8e46af3a2",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": ["query-users", "query-groups"]
+ }
+ },
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "c8c8f7dc-876b-4263-806f-3329f7cd5fd3",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "21b84f90-5a9a-4845-a7ba-bbd98ac0fcc4",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": ["query-clients"]
+ }
+ },
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "6fd64c94-d663-4501-ad77-0dcf8887d434",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "b321927a-023c-4d2a-99ad-24baf7ff6d83",
+ "name": "query-clients",
+ "description": "${role_query-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ },
+ {
+ "id": "2fc21160-78de-457b-8594-e5c76cde1d5e",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "attributes": {}
+ }
+ ],
+ "test": [],
+ "security-admin-console": [],
+ "admin-cli": [],
+ "account-console": [],
+ "broker": [
+ {
+ "id": "07ee59b5-dca6-48fb-83d4-2994ef02850e",
+ "name": "read-token",
+ "description": "${role_read-token}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "b57d62bb-77ff-42bd-b8ff-381c7288f327",
+ "attributes": {}
+ }
+ ],
+ "account": [
+ {
+ "id": "17d2f811-7bdf-4c73-83b4-1037001797b8",
+ "name": "view-applications",
+ "description": "${role_view-applications}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "77f8127a-261e-4cd8-a77d-b74a389f7fd4",
+ "attributes": {}
+ },
+ {
+ "id": "d1ff44f9-419e-42fd-98e8-1add1169a972",
+ "name": "delete-account",
+ "description": "${role_delete-account}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "77f8127a-261e-4cd8-a77d-b74a389f7fd4",
+ "attributes": {}
+ },
+ {
+ "id": "14c23a18-ae2d-43c9-b0c0-aaf6e0c7f5b0",
+ "name": "manage-account-links",
+ "description": "${role_manage-account-links}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "77f8127a-261e-4cd8-a77d-b74a389f7fd4",
+ "attributes": {}
+ },
+ {
+ "id": "6fbe58af-d2fe-4d66-95fe-a2e8a818cb55",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "77f8127a-261e-4cd8-a77d-b74a389f7fd4",
+ "attributes": {}
+ },
+ {
+ "id": "bdfd02bc-6f6a-47d2-82bc-0ca52d78ff48",
+ "name": "manage-consent",
+ "description": "${role_manage-consent}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": ["view-consent"]
+ }
+ },
+ "clientRole": true,
+ "containerId": "77f8127a-261e-4cd8-a77d-b74a389f7fd4",
+ "attributes": {}
+ },
+ {
+ "id": "782f3b0c-a17b-4a87-988b-1a711401f3b0",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": ["manage-account-links"]
+ }
+ },
+ "clientRole": true,
+ "containerId": "77f8127a-261e-4cd8-a77d-b74a389f7fd4",
+ "attributes": {}
+ },
+ {
+ "id": "8a3bfe15-66d9-4f3d-83ac-801d682d42b0",
+ "name": "view-consent",
+ "description": "${role_view-consent}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "77f8127a-261e-4cd8-a77d-b74a389f7fd4",
+ "attributes": {}
+ }
+ ]
+ }
+ },
+ "groups": [
+ {
+ "id": "d46f94c2-3b47-4288-b937-9cf918e54f0a",
+ "name": "admins",
+ "path": "/admins",
+ "attributes": {},
+ "realmRoles": [],
+ "clientRoles": {},
+ "subGroups": []
+ },
+ {
+ "id": "e992ce15-baac-48a0-8834-06f6fcf6c05b",
+ "name": "curators",
+ "path": "/curators",
+ "attributes": {},
+ "realmRoles": [],
+ "clientRoles": {},
+ "subGroups": []
+ },
+ {
+ "id": "531cf81d-a700-4336-808f-37a49709b48c",
+ "name": "members",
+ "path": "/members",
+ "attributes": {},
+ "realmRoles": [],
+ "clientRoles": {},
+ "subGroups": []
+ }
+ ],
+ "defaultRole": {
+ "id": "b4ff9091-ddf9-4536-b175-8cfa3e331d71",
+ "name": "default-roles-test",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "clientRole": false,
+ "containerId": "80a7e04b-a2b5-4891-a2d1-5ad4e915f983"
+ },
+ "requiredCredentials": ["password"],
+ "otpPolicyType": "totp",
+ "otpPolicyAlgorithm": "HmacSHA1",
+ "otpPolicyInitialCounter": 0,
+ "otpPolicyDigits": 6,
+ "otpPolicyLookAheadWindow": 1,
+ "otpPolicyPeriod": 30,
+ "otpSupportedApplications": ["FreeOTP", "Google Authenticator"],
+ "webAuthnPolicyRpEntityName": "keycloak",
+ "webAuthnPolicySignatureAlgorithms": ["ES256"],
+ "webAuthnPolicyRpId": "",
+ "webAuthnPolicyAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyRequireResidentKey": "not specified",
+ "webAuthnPolicyUserVerificationRequirement": "not specified",
+ "webAuthnPolicyCreateTimeout": 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyAcceptableAaguids": [],
+ "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
+ "webAuthnPolicyPasswordlessRpId": "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout": 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids": [],
+ "users": [
+ {
+ "id": "52cddd46-251c-4534-acc8-0580eeafb577",
+ "createdTimestamp": 1684736014759,
+ "username": "admin",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": true,
+ "firstName": "Dataverse",
+ "lastName": "Admin",
+ "email": "dataverse-admin@mailinator.com",
+ "credentials": [
+ {
+ "id": "28f1ece7-26fb-40f1-9174-5ffce7b85c0a",
+ "type": "password",
+ "userLabel": "Set to \"admin\"",
+ "createdDate": 1684736057302,
+ "secretData": "{\"value\":\"ONI7fl6BmooVTUgwN1W3m7hsRjMAYEr2l+Fp5+7IOYw1iIntwvZ3U3W0ZBcCFJ7uhcKqF101+rueM3dZfoshPQ==\",\"salt\":\"Hj7co7zYVei7xwx8EaYP3A==\",\"additionalParameters\":{}}",
+ "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ }
+ ],
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": ["default-roles-test"],
+ "notBefore": 0,
+ "groups": ["/admins"]
+ },
+ {
+ "id": "a3d8e76d-7e7b-42dc-bbd7-4258818a8a1b",
+ "createdTimestamp": 1684755806552,
+ "username": "affiliate",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": true,
+ "firstName": "Dataverse",
+ "lastName": "Affiliate",
+ "email": "dataverse-affiliate@mailinator.com",
+ "credentials": [
+ {
+ "id": "31c8eb1e-b2a8-4f86-833b-7c0536cd61a1",
+ "type": "password",
+ "userLabel": "My password",
+ "createdDate": 1684755821743,
+ "secretData": "{\"value\":\"T+RQ4nvmjknj7ds8NU7782j6PJ++uCu98zNoDQjIe9IKXah+13q4EcXO9IHmi2BJ7lgT0OIzwIoac4JEQLxhjQ==\",\"salt\":\"fnRmE9WmjAp4tlvGh/bxxQ==\",\"additionalParameters\":{}}",
+ "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ }
+ ],
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": ["default-roles-test"],
+ "notBefore": 0,
+ "groups": []
+ },
+ {
+ "id": "e5531496-cfb8-498c-a902-50c98d649e79",
+ "createdTimestamp": 1684755721064,
+ "username": "curator",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": true,
+ "firstName": "Dataverse",
+ "lastName": "Curator",
+ "email": "dataverse-curator@mailinator.com",
+ "credentials": [
+ {
+ "id": "664546b4-b936-45cf-a4cf-5e98b743fc7f",
+ "type": "password",
+ "userLabel": "My password",
+ "createdDate": 1684755740776,
+ "secretData": "{\"value\":\"AvVqybCNtCBVAdLEeJKresy9tc3c4BBUQvu5uHVQw4IjVagN6FpKGlDEKOrxhzdSM8skEvthOEqJkloPo1w+NQ==\",\"salt\":\"2em2DDRRlNEYsNR3xDqehw==\",\"additionalParameters\":{}}",
+ "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ }
+ ],
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": ["default-roles-test"],
+ "notBefore": 0,
+ "groups": ["/curators"]
+ },
+ {
+ "id": "c0082e7e-a3e9-45e6-95e9-811a34adce9d",
+ "createdTimestamp": 1684755585802,
+ "username": "user",
+ "enabled": true,
+ "totp": false,
+ "emailVerified": true,
+ "firstName": "Dataverse",
+ "lastName": "User",
+ "email": "dataverse-user@mailinator.com",
+ "credentials": [
+ {
+ "id": "00d6d67f-2e30-4da6-a567-bec38a1886a0",
+ "type": "password",
+ "userLabel": "My password",
+ "createdDate": 1684755599597,
+ "secretData": "{\"value\":\"z991rnjznAgosi5nX962HjM8/gN5GLJTdrlvi6G9cj8470X2/oZUb4Lka6s8xImgtEloCgWiKqH0EH9G4Y3a5A==\",\"salt\":\"/Uz7w+2IqDo+fQUGqxjVHw==\",\"additionalParameters\":{}}",
+ "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ }
+ ],
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": ["default-roles-test"],
+ "notBefore": 0,
+ "groups": ["/members"]
+ }
+ ],
+ "scopeMappings": [
+ {
+ "clientScope": "offline_access",
+ "roles": ["offline_access"]
+ }
+ ],
+ "clientScopeMappings": {
+ "account": [
+ {
+ "client": "account-console",
+ "roles": ["manage-account"]
+ }
+ ]
+ },
+ "clients": [
+ {
+ "id": "77f8127a-261e-4cd8-a77d-b74a389f7fd4",
+ "clientId": "account",
+ "name": "${client_account}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/test/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": ["/realms/test/account/*"],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "post.logout.redirect.uris": "+"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": ["web-origins", "acr", "roles", "profile", "email"],
+ "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
+ },
+ {
+ "id": "5d99f721-027c-478d-867d-61114e0a8192",
+ "clientId": "account-console",
+ "name": "${client_account-console}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/test/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": ["/realms/test/account/*"],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "post.logout.redirect.uris": "+",
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "e181a0ce-9a04-4468-a38a-aaef9f78f989",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ],
+ "defaultClientScopes": ["web-origins", "acr", "roles", "profile", "email"],
+ "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
+ },
+ {
+ "id": "5eccc178-121e-4d0f-bcb2-04ae3c2e52ed",
+ "clientId": "admin-cli",
+ "name": "${client_admin-cli}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": ["web-origins", "acr", "roles", "profile", "email"],
+ "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
+ },
+ {
+ "id": "b57d62bb-77ff-42bd-b8ff-381c7288f327",
+ "clientId": "broker",
+ "name": "${client_broker}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": ["web-origins", "acr", "roles", "profile", "email"],
+ "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
+ },
+ {
+ "id": "dada0ae8-ee9f-415a-9685-42da7c563660",
+ "clientId": "realm-management",
+ "name": "${client_realm-management}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {},
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": ["web-origins", "acr", "roles", "profile", "email"],
+ "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
+ },
+ {
+ "id": "bf7cf550-3875-4f97-9878-b2419a854058",
+ "clientId": "security-admin-console",
+ "name": "${client_security-admin-console}",
+ "rootUrl": "${authAdminUrl}",
+ "baseUrl": "/admin/test/console/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": ["/admin/test/console/*"],
+ "webOrigins": ["+"],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "post.logout.redirect.uris": "+",
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "ff845e16-e200-4894-ab51-37d8b9f2a445",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": ["web-origins", "acr", "roles", "profile", "email"],
+ "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
+ },
+ {
+ "id": "9c27faa8-4b8d-4ad9-9cd1-880032ef06aa",
+ "clientId": "test",
+ "name": "A Test Client",
+ "description": "Use for hacking and testing away a confidential client",
+ "rootUrl": "",
+ "adminUrl": "",
+ "baseUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "94XHrfNRwXsjqTqApRrwWmhDLDHpIYV8",
+ "redirectUris": ["*"],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": true,
+ "protocol": "openid-connect",
+ "attributes": {
+ "oidc.ciba.grant.enabled": "false",
+ "client.secret.creation.time": "1684735831",
+ "backchannel.logout.session.required": "true",
+ "display.on.consent.screen": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "defaultClientScopes": ["web-origins", "acr", "roles", "profile", "email"],
+ "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"]
+ }
+ ],
+ "clientScopes": [
+ {
+ "id": "72f29e57-92fa-437b-828c-2b9d6fe56192",
+ "name": "address",
+ "description": "OpenID Connect built-in scope: address",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${addressScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "59581aea-70d6-4ee8-bec2-1fea5fc497ae",
+ "name": "address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-address-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute.formatted": "formatted",
+ "user.attribute.country": "country",
+ "user.attribute.postal_code": "postal_code",
+ "userinfo.token.claim": "true",
+ "user.attribute.street": "street",
+ "id.token.claim": "true",
+ "user.attribute.region": "region",
+ "access.token.claim": "true",
+ "user.attribute.locality": "locality"
+ }
+ }
+ ]
+ },
+ {
+ "id": "f515ec81-3c1b-4d4d-b7a2-e7e8d47b6447",
+ "name": "roles",
+ "description": "OpenID Connect scope for add user roles to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${rolesScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "26d299a8-69e2-4864-9595-17a5b417fc61",
+ "name": "realm roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "id": "d2998083-a8db-4f4e-9aaa-9cad68d65b97",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ },
+ {
+ "id": "7a4cb2e5-07a0-4c16-a024-71df7ddd6868",
+ "name": "client roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "access.token.claim": "true",
+ "claim.name": "resource_access.${client_id}.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "8f1eafef-92d6-434e-b9ec-6edec1fddd0a",
+ "name": "offline_access",
+ "description": "OpenID Connect built-in scope: offline_access",
+ "protocol": "openid-connect",
+ "attributes": {
+ "consent.screen.text": "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen": "true"
+ }
+ },
+ {
+ "id": "c03095aa-b656-447a-9767-0763c2ccb070",
+ "name": "acr",
+ "description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "948b230c-56d0-4000-937c-841cd395d3f9",
+ "name": "acr loa level",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-acr-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "cdf35f63-8ec7-41a0-ae12-f05d415818cc",
+ "name": "phone",
+ "description": "OpenID Connect built-in scope: phone",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${phoneScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "ba4348ff-90b1-4e09-89a8-e5c08b04d3d1",
+ "name": "phone number",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumber",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "e6cceae5-8392-4348-b302-f610ece6056e",
+ "name": "phone number verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumberVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number_verified",
+ "jsonType.label": "boolean"
+ }
+ }
+ ]
+ },
+ {
+ "id": "4318001c-2970-41d3-91b9-e31c08569872",
+ "name": "email",
+ "description": "OpenID Connect built-in scope: email",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${emailScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "406d02a6-866a-4962-8838-e8c58ada1505",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "33baabc1-9bf2-42e4-8b8e-a53c13f0b744",
+ "name": "email verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "emailVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email_verified",
+ "jsonType.label": "boolean"
+ }
+ }
+ ]
+ },
+ {
+ "id": "5277a84f-d727-4c64-8432-d513127beee1",
+ "name": "profile",
+ "description": "OpenID Connect built-in scope: profile",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${profileScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "0a609875-2678-4056-93ef-dd5c03e6059d",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "7c510d18-07ee-4b78-8acd-24b777d11b3c",
+ "name": "website",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "website",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "website",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "0bb6d0ea-195f-49e8-918c-c419a26a661c",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "5f1e644c-1acf-440c-b1a6-b5f65bcebfd9",
+ "name": "profile",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "profile",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "profile",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "c710bdb2-6cfd-4f60-9c4e-730188fc62f7",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "012d5038-0e13-42ba-9df7-2487c8e2eead",
+ "name": "nickname",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "nickname",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "nickname",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "21590b19-517d-4b6d-92f6-d4f71238677e",
+ "name": "updated at",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "updatedAt",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "updated_at",
+ "jsonType.label": "long"
+ }
+ },
+ {
+ "id": "e4cddca7-1360-42f3-9854-da6cbe00c71e",
+ "name": "birthdate",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "birthdate",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "birthdate",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "afee328f-c64c-43e6-80d0-be2721c2ed0e",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "780a1e2c-5b63-46f4-a5bf-dc3fd8ce0cbb",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "userinfo.token.claim": "true"
+ }
+ },
+ {
+ "id": "aeebffff-f776-427e-83ed-064707ffce57",
+ "name": "zoneinfo",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "zoneinfo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "zoneinfo",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "b3e840a2-1794-4da1-bf69-31905cbff0d6",
+ "name": "middle name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "middleName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "middle_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "0607e0e4-4f7f-4214-996d-3599772ce1c7",
+ "name": "picture",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "picture",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "picture",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "426a609b-4e28-4132-af0d-13297b8cb63a",
+ "name": "gender",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "gender",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "gender",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "a1ebde82-ce21-438f-a3ad-261d3eeb1c01",
+ "name": "role_list",
+ "description": "SAML role list",
+ "protocol": "saml",
+ "attributes": {
+ "consent.screen.text": "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "64653ac7-7ffc-4f7c-a589-03e3b68bbd25",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ }
+ ]
+ },
+ {
+ "id": "aeb5b852-dfec-4e67-9d9e-104abe9b3bf2",
+ "name": "web-origins",
+ "description": "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false",
+ "consent.screen.text": ""
+ },
+ "protocolMappers": [
+ {
+ "id": "e2fa8437-a0f1-46fc-af9c-c40fc09cd6a1",
+ "name": "allowed web origins",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-allowed-origins-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ]
+ },
+ {
+ "id": "4fecd0d7-d4ad-457e-90f2-c7202bf01ff5",
+ "name": "microprofile-jwt",
+ "description": "Microprofile - JWT built-in scope",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "a9536634-a9f6-4ed5-a8e7-8379d3b002ca",
+ "name": "upn",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "upn",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "2ce1a702-9458-4926-9b8a-f82c07215755",
+ "name": "groups",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "multivalued": "true",
+ "user.attribute": "foo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "groups",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ }
+ ],
+ "defaultDefaultClientScopes": ["role_list", "profile", "email", "roles", "web-origins", "acr"],
+ "defaultOptionalClientScopes": ["offline_access", "address", "phone", "microprofile-jwt"],
+ "browserSecurityHeaders": {
+ "contentSecurityPolicyReportOnly": "",
+ "xContentTypeOptions": "nosniff",
+ "xRobotsTag": "none",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection": "1; mode=block",
+ "strictTransportSecurity": "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer": {},
+ "eventsEnabled": false,
+ "eventsListeners": ["jboss-logging"],
+ "enabledEventTypes": [],
+ "adminEventsEnabled": false,
+ "adminEventsDetailsEnabled": false,
+ "identityProviders": [],
+ "identityProviderMappers": [],
+ "components": {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
+ {
+ "id": "8115796f-8f1f-4d6a-88f8-ca2938451260",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": ["true"]
+ }
+ },
+ {
+ "id": "044bd055-714d-478e-aa93-303d2161c427",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "saml-user-property-mapper",
+ "oidc-address-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "saml-role-list-mapper",
+ "saml-user-attribute-mapper",
+ "oidc-usermodel-property-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "oidc-full-name-mapper"
+ ]
+ }
+ },
+ {
+ "id": "be465734-3b0f-4370-a144-73db756e23f8",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "oidc-usermodel-attribute-mapper",
+ "saml-user-property-mapper",
+ "oidc-address-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "saml-user-attribute-mapper",
+ "oidc-full-name-mapper",
+ "oidc-usermodel-property-mapper",
+ "saml-role-list-mapper"
+ ]
+ }
+ },
+ {
+ "id": "42a2f64d-ac9e-4221-9cf6-40ff8c868629",
+ "name": "Trusted Hosts",
+ "providerId": "trusted-hosts",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "host-sending-registration-request-must-match": ["true"],
+ "client-uris-must-match": ["true"]
+ }
+ },
+ {
+ "id": "7ca08915-6c33-454c-88f2-20e1d6553b26",
+ "name": "Max Clients Limit",
+ "providerId": "max-clients",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "max-clients": ["200"]
+ }
+ },
+ {
+ "id": "f01f2b6f-3f01-4d01-b2f4-70577c6f599c",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": ["true"]
+ }
+ },
+ {
+ "id": "516d7f21-f21a-4690-831e-36ad313093b2",
+ "name": "Consent Required",
+ "providerId": "consent-required",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "c79df6a0-d4d8-4866-b9e6-8ddb5d1bd38e",
+ "name": "Full Scope Disabled",
+ "providerId": "scope",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ }
+ ],
+ "org.keycloak.userprofile.UserProfileProvider": [
+ {
+ "id": "cf47a21f-c8fb-42f2-9bff-feca967db183",
+ "providerId": "declarative-user-profile",
+ "subComponents": {},
+ "config": {}
+ }
+ ],
+ "org.keycloak.keys.KeyProvider": [
+ {
+ "id": "6b4a2281-a9e8-43ab-aee7-190ae91b2842",
+ "name": "aes-generated",
+ "providerId": "aes-generated",
+ "subComponents": {},
+ "config": {
+ "kid": ["47b9c2c2-32dc-4317-bd8b-1c4e5bb740ca"],
+ "secret": ["9VWsVSqbj5zWa8Mq-rRzOw"],
+ "priority": ["100"]
+ }
+ },
+ {
+ "id": "68e2d2b0-4976-480f-ab76-f84a17686b05",
+ "name": "rsa-enc-generated",
+ "providerId": "rsa-enc-generated",
+ "subComponents": {},
+ "config": {
+ "privateKey": [
+ "MIIEpQIBAAKCAQEAwuIcVVJDncorsQcFef4M/J9dsaNNmwEv/+4pCSZuco7IlA9uCfvwjYgfwQlWoCHCc7JFEtUOXhpLNR0SJ9w2eCC9A/0horjLmiVGU5sGACGrAxSgipt399k83mtkPBTikT1BXumPrX51ovdEPVPQSO0hIBwFn4ZDwA9P/00jNzzswyLC2UDdQrwIjm2xWjq1X82d8mL3+Yp8lF9qD1w305+XPiqCC+TUunKsuCQq5sddet+UoCDsFQyxsJi6cWJrryDvQmiDgM2wm68jn6hyzDE76J1az0wKEGqoMEwIy0juqZCyAqgsm3xA+zHpTcI3EyTwDGpMvWNJp8AWqXPNaQIDAQABAoIBAAethL1+n/6WpUBEaoHcVrq5/2+vo0+dfTyVZNKRFqtG0WOWPzOflFd1HZV7YVPuJI+uPi8ANmsnbh9YcaYg9JiTZ0hMZ++giBf0ID2hZxv995NyXnf7fkoFKghevYG+9mVPtHRmxKlKiPFWfHQjP1ACNKAD2UZdcdbzxicaIkPV/hP996mZA3xaaudggAJq7u/W67H2Q6ofGqW4TI5241d8T+6yobbvXRe4n8FKz4eK2aZv+N+zwh5JDMsJ8050+lCDsyoyakEPf+4veuPkewx4FemAiotDNcmoUQSDL26wLw8kk1uZ9JY0M88OL5pMyBuxTqy0F6BWBltq80mlefECgYEA4vZ8Agu2plXOzWASn0dyhCel3QoeUqNY8D8A+0vK9qWxUE9jMG13jAZmsL2I38SuwRN1DhJezbrn4QTuxTukxgSjLDv/pBp9UnXnCz/fg4yPTYsZ0zHqTMbwvdtfIzBHTCYyIJ+unxVYoenC0XZKSQXA3NN2zNqYpLhjStWdEZECgYEA29DznJxpDZsRUieRxFgZ+eRCjbQ9Q2A46preqMo1KOZ6bt9avxG3uM7pUC+UOeIizeRzxPSJ2SyptYPzdaNwKN3Lq+RhjHe1zYLngXb0CIQaRwNHqePxXF1sg0dTbmcxf+Co7yPG+Nd5nrQq9SQHC3tLTyL6x3VU/yAfMQqUklkCgYEAyVl8iGAV6RkE/4R04OOEv6Ng7WkVn6CUvYZXe5kw9YHnfWUAjS0AOrRPFAsBy+r0UgvN8+7uNjvTjPhQT5/rPVVN4WdVEyQA/E/m6j7/LvhbBaMbBRcqUnTHjNd6XoBtMCxOmkyvoShR2krE8AiuPHwjLoVXxsNDWhbO18wMrVECgYEAlmkICOXNzI2K8Jg62gse2yshjy0BrpSs3XtTWFPkxDPRGwSiZ5OMD10lsMSdvG3MOu5TeTWLDZvOFHJRqPFI0e3Sa7A+P4u6TwF/v8rRePJLuMO5ybo7cWRL2Bh6MlVSPZpQfjIQ+D0Y70uBCXS5jVW0VlYtG0Zh/qDQNxJyTyECgYEAuRINlZ0ag+1QTITapSatbFWd/KquGLpMjZyF4k5gVHs+4zHnnTi1YIDUInp1FJBqKD27z2byy7KFgbMBZQmsDs8i4fgzQrJHe3D4WFFHCjiClbeReejbas9bOnqhSQCiIy1Ck8vMAriAtctSA/g/qq6dQApSgcWaKvTVL2Ywa7E="
+ ],
+ "keyUse": ["ENC"],
+ "certificate": [
+ "MIIClzCCAX8CBgGIQhOIijANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDUyMjA2MDczNloXDTMzMDUyMjA2MDkxNlowDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLiHFVSQ53KK7EHBXn+DPyfXbGjTZsBL//uKQkmbnKOyJQPbgn78I2IH8EJVqAhwnOyRRLVDl4aSzUdEifcNnggvQP9IaK4y5olRlObBgAhqwMUoIqbd/fZPN5rZDwU4pE9QV7pj61+daL3RD1T0EjtISAcBZ+GQ8APT/9NIzc87MMiwtlA3UK8CI5tsVo6tV/NnfJi9/mKfJRfag9cN9Oflz4qggvk1LpyrLgkKubHXXrflKAg7BUMsbCYunFia68g70Jog4DNsJuvI5+ocswxO+idWs9MChBqqDBMCMtI7qmQsgKoLJt8QPsx6U3CNxMk8AxqTL1jSafAFqlzzWkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAIEIfjqOr2m+8s2RR8VW/nBgOgu9HtPRda4qNhGbgBkZ8NDy7TwHqlHo1ujKW5RO438pRyLJmOibWN4a/rkUsSjin6vgy4l8KpQy+7a4cQCQHyl34TmPjbtiw1jKgiOjzRQY54NVwIJNMIMc1ZyQo4u0U30/FxgUv6akXfS5O1ePD+5xKOOC/Af9AletjhQMPwVxXDwFqfQf/p+SM4Pyn4L633MESfDrH8v9FjJd0lV5ZlEI4hpPtnbi9U+CInqCy3VDNlZjsXswaDRujjg3LERfOMvCgj+Dck3FzWG7EiCwXWNEPvdMzv4w7M6KXuiPPQkST8DUWjgkjUCeLBzT3yw=="
+ ],
+ "priority": ["100"],
+ "algorithm": ["RSA-OAEP"]
+ }
+ },
+ {
+ "id": "728769a3-99a4-4cca-959d-28181dfee7e8",
+ "name": "rsa-generated",
+ "providerId": "rsa-generated",
+ "subComponents": {},
+ "config": {
+ "privateKey": [
+ "MIIEowIBAAKCAQEAxIszQCv8bX3sKXJVtuLJV6cH/uhkzxcTEIcDe7y2Y2SFM0x2nF6wRLk8QkvIrRmelilegUIJttqZxLXMpxwUJGizehHQMrOCzNoGBZdVanoK7nNa5+FOYtlvL4GxNfwzS36sp3PnKQiGv5Q7RGuPthjLFfqTmYx/7GTDJC4vLEW5S01Vy/Xc9FE4FsT0hnm91lRWjppc9893M5QUy/TPu8udIuNV87Ko5yiIxQqcPiAQXJaN4CyGaDcYhhzzHdxVptIk2FvtxhpmNxrbtmBCx/o9/rBDQNTis8Ex6ItWC2PvC17UPvyOcZ4Fv/qO0L6JZ0mrpH95CeDU1kEP+KKZrwIDAQABAoIBAGGl6SYiVG1PyTQEXqqY/UCjt3jBnEg5ZhrpgWUKKrGyAO2uOSXSc5AJWfN0NHUwC9b+IbplhW8IJ6qQSmfiLu2x6S2mSQLPphZB4gkIGYNntCOpQ0p+aZP6BGAddt5j+VYyTvR5RKlh15S6QEHrkMB/i/LVBl0c7XeUzlEc8wnyj8DGvlmpcQzIcbWfqEZ/FciDdKGNN0M4V/r1uQiOUVZ69SWDBBwu41YwF7PYUsX83q8zn0nBeMqz0ggSf33lW4w31fox9c7EjIF01gPArE5uT+d+AwjVKHpd08LWGR9W9NSXVOPUKkzOM+PyvKGvzjMnlrm/feqowKQbL2q/GP0CgYEA/EsrvUojkFIWxHc19KJdJvqlYgLeWq6P/J7UmHgpl+S3nG6b9HH4/aM/ICDa5hxd5bmP5p2V3EuZWnyb6/QB5eipC7Ss3oM7XeS/PwvTp6NTC1fypx2zHKse3iuLeCGneRxiw15mB02ArJ/qJw/VSQK2J7RiR4+b6HYpdzQnIysCgYEAx25dTQqskQqsx/orJzuUqfNv/C0W4vqfz1eL3akFrdK+YqghXKFsDmh61JpTrTKnRLAdQeyOrhKwbNsdxSEEaeeLayKLVlimoFXGd/LZb5LQiwFcrvTzhnB+FLmFgqTnuLkpfY1woHEwSW9TpJewjbT9S6g0L2uh223nVXuLMY0CgYEA3pMOlmMGtvbEoTSuRBDNb2rmZm4zbfrcijgxRAWWZCtiFL68FU5LJLBVK2nw09sot1cabZCOuhdzxhFymRneZs73+5y8eV17DV2VnvA3HIiI5dQD/YzFDECm7ceqtiOylLUHKGZqSn0ETMaTkzxzpIKg4qxPm+RE3jMIZ+J5uJsCgYBk2iUIrtsxxgo2Xwavomu9vkPlbQ/j3QYwHn+2qqEalDZ/QbMNWvyAFMn49cpXDgSUsdM54V0OHpllkzFs3ROUUumoViHMmqw47OefBQp8Z+xaP2gVef4lAIJiDKe9t5MPUWPwADTyjgrzN/8+fw9juiFVv0wUpwOFKgEQs5diiQKBgC6RpZESc5Nl4nHrDvIl5n/zYED6BaXoLl15NhcoBudt5SIRO/RpvBW69A7aE/UK6p7WXjq4mP1ssIWz4KgATCoXUgYvn0a7Ql79r/CMce6/FvcuweED6u6bD0kdXuYhe8fR9IPmLfnnb4Cx3JOJeRZbiBSP5HOZJ7nsKibxcgPm"
+ ],
+ "keyUse": ["SIG"],
+ "certificate": [
+ "MIIClzCCAX8CBgGIQhOHjjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDUyMjA2MDczNloXDTMzMDUyMjA2MDkxNlowDzENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSLM0Ar/G197ClyVbbiyVenB/7oZM8XExCHA3u8tmNkhTNMdpxesES5PEJLyK0ZnpYpXoFCCbbamcS1zKccFCRos3oR0DKzgszaBgWXVWp6Cu5zWufhTmLZby+BsTX8M0t+rKdz5ykIhr+UO0Rrj7YYyxX6k5mMf+xkwyQuLyxFuUtNVcv13PRROBbE9IZ5vdZUVo6aXPfPdzOUFMv0z7vLnSLjVfOyqOcoiMUKnD4gEFyWjeAshmg3GIYc8x3cVabSJNhb7cYaZjca27ZgQsf6Pf6wQ0DU4rPBMeiLVgtj7wte1D78jnGeBb/6jtC+iWdJq6R/eQng1NZBD/iima8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAe0Bo1UpGfpOlJiVhp0XWExm8bdxFgXOU2M5XeZBsWAqBehvJkzn+tbAtlVNiIiN58XFFpH+xLZ2nJIZR5FHeCD3bYAgK72j5k45HJI95vPyslelfT/m3Np78+1iUa1U1WxN40JaowP1EeTkk5O8Pk4zTQ1Ne1usmKd+SJxI1KWN0kKuVFMmdNRb5kQKWeQvOSlWl7rd4bvHGvVnxgcPC1bshEJKRt+VpaUjpm6CKd8C3Kt7IWfIX4HTVhKZkmLn7qv6aSfwWelwZfLdaXcLXixqzqNuUk/VWbF9JT4iiag9F3mt7xryIkoRp1AEjCA82HqK72F4JCFyOhCiGrMfKJw=="
+ ],
+ "priority": ["100"]
+ }
+ },
+ {
+ "id": "f30af2d2-d042-43b8-bc6d-22f6bab6934c",
+ "name": "hmac-generated",
+ "providerId": "hmac-generated",
+ "subComponents": {},
+ "config": {
+ "kid": ["6f0d9688-e974-42b4-9d84-8d098c51007c"],
+ "secret": [
+ "8nruwD66Revr9k21e-BHtcyvNzAMFOsstxSAB0Gdy2qe2qGRm2kYOwsPzrH9ZQSdj2041SraKo6a3SHvCyTBAQ"
+ ],
+ "priority": ["100"],
+ "algorithm": ["HS256"]
+ }
+ }
+ ]
+ },
+ "internationalizationEnabled": false,
+ "supportedLocales": [],
+ "authenticationFlows": [
+ {
+ "id": "94c65ba1-ba50-4be2-94c4-de656145eb67",
+ "alias": "Account verification options",
+ "description": "Method with which to verity the existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-email-verification",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "3b706ddf-c4b6-498a-803c-772878bc9bc3",
+ "alias": "Authentication Options",
+ "description": "Authentication options.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "basic-auth",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "basic-auth-otp",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "9ea0b8f6-882c-45ad-9110-78adf5a5d233",
+ "alias": "Browser - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "99c5ba83-b585-4601-b740-1a26670bf4e9",
+ "alias": "Direct Grant - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "65b73dec-7dd1-4de8-b542-a023b7104afc",
+ "alias": "First broker login - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "9a26b76f-da95-43f1-8da3-16c4a0654f07",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Account verification options",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "0a77285e-d7d5-4b6c-aa9a-3eadb5e7e3d3",
+ "alias": "Reset - Conditional OTP",
+ "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "cb6c0b3b-2f5f-4493-9d14-6130f8b58dd7",
+ "alias": "User creation or linking",
+ "description": "Flow for the existing/non-existing user alternatives",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "0fd3db1b-e93d-4768-82ca-a1498ddc11d0",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "First broker login - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "86610e70-f9f5-4c11-8a9e-9de1770565fb",
+ "alias": "browser",
+ "description": "browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "autheticatorFlow": true,
+ "flowAlias": "forms",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "f6aa23dd-8532-4d92-9780-3ea226481e3b",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-secret-jwt",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-x509",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 40,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "4d2caf65-1703-4ddb-8890-70232e91bcd8",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 30,
+ "autheticatorFlow": true,
+ "flowAlias": "Direct Grant - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "eaa20c41-5334-4fb4-8c45-fb9cc71f7f74",
+ "alias": "docker auth",
+ "description": "Used by Docker clients to authenticate against the IDP",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "docker-http-basic-authenticator",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "b9febfb1-f0aa-4590-b782-272a4aa11575",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "User creation or linking",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "03bb6ff4-eccb-4f2f-8953-3769f78c3bf3",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Browser - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "38385189-246b-4ea0-ac05-d49dfe1709da",
+ "alias": "http challenge",
+ "description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "no-cookie-redirect",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Authentication Options",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "1022f3c2-0469-41c9-861e-918908f103df",
+ "alias": "registration",
+ "description": "registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": true,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "00d36c3b-e1dc-41f8-bfd0-5f8c80ea07e8",
+ "alias": "registration form",
+ "description": "registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-profile-action",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 40,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 60,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "4374c16e-8c65-4168-94c2-df1ab3f3e6ad",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-password",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 40,
+ "autheticatorFlow": true,
+ "flowAlias": "Reset - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "04d6ed6a-76c9-41fb-9074-bff8a80c2286",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ }
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "e7bad67d-1236-430a-a327-9194f9d1e2b0",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "287b5989-a927-4cf5-8067-74594ce19bc1",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
+ }
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 10,
+ "config": {}
+ },
+ {
+ "alias": "terms_and_conditions",
+ "name": "Terms and Conditions",
+ "providerId": "terms_and_conditions",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 20,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 30,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 40,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 50,
+ "config": {}
+ },
+ {
+ "alias": "delete_account",
+ "name": "Delete Account",
+ "providerId": "delete_account",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 60,
+ "config": {}
+ },
+ {
+ "alias": "webauthn-register",
+ "name": "Webauthn Register",
+ "providerId": "webauthn-register",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 70,
+ "config": {}
+ },
+ {
+ "alias": "webauthn-register-passwordless",
+ "name": "Webauthn Register Passwordless",
+ "providerId": "webauthn-register-passwordless",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 80,
+ "config": {}
+ },
+ {
+ "alias": "update_user_locale",
+ "name": "Update User Locale",
+ "providerId": "update_user_locale",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 1000,
+ "config": {}
+ }
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "dockerAuthenticationFlow": "docker auth",
+ "attributes": {
+ "cibaBackchannelTokenDeliveryMode": "poll",
+ "cibaAuthRequestedUserHint": "login_hint",
+ "oauth2DevicePollingInterval": "5",
+ "clientOfflineSessionMaxLifespan": "0",
+ "clientSessionIdleTimeout": "0",
+ "clientOfflineSessionIdleTimeout": "0",
+ "cibaInterval": "5",
+ "cibaExpiresIn": "120",
+ "oauth2DeviceCodeLifespan": "600",
+ "parRequestUriLifespan": "60",
+ "clientSessionMaxLifespan": "0",
+ "frontendUrl": ""
+ },
+ "keycloakVersion": "19.0.3",
+ "userManagedAccessAllowed": false,
+ "clientProfiles": {
+ "profiles": []
+ },
+ "clientPolicies": {
+ "policies": []
+ }
+}
diff --git a/dev-env/nginx.conf b/dev-env/nginx.conf
index e74dfe423..9c02e0a82 100644
--- a/dev-env/nginx.conf
+++ b/dev-env/nginx.conf
@@ -2,12 +2,71 @@ events {}
http {
server {
listen 80;
- server_name localhost;
+ server_name localhost;
+ # Default route for other URLs
location / {
proxy_pass http://dataverse:8080;
}
+ # Keycloak reverse proxy for /realms
+ location /realms {
+ proxy_pass http://keycloak:9080;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Port $server_port;
+ }
+
+ # Specific route for /resources/images
+ location /resources/images {
+ proxy_pass http://dataverse:8080;
+ }
+
+ # Specific route for /resources/css
+ location /resources/css {
+ proxy_pass http://dataverse:8080;
+ }
+
+ # Specific route for /resources/js
+ location /resources/js {
+ proxy_pass http://dataverse:8080;
+ }
+
+ # Specific route for /resources/dev
+ location /resources/dev {
+ proxy_pass http://dataverse:8080;
+ }
+
+ # Specific route for /resources/fontcustom
+ location /resources/fontcustom {
+ proxy_pass http://dataverse:8080;
+ }
+
+ # Specific route for /resources/iqbs
+ location /resources/iqbs {
+ proxy_pass http://dataverse:8080;
+ }
+
+ # General route for other /resources routes, handled by Keycloak
+ location /resources {
+ proxy_pass http://keycloak:9080;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Port $server_port;
+ }
+
+ # Keycloak reverse proxy for /admin
+ location /admin {
+ proxy_pass http://keycloak:9080;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-Port $server_port;
+ }
+
+ # Route for SPA frontend
location /spa {
proxy_pass http://frontend:5173;
proxy_http_version 1.1;
diff --git a/package-lock.json b/package-lock.json
index 3bdd7d4ac..7fe8ca078 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
"version": "0.1.0",
"dependencies": {
"@faker-js/faker": "7.6.0",
- "@iqss/dataverse-client-javascript": "2.0.0-alpha.1",
+ "@iqss/dataverse-client-javascript": "2.0.0-pr201.c64af18",
"@iqss/dataverse-design-system": "*",
"@istanbuljs/nyc-config-typescript": "1.0.2",
"@tanstack/react-table": "8.9.2",
@@ -36,6 +36,7 @@
"react-infinite-scroll-hook": "4.1.1",
"react-loader-spinner": "5.3.4",
"react-markdown": "8.0.7",
+ "react-oauth2-code-pkce": "1.20.2",
"react-router-dom": "6.23.1",
"react-topbar-progress-indicator": "4.1.1",
"sass": "1.58.1",
@@ -3674,9 +3675,9 @@
},
"node_modules/@iqss/dataverse-client-javascript": {
"name": "@IQSS/dataverse-client-javascript",
- "version": "2.0.0-alpha.1",
- "resolved": "https://npm.pkg.github.com/download/@IQSS/dataverse-client-javascript/2.0.0-alpha.1/5c1b7dc4ae62ec38d5a93c79ec2452b5de0bb729",
- "integrity": "sha512-ItrxNcTlcxBy/4baX05dujMdBrMYAhePOAbNRJv+aspPmv5KSua3FkiM1vm+7mAZbR7x+6nRjmejZxcGwhN0aA==",
+ "version": "2.0.0-pr201.c64af18",
+ "resolved": "https://npm.pkg.github.com/download/@IQSS/dataverse-client-javascript/2.0.0-pr201.c64af18/7713e5dfc2f1f9c1a1b1095d03838744f21e2747",
+ "integrity": "sha512-muG2l/xQL62x5BndMae/b2+5EQQHa7n617VVazuQFCjDzZM2rJOf4dafLrmfd6+8hTq9CRfaqe9zV2h9H871XQ==",
"license": "MIT",
"dependencies": {
"@types/node": "^18.15.11",
@@ -35897,6 +35898,14 @@
"resolved": "https://registry.npmjs.org/react-is/-/react-is-18.2.0.tgz",
"integrity": "sha512-xWGDIW6x921xtzPkhiULtthJHoJvBbF3q26fzloPCK0hsvxtPVelvftw3zjbHWSkR2km9Z+4uxbDDK/6Zw9B8w=="
},
+ "node_modules/react-oauth2-code-pkce": {
+ "version": "1.20.2",
+ "resolved": "https://registry.npmjs.org/react-oauth2-code-pkce/-/react-oauth2-code-pkce-1.20.2.tgz",
+ "integrity": "sha512-ZnGX7I4opkTdXK3OXY7fIJTTSia3wy/pmMf2a/TPcQ8ZlYhNe5HiOf2DYOcpqROQttmmKaZ8OnNd28A/Umv5ew==",
+ "peerDependencies": {
+ "react": ">=16.8.0"
+ }
+ },
"node_modules/react-property": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/react-property/-/react-property-2.0.0.tgz",
diff --git a/package.json b/package.json
index 55aba4600..aa1ed767a 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,7 @@
},
"dependencies": {
"@faker-js/faker": "7.6.0",
- "@iqss/dataverse-client-javascript": "2.0.0-alpha.1",
+ "@iqss/dataverse-client-javascript": "2.0.0-pr201.c64af18",
"@iqss/dataverse-design-system": "*",
"@istanbuljs/nyc-config-typescript": "1.0.2",
"@tanstack/react-table": "8.9.2",
@@ -42,6 +42,7 @@
"react-markdown": "8.0.7",
"react-router-dom": "6.23.1",
"react-topbar-progress-indicator": "4.1.1",
+ "react-oauth2-code-pkce": "1.20.2",
"sass": "1.58.1",
"typescript": "4.9.5",
"use-deep-compare": "1.2.1",
diff --git a/src/App.tsx b/src/App.tsx
index 080ff35c1..25312508d 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -1,23 +1,45 @@
+import { AuthProvider, TAuthConfig, TRefreshTokenExpiredEvent } from 'react-oauth2-code-pkce'
import { ApiConfig } from '@iqss/dataverse-client-javascript/dist/core'
+import { DataverseApiAuthMechanism } from '@iqss/dataverse-client-javascript/dist/core/infra/repositories/ApiConfig'
import { Router } from './router'
import { SessionProvider } from './sections/session/SessionProvider'
import { UserJSDataverseRepository } from './users/infrastructure/repositories/UserJSDataverseRepository'
-import { DataverseApiAuthMechanism } from '@iqss/dataverse-client-javascript/dist/core/infra/repositories/ApiConfig'
-import { BASE_URL } from './config'
+import { Route } from './sections/Route.enum'
+import { DATAVERSE_BACKEND_URL } from './config'
import 'react-loading-skeleton/dist/skeleton.css'
-if (BASE_URL === '') {
+if (DATAVERSE_BACKEND_URL === '') {
throw Error('VITE_DATAVERSE_BACKEND_URL environment variable should be specified.')
} else {
- ApiConfig.init(`${BASE_URL}/api/v1`, DataverseApiAuthMechanism.SESSION_COOKIE)
+ ApiConfig.init(`${DATAVERSE_BACKEND_URL}/api/v1`, DataverseApiAuthMechanism.BEARER_TOKEN)
+}
+
+const origin = window.location.origin
+const BASENAME_URL = import.meta.env.BASE_URL ?? ''
+
+const authConfig: TAuthConfig = {
+ clientId: 'test',
+ authorizationEndpoint: `${origin}/realms/test/protocol/openid-connect/auth`,
+ tokenEndpoint: `${origin}/realms/test/protocol/openid-connect/token`,
+ logoutEndpoint: `${origin}/realms/test/protocol/openid-connect/logout`,
+ logoutRedirect: `${origin}${BASENAME_URL}`,
+ redirectUri: `${origin}${BASENAME_URL}${Route.AUTH_CALLBACK}`,
+ scope: 'openid',
+ onRefreshTokenExpire: (event: TRefreshTokenExpiredEvent) =>
+ event.logIn(undefined, undefined, 'popup'),
+ autoLogin: false,
+ clearURL: false
}
const userRepository = new UserJSDataverseRepository()
+
function App() {
return (
-
-
-
+
+
+
+
+
)
}
diff --git a/src/config.ts b/src/config.ts
index 9ea389068..4d4037d3e 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -1 +1 @@
-export const BASE_URL = (import.meta.env.VITE_DATAVERSE_BACKEND_URL as string) ?? ''
+export const DATAVERSE_BACKEND_URL = (import.meta.env.VITE_DATAVERSE_BACKEND_URL as string) ?? ''
diff --git a/src/files/infrastructure/FileJSDataverseRepository.ts b/src/files/infrastructure/FileJSDataverseRepository.ts
index 2b204a17f..27552ddb9 100644
--- a/src/files/infrastructure/FileJSDataverseRepository.ts
+++ b/src/files/infrastructure/FileJSDataverseRepository.ts
@@ -25,7 +25,7 @@ import { JSFileMapper } from './mappers/JSFileMapper'
import { DatasetVersion, DatasetVersionNumber } from '../../dataset/domain/models/Dataset'
import { File } from '../domain/models/File'
import { FilePaginationInfo } from '../domain/models/FilePaginationInfo'
-import { BASE_URL } from '../../config'
+import { DATAVERSE_BACKEND_URL } from '../../config'
import { FilePreview } from '../domain/models/FilePreview'
import { JSFilesCountInfoMapper } from './mappers/JSFilesCountInfoMapper'
import { JSFileMetadataMapper } from './mappers/JSFileMetadataMapper'
@@ -37,7 +37,7 @@ import { FileHolder } from '../domain/models/FileHolder'
const includeDeaccessioned = true
export class FileJSDataverseRepository implements FileRepository {
- static readonly DATAVERSE_BACKEND_URL = BASE_URL
+ static readonly DATAVERSE_BACKEND_URL = DATAVERSE_BACKEND_URL
getAllByDatasetPersistentId(
datasetPersistentId: string,
diff --git a/src/router/ProtectedRoute.tsx b/src/router/ProtectedRoute.tsx
index ca7ae4886..974604683 100644
--- a/src/router/ProtectedRoute.tsx
+++ b/src/router/ProtectedRoute.tsx
@@ -1,23 +1,32 @@
-import { Outlet } from 'react-router-dom'
-import { Route } from '../sections/Route.enum'
-import { useSession } from '../sections/session/SessionContext'
+import { useContext, useEffect } from 'react'
+import { Outlet, useLocation } from 'react-router-dom'
+import { AuthContext } from 'react-oauth2-code-pkce'
import { AppLoader } from '../sections/shared/layout/app-loader/AppLoader'
-import { BASE_URL } from '../config'
+import { encodeReturnToPathInStateQueryParam } from '@/sections/auth-callback/AuthCallback'
+
+/**
+ * This component is responsible for protecting routes that require authentication.
+ * If we dont have a token, we redirect the user to the OIDC login page with the current pathname as a state parameter.
+ * This state parameter is used to redirect the user back to their former intended pathname after the OIDC login is complete.
+ */
export const ProtectedRoute = () => {
- const { user, isLoadingUser } = useSession()
+ const { pathname, search } = useLocation()
+ const { token, loginInProgress, logIn: oidcLogin } = useContext(AuthContext)
- if (isLoadingUser) {
- return
- }
+ useEffect(() => {
+ if (loginInProgress) return
- if (!user) {
- window.location.href = `${BASE_URL}${Route.LOG_IN}`
- return null
- }
+ if (!token) {
+ const state = encodeReturnToPathInStateQueryParam(`${pathname}${search}`)
- // When we have the login page inside the SPA, we can use the following code:
- // return !user ? :
+ oidcLogin(state)
+ }
+ }, [token, oidcLogin, pathname, loginInProgress, search])
+
+ if (loginInProgress) {
+ return
+ }
return
}
diff --git a/src/router/routes.tsx b/src/router/routes.tsx
index 2bcf0df06..ecdf6425d 100644
--- a/src/router/routes.tsx
+++ b/src/router/routes.tsx
@@ -4,6 +4,7 @@ import { Route } from '../sections/Route.enum'
import { Layout } from '../sections/layout/Layout'
import { PageNotFound } from '../sections/page-not-found/PageNotFound'
import { ProtectedRoute } from './ProtectedRoute'
+import { AuthCallback } from '../sections/auth-callback/AuthCallback'
import { AppLoader } from '../sections/shared/layout/app-loader/AppLoader'
const Homepage = lazy(() =>
@@ -112,6 +113,10 @@ export const routes: RouteObject[] = [
)
},
+ {
+ path: Route.AUTH_CALLBACK,
+ element:
+ },
// 🔐 Protected routes are only accessible to authenticated users
{
element: ,
diff --git a/src/sections/Route.enum.ts b/src/sections/Route.enum.ts
index e2d5a5248..e53b8ea93 100644
--- a/src/sections/Route.enum.ts
+++ b/src/sections/Route.enum.ts
@@ -13,7 +13,8 @@ export enum Route {
COLLECTIONS_BASE = '/collections',
COLLECTIONS = '/collections/:collectionId',
CREATE_COLLECTION = '/collections/:ownerCollectionId/create',
- ACCOUNT = '/account'
+ ACCOUNT = '/account',
+ AUTH_CALLBACK = '/auth-callback'
}
export const RouteWithParams = {
@@ -30,5 +31,6 @@ export enum QueryParamKey {
QUERY = 'q',
COLLECTION_ITEM_TYPES = 'types',
PAGE = 'page',
- COLLECTION_ID = 'collectionId'
+ COLLECTION_ID = 'collectionId',
+ AUTH_STATE = 'state'
}
diff --git a/src/sections/auth-callback/AuthCallback.tsx b/src/sections/auth-callback/AuthCallback.tsx
new file mode 100644
index 000000000..5f3b0862a
--- /dev/null
+++ b/src/sections/auth-callback/AuthCallback.tsx
@@ -0,0 +1,59 @@
+import { useContext, useEffect } from 'react'
+import { useNavigate, useSearchParams } from 'react-router-dom'
+import { AuthContext } from 'react-oauth2-code-pkce'
+import { QueryParamKey } from '../Route.enum'
+import { AppLoader } from '../shared/layout/app-loader/AppLoader'
+
+export type AuthStateQueryParamValue = { returnTo: string }
+
+/**
+ * This component will we rendered as redirectUri page after the OIDC login is complete.
+ * It will redirect the user to the intended page before the OIDC login was initiated.
+ * If the state parameter is not present, the user will be redirected to the homepage.
+ */
+
+export const AuthCallback = () => {
+ const navigate = useNavigate()
+ const { loginInProgress } = useContext(AuthContext)
+ const [searchParams] = useSearchParams()
+
+ const stateQueryParam = searchParams.get(QueryParamKey.AUTH_STATE)
+
+ useEffect(() => {
+ if (loginInProgress) return
+
+ if (!stateQueryParam) {
+ navigate('/', { replace: true })
+ return
+ }
+
+ const returnToPath = decodeReturnToPathFromStateQueryParam(stateQueryParam)
+
+ navigate(returnToPath, { replace: true })
+ }, [stateQueryParam, navigate, loginInProgress])
+
+ return
+}
+
+export const encodeReturnToPathInStateQueryParam = (returnToPath: string): string => {
+ const returnToObject: AuthStateQueryParamValue = { returnTo: returnToPath }
+
+ return encodeURIComponent(JSON.stringify(returnToObject))
+}
+
+export const decodeReturnToPathFromStateQueryParam = (stateQueryParam: string): string => {
+ const decodedStateQueryParam = decodeURIComponent(stateQueryParam)
+ const parsedStateQueryParam = JSON.parse(decodedStateQueryParam) as unknown
+
+ if (isReturnToObject(parsedStateQueryParam)) {
+ return parsedStateQueryParam.returnTo
+ }
+
+ return '/'
+}
+
+function isReturnToObject(obj: unknown): obj is AuthStateQueryParamValue {
+ return (
+ obj !== null && typeof obj === 'object' && 'returnTo' in obj && typeof obj.returnTo === 'string'
+ )
+}
diff --git a/src/sections/file/file-metadata/FileMetadata.tsx b/src/sections/file/file-metadata/FileMetadata.tsx
index 88f079926..13ac0d878 100644
--- a/src/sections/file/file-metadata/FileMetadata.tsx
+++ b/src/sections/file/file-metadata/FileMetadata.tsx
@@ -4,7 +4,7 @@ import { FileLabels } from '../file-labels/FileLabels'
import styles from './FileMetadata.module.scss'
import { DateHelper } from '../../../shared/helpers/DateHelper'
import { FileEmbargoDate } from '../file-embargo/FileEmbargoDate'
-import { BASE_URL } from '../../../config'
+import { DATAVERSE_BACKEND_URL } from '../../../config'
import { Trans, useTranslation } from 'react-i18next'
import { FileMetadata as FileMetadataModel } from '../../../files/domain/models/FileMetadata'
import { FilePermissions } from '../../../files/domain/models/FilePermissions'
@@ -71,7 +71,7 @@ export function FileMetadata({
- {BASE_URL}
+ {DATAVERSE_BACKEND_URL}
{removeQueryParams(metadata.downloadUrls.original)}
diff --git a/src/sections/layout/header/Header.module.scss b/src/sections/layout/header/Header.module.scss
index 3a24ccd5b..009b2e3ce 100644
--- a/src/sections/layout/header/Header.module.scss
+++ b/src/sections/layout/header/Header.module.scss
@@ -1,3 +1,10 @@
+@import 'node_modules/@iqss/dataverse-design-system/src/lib/assets/styles/design-tokens/colors.module';
+
.navbar {
box-shadow: 0 1px 5px rgba(0 0 0 / 10%);
+
+ .login-btn {
+ color: var(--bs-nav-link-color);
+ text-decoration: none;
+ }
}
diff --git a/src/sections/layout/header/Header.tsx b/src/sections/layout/header/Header.tsx
index 092b7b8ef..e39a50a12 100644
--- a/src/sections/layout/header/Header.tsx
+++ b/src/sections/layout/header/Header.tsx
@@ -1,11 +1,14 @@
-import dataverse_logo from '../../../assets/dataverse_brand_icon.svg'
+import { useContext } from 'react'
+import { AuthContext } from 'react-oauth2-code-pkce'
+import { useLocation } from 'react-router-dom'
import { useTranslation } from 'react-i18next'
-import { Navbar } from '@iqss/dataverse-design-system'
-import { Route } from '../../Route.enum'
-import { useSession } from '../../session/SessionContext'
-import { BASE_URL } from '../../../config'
+import { Button, Navbar } from '@iqss/dataverse-design-system'
+import dataverse_logo from '@/assets/dataverse_brand_icon.svg'
+import { Route } from '@/sections/Route.enum'
+import { useSession } from '@/sections/session/SessionContext'
import { LoggedInHeaderActions } from './LoggedInHeaderActions'
-import { CollectionJSDataverseRepository } from '../../../collection/infrastructure/repositories/CollectionJSDataverseRepository'
+import { CollectionJSDataverseRepository } from '@/collection/infrastructure/repositories/CollectionJSDataverseRepository'
+import { encodeReturnToPathInStateQueryParam } from '@/sections/auth-callback/AuthCallback'
import styles from './Header.module.scss'
const collectionRepository = new CollectionJSDataverseRepository()
@@ -13,6 +16,15 @@ const collectionRepository = new CollectionJSDataverseRepository()
export function Header() {
const { t } = useTranslation('header')
const { user } = useSession()
+ const { pathname, search } = useLocation()
+
+ const { logIn: oidcLogin } = useContext(AuthContext)
+
+ const handleOidcLogIn = () => {
+ const state = encodeReturnToPathInStateQueryParam(`${pathname}${search}`)
+
+ oidcLogin(state)
+ }
return (
) : (
- <>
- {t('logIn')}
- {t('signUp')}
-
+
)}
)
diff --git a/src/sections/layout/header/LoggedInHeaderActions.tsx b/src/sections/layout/header/LoggedInHeaderActions.tsx
index 1d44f715e..2f47f6d87 100644
--- a/src/sections/layout/header/LoggedInHeaderActions.tsx
+++ b/src/sections/layout/header/LoggedInHeaderActions.tsx
@@ -1,15 +1,14 @@
+import { useContext } from 'react'
+import { AuthContext } from 'react-oauth2-code-pkce'
import { useTranslation } from 'react-i18next'
-import { Link, useNavigate } from 'react-router-dom'
+import { Link } from 'react-router-dom'
import { Navbar } from '@iqss/dataverse-design-system'
-import { useGetCollectionUserPermissions } from '../../../shared/hooks/useGetCollectionUserPermissions'
-import { useSession } from '../../session/SessionContext'
-import { RouteWithParams, Route } from '../../Route.enum'
-import { User } from '../../../users/domain/models/User'
-import { CollectionRepository } from '../../../collection/domain/repositories/CollectionRepository'
-import { ROOT_COLLECTION_ALIAS } from '../../../collection/domain/models/Collection'
-import { AccountHelper } from '../../account/AccountHelper'
-
-const currentPage = 0
+import { User } from '@/users/domain/models/User'
+import { useGetCollectionUserPermissions } from '@/shared/hooks/useGetCollectionUserPermissions'
+import { RouteWithParams, Route } from '@/sections//Route.enum'
+import { CollectionRepository } from '@/collection/domain/repositories/CollectionRepository'
+import { ROOT_COLLECTION_ALIAS } from '@/collection/domain/models/Collection'
+import { AccountHelper } from '@/sections/account/AccountHelper'
interface LoggedInHeaderActionsProps {
user: User
@@ -21,18 +20,16 @@ export const LoggedInHeaderActions = ({
collectionRepository
}: LoggedInHeaderActionsProps) => {
const { t } = useTranslation('header')
- const { logout } = useSession()
- const navigate = useNavigate()
+
+ const { logOut: oidcLogout } = useContext(AuthContext)
const { collectionUserPermissions } = useGetCollectionUserPermissions({
collectionIdOrAlias: ROOT_COLLECTION_ALIAS,
collectionRepository: collectionRepository
})
- const onLogoutClick = () => {
- void logout().then(() => {
- navigate(currentPage)
- })
+ const handleOidcLogout = () => {
+ oidcLogout()
}
const createCollectionRoute = RouteWithParams.CREATE_COLLECTION()
@@ -60,7 +57,7 @@ export const LoggedInHeaderActions = ({
to={`${Route.ACCOUNT}?${AccountHelper.ACCOUNT_PANEL_TAB_QUERY_KEY}=${AccountHelper.ACCOUNT_PANEL_TABS_KEYS.apiToken}`}>
{t('navigation.apiToken')}
-
+
{t('logOut')}
diff --git a/src/sections/session/SessionProvider.tsx b/src/sections/session/SessionProvider.tsx
index 6a2152c38..08a360cbc 100644
--- a/src/sections/session/SessionProvider.tsx
+++ b/src/sections/session/SessionProvider.tsx
@@ -1,4 +1,5 @@
-import { PropsWithChildren, useEffect, useState } from 'react'
+import { PropsWithChildren, useContext, useEffect, useState } from 'react'
+import { AuthContext } from 'react-oauth2-code-pkce'
import { User } from '../../users/domain/models/User'
import { SessionContext } from './SessionContext'
import { getUser } from '../../users/domain/useCases/getUser'
@@ -9,6 +10,7 @@ interface SessionProviderProps {
repository: UserRepository
}
export function SessionProvider({ repository, children }: PropsWithChildren) {
+ const { token, loginInProgress } = useContext(AuthContext)
const [user, setUser] = useState(null)
const [isLoadingUser, setIsLoadingUser] = useState(true)
@@ -26,8 +28,10 @@ export function SessionProvider({ repository, children }: PropsWithChildren {
return logOut(repository)
diff --git a/tests/component/sections/file/file-metadata/FileMetadata.spec.tsx b/tests/component/sections/file/file-metadata/FileMetadata.spec.tsx
index 7e2e09a1e..ad8a5bb79 100644
--- a/tests/component/sections/file/file-metadata/FileMetadata.spec.tsx
+++ b/tests/component/sections/file/file-metadata/FileMetadata.spec.tsx
@@ -1,6 +1,6 @@
import { FileMetadata } from '../../../../../src/sections/file/file-metadata/FileMetadata'
import { FileMother } from '../../../files/domain/models/FileMother'
-import { BASE_URL } from '../../../../../src/config'
+import { DATAVERSE_BACKEND_URL } from '../../../../../src/config'
import { FileSizeUnit } from '../../../../../src/files/domain/models/FileMetadata'
import {
FileEmbargoMother,
@@ -118,7 +118,7 @@ describe('FileMetadata', () => {
)
cy.findByText('Download URL').should('exist')
- cy.findByText(`${BASE_URL}/api/datafile/3`).should('exist')
+ cy.findByText(`${DATAVERSE_BACKEND_URL}/api/datafile/3`).should('exist')
cy.findByText(
'Use the Download URL in a Wget command or a download manager to avoid interrupted downloads, time outs or other failures.'
).should('exist')
diff --git a/tests/e2e-integration/shared/TestsUtils.ts b/tests/e2e-integration/shared/TestsUtils.ts
index 5df3e1d75..78ee00b96 100644
--- a/tests/e2e-integration/shared/TestsUtils.ts
+++ b/tests/e2e-integration/shared/TestsUtils.ts
@@ -3,10 +3,10 @@ import { DataverseApiHelper } from './DataverseApiHelper'
import { DataverseApiAuthMechanism } from '@iqss/dataverse-client-javascript/dist/core/infra/repositories/ApiConfig'
import { UserJSDataverseRepository } from '../../../src/users/infrastructure/repositories/UserJSDataverseRepository'
import { DatasetHelper } from './datasets/DatasetHelper'
-import { BASE_URL } from '../../../src/config'
+import { DATAVERSE_BACKEND_URL } from '../../../src/config'
export class TestsUtils {
- static readonly DATAVERSE_BACKEND_URL = BASE_URL
+ static readonly DATAVERSE_BACKEND_URL = DATAVERSE_BACKEND_URL
static setup() {
ApiConfig.init(`${this.DATAVERSE_BACKEND_URL}/api/v1`, DataverseApiAuthMechanism.SESSION_COOKIE)
diff --git a/tests/support/e2e.ts b/tests/support/e2e.ts
index ca4fd04fb..cda0896ec 100644
--- a/tests/support/e2e.ts
+++ b/tests/support/e2e.ts
@@ -17,9 +17,9 @@
import '../../tests/support/commands'
import { ApiConfig } from '@iqss/dataverse-client-javascript/dist/core'
import { DataverseApiAuthMechanism } from '@iqss/dataverse-client-javascript/dist/core/infra/repositories/ApiConfig'
-import { BASE_URL } from '../../src/config'
+import { DATAVERSE_BACKEND_URL } from '../../src/config'
-ApiConfig.init(`${BASE_URL}/api/v1`, DataverseApiAuthMechanism.SESSION_COOKIE)
+ApiConfig.init(`${DATAVERSE_BACKEND_URL}/api/v1`, DataverseApiAuthMechanism.SESSION_COOKIE)
//https://github.com/cypress-io/cypress/issues/18182
declare global {