SPA - OIDC integration following the design implemented on the PoC

.github/workflows/test.yml

@@ -6,7 +6,7 @@ on:
     types: [opened, reopened]
 
 env:
-  E2E_DATAVERSE_IMAGE_TAG: unstable
+  E2E_DATAVERSE_IMAGE_TAG: 10959-bearer-token-auth-ext
 
 jobs:
   e2e:
@@ -56,7 +56,7 @@ jobs:
       - name: Update registry for the containerized development environment
         working-directory: dev-env
         run: |
-          sed -i~ '/^REGISTRY=/s/=.*/=docker.io/' .env
+          sed -i~ '/^REGISTRY=/s/=.*/=ghcr.io/' .env
         shell: bash
 
       - name: Start containers
@@ -122,7 +122,6 @@ jobs:
         uses: cypress-io/github-action@v5
         with:
           component: true
-
       - name: Cypress run Design System
         uses: cypress-io/github-action@v5
         with:

dev-env/docker-compose-dev.yml

@@ -9,6 +9,7 @@ services:
     depends_on:
       - dev_dataverse
       - dev_frontend
+      - dev_keycloak
     volumes:
       - ./nginx.conf:/etc/nginx/nginx.conf
       - ./docker-dev-volumes/nginx/logs:/var/log/nginx/
@@ -46,7 +47,12 @@ services:
       DATAVERSE_DB_HOST: postgres
       DATAVERSE_DB_PASSWORD: secret
       DATAVERSE_DB_USER: ${DATAVERSE_DB_USER}
-      DATAVERSE_FEATURE_API_SESSION_AUTH: 1
+      DATAVERSE_FEATURE_API_BEARER_AUTH: 1
+      DATAVERSE_FEATURE_API_BEARER_AUTH_PROVIDE_MISSING_CLAIMS: 1
+      DATAVERSE_AUTH_OIDC_ENABLED: 1
+      DATAVERSE_AUTH_OIDC_CLIENT_ID: test
+      DATAVERSE_AUTH_OIDC_CLIENT_SECRET: 94XHrfNRwXsjqTqApRrwWmhDLDHpIYV8
+      DATAVERSE_AUTH_OIDC_AUTH_SERVER_URL: http://keycloak.mydomain.com:9080/realms/test
       JVM_ARGS: -Ddataverse.pid.providers=fake
         -Ddataverse.pid.default-provider=fake
         -Ddataverse.pid.fake.type=FAKE
@@ -66,6 +72,9 @@ services:
         -Ddataverse.files.s3.connection-pool-size=2048
         -Ddataverse.files.s3.custom-endpoint-region=us-east-1
         -Ddataverse.files.s3.custom-endpoint-url=https://s3.us-east-1.amazonaws.com
+    expose:
+      - '8080'
+    # TODO: The port has been opened for the redirection to /oauth2/callback.xhtml after a JSF OIDC login. We may prefer to change this to use the proxy.
     ports:
       - '8080:8080'
     networks:
@@ -172,6 +181,30 @@ services:
     tmpfs:
       - /mail:mode=770,size=128M,uid=1000,gid=1000
 
+  dev_keycloak:
+    container_name: 'dev_keycloak'
+    image: 'quay.io/keycloak/keycloak:21.0'
+    hostname: keycloak
+    command:
+      - 'start-dev'
+      - '--import-realm'
+    environment:
+      - KC_HTTP_PORT=9080
+      - KC_HOSTNAME=localhost
+      - KC_HOSTNAME_PORT=8000
+      - KC_HOSTNAME_ADMIN_URL=http://localhost:8000
+      - KEYCLOAK_ADMIN=kcadmin
+      - KEYCLOAK_ADMIN_PASSWORD=kcpassword
+      - KEYCLOAK_LOGLEVEL=DEBUG
+    networks:
+      dataverse:
+        aliases:
+          - keycloak.mydomain.com
+    expose:
+      - 9080
+    volumes:
+      - './keycloak/test-realm.json:/opt/keycloak/data/import/test-realm.json'
+
 networks:
   dataverse:
     driver: bridge