From 9515042686c30e171f4de60c3c7c238255a54847 Mon Sep 17 00:00:00 2001 From: usingtechnology <39388115+usingtechnology@users.noreply.github.com> Date: Thu, 18 Jan 2024 10:39:47 -0800 Subject: [PATCH] Feature/forms 779 devcontainer (#1226) * Add devcontainer Signed-off-by: Jason Sherman * update readme with more detail and startup info Signed-off-by: Jason Sherman * provide sample config files. update readme to include configuration steps for keycloak SSO Signed-off-by: Jason Sherman * make sure we ignore editable config files. update readme explain some config, provide login info for KC Signed-off-by: Jason Sherman * add component tasks, update readmes Signed-off-by: Jason Sherman --------- Signed-off-by: Jason Sherman Co-authored-by: Walter Moar --- .devcontainer/Dockerfile | 5 + .devcontainer/README.md | 74 + .devcontainer/chefs_local/docker-compose.yml | 42 + .devcontainer/chefs_local/local.json.sample | 90 + .../chefs_local/realm-export.json.sample | 3507 +++++++++++++++++ .devcontainer/devcontainer.json | 33 + .devcontainer/post-install.sh | 34 + .gitignore | 5 + .vscode/README.md | 4 + .vscode/launch.json | 18 +- .vscode/tasks.json | 36 +- README.md | 1 + app/frontend/package.json | 3 +- 13 files changed, 3847 insertions(+), 5 deletions(-) create mode 100644 .devcontainer/Dockerfile create mode 100644 .devcontainer/README.md create mode 100644 .devcontainer/chefs_local/docker-compose.yml create mode 100644 .devcontainer/chefs_local/local.json.sample create mode 100644 .devcontainer/chefs_local/realm-export.json.sample create mode 100644 .devcontainer/devcontainer.json create mode 100644 .devcontainer/post-install.sh diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 000000000..f7448abe2 --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,5 @@ +ARG VARIANT="18.18.2-bullseye" +FROM node:${VARIANT} + +# not much in here, could acheive this another way for sure... +# but this allows us a prepared place to add other things to the container OS. diff --git a/.devcontainer/README.md b/.devcontainer/README.md new file mode 100644 index 000000000..fc50bfc97 --- /dev/null +++ b/.devcontainer/README.md @@ -0,0 +1,74 @@ +# CHEFS Development with Dev Container +The following guide will get you up and running and developing/debugging CHEFS as quickly as possible. +We provide a [`devcontainer`](https://containers.dev) and will use [`VS Code`](https://code.visualstudio.com) to illustrate. + +By no means is CHEFS development limited to these tools; they are merely examples. + +## Caveats + +The primary use case for this `devcontainer` is for developing, debugging and unit testing CHEFS source code. + +There are limitations running this devcontainer, such as all networking is within this container. This container has [docker-in-docker](https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/docker-in-docker.md) which allows running demos, building docker images, running `docker compose` all within this container. + +## Files +The `.devcontainer` folder contains the `devcontainer.json` file which defines this container. We are using a `Dockerfile` and `post-install.sh` to build and configure the container run image. The `Dockerfile` is simple but in place for simplifying image enhancements. The `post-install.sh` will install the required node libraries for CHEFS including the frontend and formio components. + +In order to run CHEFS you require Keycloak (configured), Postgresql (seeded) and the CHEFS backend/API and frontend/UX. Previously, this was a series of downloads and configuration updates and numerous commands to run. See `.devcontainer/chefs_local` files. + +Also included are convenient launch tasks to run and debug CHEFS. + +## Open CHEFS in the devcontainer + +To open CHEFS in a devcontainer, we open the *root* of this repository. We can open in 2 ways: + +1. Open Visual Studio Code, and use the Command Palette and use `Dev Containers: Open Folder in Container...` +2. Open Visual Studio Code and `File|Open Folder...`, you should be prompted to `Reopen in Container`. + + +## Running CHEFS locally +Keycloak and Postgresql will be launched using docker compose. These will run inside of the devcontainer (docker-in-docker) but the ports are forwarded to the host machine and are accessible on the local host. + +CHEFS API and Frontend are running as node applications on the devcontainer - again, ports are forwarded to the host. + +### Configuring CHEFS locally +When the devcontainer is built, it copies `.devcontainer/chefs_local/local.json.sample` and `.devcontainer/chefs_local/realm-export.json.sample` to `.devcontainer/chefs_local/local.json` and `.devcontainer/chefs_local/realm-export.json` respectively. These copies are not checked in and allow the developer to make changes and tweaks without impacting other developers or accidentially committing passwords. + +### Authorization Prerequisites +1. An IDIR account is required to access CHEFS. +2. Request an SSO Integration from the Common Hosted Single Sign-on (CSS) page in order to obtain a resource and secret that will be used for authentication when building CHEFS. View the [detailed documentation](https://bcdevex.atlassian.net/wiki/spaces/CCP/pages/961675282) about requesting the Pathfinder SSO integration. +3. Open realm-export.json located at chefs_build/docker/imports/keycloak and search for `XXXXXXXXXXXX`. This value must match the `clientSecret` value in `local.json` so that the CHEFS API can connect to your Keycloak instance. By default, these are set to be equal and don’t need to be altered. +4. Navigate to the CSS page, login with your IDIR, and download the ‘Development’ Installation JSON from your SSO Integration. +5. Back in the `realm-export.json` file, search for all instances of `YYYYYYYYYYYY` and replace it with the `resource` you obtained from the downloaded JSON file. Search for all instances of `ZZZZZZZZZZZZ` and replace it with the `secret`. + +### Run/Debug +1. start Keycloak and Postgresql. Many ways to start... + - right click on `.devcontainer/chefs_local/docker-compose.yml` and select `Compose up` + - or use command palette `Docker: Compose Up` then select `.devcontainer/chefs_local/docker-compose.yml` + - or `Terminal | Run Task...|chefs_local up` +2. start CHEFS + - Run and Debug, select 'CHEFS' which will start both the API and the frontend. +3. debug Frontend with Chrome + - Run and Debug, select 'CHEFS Frontend - chrome' which will start a Chrome browser against the frontend, will allow breakpoints in `/app/frontend/src` +4. stop Keycloak and Postgresql. Many ways to stop... + - right click on `.devcontainer/chefs_local/docker-compose.yml` and select `Compose down` + - or use command palette `Docker: Compose Down` then select `.devcontainer/chefs_local/docker-compose.yml` + - or `Terminal | Run Task...|chefs_local down` + +*Notes* +- `CHEFS Frontend` launch configuration is using the `chefs-frontend-local` client in Keycloak, not `chefs-frontend` client as we do in production. +- `CHEFS API` will use the configuration found at `.devcontainer/chefs_local/local.json` +- `Postgres DB`: localhost:5432 +- `Keycloak Admin console`: http://localhost:8082 - username/password = admin/admin +- `CHEFS Frontend`: http://localhost:5173/app +- `CHEFS API`: http://localhost:5173/app/api/v1 + +## Formio Components +If you are developing the formio components, you should build and redeploy them before running your local debug instances of CHEFS. Use tasks `Components build` and `Components Deploy`. + +## Troubleshooting +All development machines are unique and here we will document problems that have been encountered and how to fix them. + +### Failure during load of devcontainer when running webpack (Segmentation Fault) +Encountered on Mac Ventura 13.6, with Mac Docker Desktop 4.26.1 when running `npm run build:formio` on load, we hit a `Segmentation Fault`. The issue was resolved when turning off the virtualization settings in Docker Desktop. + +Under Settings, select `gRPC Fuse` instead of `VirtioFS` then unselect `Use Virtualization framework`. Restart Docker and VS Code. \ No newline at end of file diff --git a/.devcontainer/chefs_local/docker-compose.yml b/.devcontainer/chefs_local/docker-compose.yml new file mode 100644 index 000000000..4b775c4ae --- /dev/null +++ b/.devcontainer/chefs_local/docker-compose.yml @@ -0,0 +1,42 @@ +version: "3.9" +volumes: + postgres_kc_data: + driver: local +services: + postgres: + image: postgres:14.2 + volumes: + - postgres_kc_data:/var/lib/postgresql/data + restart: unless-stopped + ports: + - 5432:5432 + environment: + - POSTGRES_USER=app + - POSTGRES_PASSWORD=admin + - POSTGRES_DB=chefs + chefs-keycloak: + image: quay.io/keycloak/keycloak:17.0.1 + volumes: + - type: bind + source: ./realm-export.json + target: /tmp/realm-export.json + read_only: true + ports: + - 8082:8082 + environment: + - DB_VENDOR=POSTGRES + - DB_ADDR=postgres + - DB_USER=admin + - DB_PASSWORD=admin + - KEYCLOAK_ADMIN=admin + - KEYCLOAK_ADMIN_PASSWORD=admin + depends_on: + - postgres + restart: unless-stopped + command: + - "start-dev" + - "--http-port=8082" + - "-Dkeycloak.migration.action=import" + - "-Dkeycloak.migration.provider=singleFile" + - "-Dkeycloak.migration.file=/tmp/realm-export.json" + - "-Dkeycloak.migration.strategy=OVERWRITE_EXISTING" \ No newline at end of file diff --git a/.devcontainer/chefs_local/local.json.sample b/.devcontainer/chefs_local/local.json.sample new file mode 100644 index 000000000..d5a02db02 --- /dev/null +++ b/.devcontainer/chefs_local/local.json.sample @@ -0,0 +1,90 @@ +{ + "db": { + "database": "chefs", + "host": "localhost", + "port": "5432", + "username": "app", + "password": "admin" + }, + "files": { + "uploads": { + "enabled": "true", + "fileCount": "1", + "fileKey": "files", + "fileMaxSize": "25MB", + "fileMinSize": "0KB", + "path": "files" + }, + "permanent": "localStorage", + "localStorage" : { + "path": "myfiles" + }, + "objectStorage": { + "accessKeyId": "bcgov-citz-ccft", + "bucket": "chefs", + "endpoint": "https://commonservices.objectstore.gov.bc.ca", + "key": "chefs/dev/", + "secretAccessKey": "anything" + } + }, + "frontend": { + "apiPath": "api/v1", + "basePath" : "/app", + "keycloak": { + "clientId": "chefs-frontend-local", + "realm": "chefs", + "serverUrl": "http://localhost:8082" + } + }, + "server": { + "apiPath": "/api/v1", + "basePath" : "/app", + "bodyLimit": "30mb", + "keycloak": { + "clientId": "chefs", + "realm": "chefs", + "serverUrl": "http://localhost:8082", + "clientSecret": "XXXXXXXXXXXX" + }, + "logLevel": "http", + "port": "8080", + "rateLimit" : { + "public": { + "windowMs": "900000", + "max": "100" + } + } + }, + "serviceClient": { + "commonServices": { + "ches": { + "endpoint": "https://ches-dev.api.gov.bc.ca/api", + "tokenEndpoint": "https://dev.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token", + "clientId": "CHES_CLIENT_ID", + "clientSecret": "CHES_CLIENT_SECRET" + }, + "cdogs": { + "endpoint": "https://cdogs-dev.api.gov.bc.ca/api", + "tokenEndpoint": "https://dev.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token", + "clientId": "CDOGS_CLIENT_ID", + "clientSecret": "CDOGS_CLIENT_SECRET" + } + } + }, + "customBcAddressFormioComponent":{ + "apikey":"xxxxxxxxxxxxxxx", + "bcAddressURL":"https://geocoder.api.gov.bc.ca/addresses.json", + "queryParameters":{ + "echo": false, + "brief": true, + "minScore": 55, + "onlyCivic": true, + "maxResults": 15, + "autocomplete": true, + "matchAccuracy": 100, + "matchPrecision": "occupant, unit, site, civic_number, intersection, block, street, locality, province", + "precisionPoints": 100 + } + } + } + \ No newline at end of file diff --git a/.devcontainer/chefs_local/realm-export.json.sample b/.devcontainer/chefs_local/realm-export.json.sample new file mode 100644 index 000000000..7fb1d86fe --- /dev/null +++ b/.devcontainer/chefs_local/realm-export.json.sample @@ -0,0 +1,3507 @@ +{ + "id": "chefs", + "realm": "chefs", + "displayName": "Common Services", + "displayNameHtml": "Common Services", + "notBefore": 0, + "defaultSignatureAlgorithm": "", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 10800, + "accessTokenLifespanForImplicitFlow": 10800, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": false, + "duplicateEmailsAllowed": true, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "636ffa5f-cd33-460e-998f-7c6c941bf056", + "name": "realm-admin", + "description": "", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "realm-admin" + ] + } + }, + "clientRole": false, + "containerId": "chefs", + "attributes": {} + }, + { + "id": "5461c769-ffeb-4cff-98db-eb63190afe78", + "name": "realm-viewer", + "description": "", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-realm", + "view-users", + "view-identity-providers", + "view-events", + "view-authorization", + "view-clients" + ] + } + }, + "clientRole": false, + "containerId": "chefs", + "attributes": {} + }, + { + "id": "ab64c7cb-ccd5-44cc-9e3d-0feec803d64c", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "chefs", + "attributes": {} + }, + { + "id": "f4a7625e-67f8-47ff-9dab-b14d1e766a4e", + "name": "default-roles-chefs", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "chefs": [ + "CHEFS User" + ], + "account": [ + "manage-account", + "view-profile" + ] + } + }, + "clientRole": false, + "containerId": "chefs", + "attributes": {} + }, + { + "id": "eb8b1c14-0fdb-4ee3-841c-439e93ee4756", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "chefs", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "203fe76a-6d4d-447a-b393-7937650e4562", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "9c3410f9-0694-4e1f-8781-5acddb8def40", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "c98fe39e-ab8b-401d-aab2-986ce4898ffe", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "cfd87641-c1c6-4e4f-bede-3d9b83b16e3f", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "1cbddacd-030c-4594-b46d-979991fe6233", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "43a713fe-8f89-43ad-9112-09df057e9d57", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "9efd8473-43fe-41bf-b390-225883f50c48", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "543f0d94-67d2-45de-b7b0-1ef7db4ee075", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "5ef419bc-e709-4cd0-a146-2c3c6ea9eed6", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "a65ab6f5-441d-4339-96cb-a3fab237b3bb", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "c49a81ef-6607-47ef-a262-517715aa44dd", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "1d8f303b-272e-48d8-b317-3b25c5c278d5", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "b2bdf222-c612-4ada-8930-bd89e33f4d41", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "31cffae8-03c8-4053-bf8a-b2090e2abacb", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "b10cf0d0-8c4a-4ad6-b817-a766e0cde4ef", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "6eed3115-4590-42d0-9224-061d7925844d", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "fe0f3780-269d-4eba-80b9-d8c9104fe528", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "14ad5970-1348-48c8-a7f9-b970cf444d71", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + }, + { + "id": "2aba7c34-cf8b-4e66-9076-4b687a8d7cf7", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "manage-identity-providers", + "impersonation", + "view-realm", + "view-users", + "query-clients", + "query-groups", + "manage-realm", + "manage-clients", + "view-events", + "manage-events", + "manage-users", + "view-clients", + "view-authorization", + "manage-authorization", + "query-realms", + "view-identity-providers", + "create-client", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "attributes": {} + } + ], + "chefs-frontend": [ + { + "id": "19e8afdb-8702-4e08-986b-564e09c3160c", + "name": "Frontend Developer", + "description": "Frontend Developers have elevated permissions that will unlock development tools in the UI.", + "composite": true, + "composites": { + "client": { + "chefs-frontend": [ + "developer" + ] + } + }, + "clientRole": true, + "containerId": "c2d0b26b-0d37-4fdb-8119-550f2426ee9d", + "attributes": {} + }, + { + "id": "7ae08b89-d4cd-4c25-a61c-5ef027abde96", + "name": "developer", + "composite": false, + "clientRole": true, + "containerId": "c2d0b26b-0d37-4fdb-8119-550f2426ee9d", + "attributes": {} + } + ], + "realm-admin-cli": [], + "security-admin-console": [], + "admin-cli": [], + "realm-viewer-cli": [], + "account-console": [], + "broker": [ + { + "id": "f6c2a742-4401-4214-9833-0e8b3eefc52c", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "e552eb6c-ae63-4535-8a16-fa43aa75567e", + "attributes": {} + } + ], + "chefs-frontend-local": [ + { + "id": "072b11a1-94ba-4aa4-acb0-9a750b13ed81", + "name": "developer", + "composite": false, + "clientRole": true, + "containerId": "5c13324e-1054-42b0-b063-64e0de0a67ab", + "attributes": {} + }, + { + "id": "87a3138c-dd38-47f2-94d5-0f47142eabfa", + "name": "Frontend Developer", + "composite": true, + "composites": { + "client": { + "chefs-frontend-local": [ + "developer" + ] + } + }, + "clientRole": true, + "containerId": "5c13324e-1054-42b0-b063-64e0de0a67ab", + "attributes": {} + } + ], + "account": [ + { + "id": "d77a3d64-1397-4264-87d9-0ba34f594db6", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "7105c47e-66aa-4cd3-8512-b3cf59cea25f", + "attributes": {} + }, + { + "id": "5d951c98-ac4a-460f-aba6-521ea614b5b6", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "7105c47e-66aa-4cd3-8512-b3cf59cea25f", + "attributes": {} + }, + { + "id": "0e644328-432e-438b-bbbb-a6b08c8f8a48", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "7105c47e-66aa-4cd3-8512-b3cf59cea25f", + "attributes": {} + }, + { + "id": "67cb347d-b1c5-4cf5-abd2-1a2ad14a68fe", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "7105c47e-66aa-4cd3-8512-b3cf59cea25f", + "attributes": {} + }, + { + "id": "897affc4-a280-4cd9-a824-50907a58b339", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "7105c47e-66aa-4cd3-8512-b3cf59cea25f", + "attributes": {} + }, + { + "id": "d89bd5a7-ff44-407c-8389-2f670e1c5f43", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "7105c47e-66aa-4cd3-8512-b3cf59cea25f", + "attributes": {} + }, + { + "id": "c40a10ed-5670-4f37-a4ca-58462c9f8cc9", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "7105c47e-66aa-4cd3-8512-b3cf59cea25f", + "attributes": {} + } + ], + "chefs": [ + { + "id": "1c3ccfea-150a-46a1-b25e-d8a763baa4ed", + "name": "admin", + "composite": false, + "clientRole": true, + "containerId": "a14bbf01-b632-46cc-8487-e21ef222720e", + "attributes": {} + }, + { + "id": "f5586582-fcce-40f1-81d5-c3651e3488c9", + "name": "CHEFS User", + "description": "CHEFS Users are allowed to use the CHEFS application. What forms they can submit or administer are managed by the individual Form Administrators.", + "composite": true, + "composites": { + "client": { + "chefs": [ + "user" + ] + } + }, + "clientRole": true, + "containerId": "a14bbf01-b632-46cc-8487-e21ef222720e", + "attributes": {} + }, + { + "id": "e915fd8c-7648-46ce-8c8c-41ba692f3c89", + "name": "CHEFS Administrator", + "description": "CHEFS Administrators have superpowers in the CHEFS application.", + "composite": true, + "composites": { + "client": { + "chefs": [ + "admin", + "CHEFS User" + ] + } + }, + "clientRole": true, + "containerId": "a14bbf01-b632-46cc-8487-e21ef222720e", + "attributes": {} + }, + { + "id": "fa5f6796-c48b-484d-a159-30ac58a44fff", + "name": "user", + "composite": false, + "clientRole": true, + "containerId": "a14bbf01-b632-46cc-8487-e21ef222720e", + "attributes": {} + } + ] + } + }, + "groups": [ + { + "id": "f9813d6f-347c-4955-bb79-6d4a9813d13e", + "name": "Realm Administrator", + "path": "/Realm Administrator", + "attributes": {}, + "realmRoles": [ + "realm-admin" + ], + "clientRoles": {}, + "subGroups": [] + }, + { + "id": "0ec34b63-34b0-48ab-a2cf-5c0df85a26ec", + "name": "Realm Viewer", + "path": "/Realm Viewer", + "attributes": {}, + "realmRoles": [ + "realm-viewer" + ], + "clientRoles": {}, + "subGroups": [] + }, + { + "id": "5b8f050a-4fbc-403d-9b3d-533e473686b6", + "name": "operations-team", + "path": "/operations-team", + "attributes": {}, + "realmRoles": [], + "clientRoles": { + "chefs": [ + "CHEFS Administrator" + ] + }, + "subGroups": [] + } + ], + "defaultRole": { + "id": "f4a7625e-67f8-47ff-9dab-b14d1e766a4e", + "name": "default-roles-chefs", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "chefs" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": [ + "FreeOTP", + "Google Authenticator" + ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "users": [ + { + "id": "2d2dd8f9-ab92-4dbe-a778-9f41b2d59af4", + "createdTimestamp": 1668632629052, + "username": "service-account-chefs", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "chefs", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-chefs" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "947ac6bf-ebd3-42fe-852a-a5a4e7a8b021", + "createdTimestamp": 1666109798324, + "username": "service-account-realm-admin-cli", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "realm-admin-cli", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "realm-admin", + "default-roles-chefs" + ], + "notBefore": 0, + "groups": [] + }, + { + "id": "8552a15d-0655-4594-877c-1381ed265f5b", + "createdTimestamp": 1666109798193, + "username": "service-account-realm-viewer-cli", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "realm-viewer-cli", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "realm-viewer", + "default-roles-chefs" + ], + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "chefs-frontend": [ + { + "clientScope": "chefs-frontend", + "roles": [ + "developer" + ] + } + ], + "chefs-frontend-local": [ + { + "clientScope": "chefs-frontend-local", + "roles": [ + "developer" + ] + } + ], + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account" + ] + } + ], + "chefs": [ + { + "clientScope": "chefs", + "roles": [ + "admin", + "user" + ] + } + ] + }, + "clients": [ + { + "id": "7105c47e-66aa-4cd3-8512-b3cf59cea25f", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/chefs/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/chefs/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "ffe0962e-53d4-4b97-bc70-d5f5c79d93b5", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/chefs/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/chefs/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "58a76c28-d5c4-4be9-9f1f-1c81aa0b5acc", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "26a52972-6467-43a0-8f0c-2e49e2b48b8a", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "e552eb6c-ae63-4535-8a16-fa43aa75567e", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "a14bbf01-b632-46cc-8487-e21ef222720e", + "clientId": "chefs", + "name": "CHEFS", + "description": "Common Hosted Forms Service Application", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "XXXXXXXXXXXX", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "frontchannel.logout.session.required": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", + "saml.allow.ecp.flow": "false", + "saml.assertion.signature": "false", + "id.token.as.detached.signature": "false", + "client.secret.creation.time": "1668632629", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", + "tls.client.certificate.bound.access.tokens": "false", + "acr.loa.map": "{}", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "token.response.type.bearer.lower-case": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "b5f7eb7e-8622-43bb-8a49-61b541c44d7a", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "b4064187-31b3-4757-8afa-86c338b10f38", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "d3cfba6f-7e43-4910-b0fb-4108f7f8a526", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "c2d0b26b-0d37-4fdb-8119-550f2426ee9d", + "clientId": "chefs-frontend", + "name": "CHEFS Frontend", + "description": "Common Hosted Forms Frontend Application", + "rootUrl": "https://chefs-dev.apps.silver.devops.gov.bc.ca", + "adminUrl": "https://chefs-dev.apps.silver.devops.gov.bc.ca", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "https://chefs-dev.apps.silver.devops.gov.bc.ca/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "frontchannel.logout.session.required": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", + "saml.allow.ecp.flow": "false", + "saml.assertion.signature": "false", + "id.token.as.detached.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", + "tls.client.certificate.bound.access.tokens": "false", + "acr.loa.map": "{}", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "token.response.type.bearer.lower-case": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "chefs-frontend", + "chefs" + ], + "optionalClientScopes": [ + "microprofile-jwt" + ] + }, + { + "id": "5c13324e-1054-42b0-b063-64e0de0a67ab", + "clientId": "chefs-frontend-local", + "name": "CHEFS Frontend (Local)", + "description": "Common Hosted Forms Frontend Application (Local)", + "rootUrl": "http://localhost:8081", + "adminUrl": "http://localhost:8081", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "http://localhost:8081/*", + "http://localhost:8080/*", + "http://localhost:8083/*", + "http://localhost:8082/*", + "http://localhost:5173/*", + "https://logon7.gov.bc.ca/clp-cgi/logoff.cgi?retnow=1&returl=https%3A%2F%2Fbcgov.github.io%2Fkeycloak-example-apps" + ], + "webOrigins": [ + "*", + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "frontchannel.logout.session.required": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "oidc.ciba.grant.enabled": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml.client.signature": "false", + "require.pushed.authorization.requests": "false", + "saml.allow.ecp.flow": "false", + "saml.assertion.signature": "false", + "id.token.as.detached.signature": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "exclude.session.state.from.auth.response": "false", + "saml.artifact.binding": "false", + "saml_force_name_id_format": "false", + "tls.client.certificate.bound.access.tokens": "false", + "acr.loa.map": "{}", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "token.response.type.bearer.lower-case": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "acr", + "chefs-frontend", + "chefs-frontend-local", + "chefs" + ], + "optionalClientScopes": [ + "microprofile-jwt" + ] + }, + { + "id": "e1f3f8de-778d-4839-a62c-0cf036e362f8", + "clientId": "realm-admin-cli", + "name": "realm-admin-cli", + "description": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "client.secret.creation.time": "1666109798", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "f27c64f3-a76d-49ce-9b7f-8ff274aa0175", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "d488d8ac-3634-44ca-90fe-39b67fe64415", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "1afb7d7b-f974-44d9-8839-ecb40e7e489c", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "2429d54c-f7fb-4e66-bfa4-671457686f3a", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "e3498a26-839a-4b55-83d2-1f1c142d1517", + "clientId": "realm-viewer-cli", + "name": "realm-viewer-cli", + "description": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "client.secret.creation.time": "1666109798", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "display.on.consent.screen": "false", + "oauth2.device.authorization.grant.enabled": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "917d9f0f-102d-4675-a718-0ac72b3491e6", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "7aa0a30f-c280-438d-8db1-29f2eedad69f", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "f0d086b2-9326-4562-ba64-78abf4d360b5", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "301d6d73-915a-4306-99b5-5309a90f5260", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/chefs/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/chefs/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "a0f4840c-9d05-4fa6-8087-5a698f34bbdf", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "745b99d9-9895-4924-9ec4-3092bf7e6080", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "196946d6-696b-432e-84d9-1c19500319e5", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "25176c88-9c43-40bd-aecf-22fc0618358c", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "3a4a377d-417e-40ed-b61a-570ccfdbde86", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "254a7d4d-cf29-4344-aab0-ec740f1ab380", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "c057b3d5-94fc-435b-a4ca-7ed9382b18ac", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "38fb21b1-5864-4415-a0c1-d6c03aa9eb90", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "d1166fef-3d76-483c-9ca4-fcea714e11b9", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "a5c989c2-1039-42aa-9bed-38233f4ceee7", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "ae388557-75d0-448a-928f-55fc57ddb5de", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "30caa076-594d-4c51-b3d5-5d77033d1158", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "e633aeeb-3e51-43e7-a5a0-a27cb282d43d", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "0b35be04-da97-4d75-bb3d-46b6b8432503", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "8e930bb0-fbea-403f-9146-a885c4fa26c5", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "eee34eb5-6be6-4e17-88fe-e0f0db015be6", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "4aa7b817-1642-488d-9135-23788e11ccbd", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "7791f389-8064-4bbf-9901-ad6348d6bb3d", + "name": "chefs-frontend-local", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "b2be41cd-d5cc-4516-971f-a871dda2626a", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "aca84188-4f9e-4c4a-a692-ddc95f25ea1a", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "13ba4066-2bfc-459e-8778-e9f840f0852e", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "dc78907f-de8f-4773-8730-26eb71cdb3df", + "name": "idir_user_guid", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "idir_user_guid", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "idp_userid", + "jsonType.label": "String" + } + }, + { + "id": "4990d423-678d-47a3-b61d-b942abcdda05", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "1268df09-ddf4-4d4e-908a-8821433d12f0", + "name": "chefs-frontend-local-aud", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-mapper", + "consentRequired": false, + "config": { + "included.client.audience": "chefs-frontend-local", + "id.token.claim": "false", + "access.token.claim": "true" + } + }, + { + "id": "7a0ab90b-2487-41c0-9dac-70944f786390", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "5e2aa03c-34ab-4ea4-b867-886e66986d62", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "504d2279-5650-4c17-889b-2fa3d99e459d", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "1631bf40-eb7e-4cc2-9222-428a2acb12ef", + "name": "chefs-frontend", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "4cf65195-a807-410e-80f5-537e104621ec", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "a122a830-7da8-45d4-8b88-2d94ba4056a4", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "7274feab-043f-4c95-9ee9-5b062119e9fa", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "2e0ee7ad-a9b4-44a8-9b0a-e51a0b0e1180", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "fd396df6-618e-48c0-92f2-6ac263501b8d", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "edff4850-a173-4acf-b263-aaca6fc22ba8", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "14048ccd-7729-42aa-ad01-abd22db9755a", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "f537a40d-cab1-45ab-9a8a-e978bb92a9f3", + "name": "chefs-frontend-aud", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-mapper", + "consentRequired": false, + "config": { + "included.client.audience": "chefs-frontend", + "id.token.claim": "false", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "77d71803-1e16-4ceb-84e8-89f3e1648b8d", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "b845b440-8f77-41a7-97e3-d980be96e779", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "289dfafa-255e-4081-b486-cda838791e7e", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "d2419856-0e4a-4daf-9228-db3c36cb25cb", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "9690c1d4-f510-43df-ad8a-5997bf9706d8", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "a3cf1a42-fec0-428f-a078-3885b2c83af2", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "fbb1e3a2-4ace-4c48-9929-53814acfc949", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "b262fe32-b05e-4801-b21a-df95166fd630", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "ba0ad190-22a6-4f32-8b6e-9855961e4ae0", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "eb44740a-4230-4473-a298-eff33632dd3f", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "fd7da5eb-e3a4-4463-bb56-d831d572298c", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "8b029813-4898-4c24-961e-0efcf318e8f3", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "3d950065-6c8f-491f-85b5-ed6d3c7acaf2", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "89650c7c-82ee-45bb-a07d-3488b40d39ce", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "ce0e228a-0f0c-419b-a1ae-ea4d56e5f450", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "fbb64f3e-15d0-45ee-8e1b-e456ac9e0b6d", + "name": "coms", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + } + }, + { + "id": "ad527aff-e432-4b7e-b755-acff7cf45e00", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "0cfd4d58-6d4d-4586-bc66-fcbef8ae0053", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + }, + { + "id": "79394bad-d0e1-4a2b-8019-1aa58d813b4f", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "b77693e5-0818-4d32-bcb8-8705257d2538", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "7c60f75f-9c11-4d9e-b53d-61436470d01e", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "3175767b-455f-4778-9dea-75a3bf89b900", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + }, + { + "id": "95db6d61-6676-4532-b352-8ed467eadcc9", + "name": "chefs", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "10090c28-fca2-42e4-b59b-7abbc6801ea4", + "name": "idir_user_guid", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "idir_user_guid", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "idp_userid", + "jsonType.label": "String" + } + }, + { + "id": "0ab81d51-9f52-4d05-bcd6-79f9d01e0735", + "name": "identity_provider", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "identity_provider", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "identity_provider", + "jsonType.label": "String", + "access.tokenResponse.claim": "false" + } + }, + { + "id": "8738ee48-0e96-4c7e-b8e9-794ac2cda5a1", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "22a90a69-18ac-4913-8a10-d01e7f363c2d", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "2143cdc5-cc7c-4f6b-af95-1ca0c3d4dcd1", + "name": "bceid_user_guid", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "bceid_user_guid", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "idp_userid", + "jsonType.label": "String" + } + }, + { + "id": "fc840f38-a659-4c10-b153-3f237dec080d", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "fa25b95f-099a-40bd-9a14-ad2e0555ea50", + "name": "bceid_username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "bceid_username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "idp_username", + "jsonType.label": "String" + } + }, + { + "id": "ded9c7fa-aa97-4cdc-bed5-88ffe2201d4d", + "name": "idir_username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "idir_username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "idp_username", + "jsonType.label": "String" + } + }, + { + "id": "114bb7ae-2b4a-405d-888d-28dc8f8c0542", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "fa4733d8-5ba3-41f5-a847-57b3f425cac5", + "name": "chefs aud", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-mapper", + "consentRequired": false, + "config": { + "included.client.audience": "chefs", + "id.token.claim": "false", + "access.token.claim": "true" + } + }, + { + "id": "a98938f2-e646-4a76-b487-3254b61f3a63", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "userinfo.token.claim": "false", + "id.token.claim": "false", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String" + } + }, + { + "id": "03dc4b9f-f7c1-4fd4-8780-25d7ef4e4a5f", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "131c6b42-920a-44ec-83d3-f2df6cca4c13", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "loginTheme": "bcgov", + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [ + { + "alias": "idir", + "displayName": "IDIR", + "internalId": "ab1517fc-95c8-4a63-9fad-e48af2711b43", + "providerId": "oidc", + "enabled": true, + "updateProfileFirstLoginMode": "on", + "trustEmail": false, + "storeToken": false, + "addReadTokenRoleOnCreate": false, + "authenticateByDefault": false, + "linkOnly": false, + "firstBrokerLoginFlowAlias": "first broker login", + "config": { + "validateSignature": "true", + "userInfoUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/userinfo", + "tokenUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token", + "clientId": "YYYYYYYYYYYY", + "jwksUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/certs", + "legacyLogoutRedirectUriSupported": "true", + "backchannelSupported": "true", + "useJwksUrl": "true", + "authorizationUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/auth?kc_idp_hint=idir", + "clientAuthMethod": "client_secret_post", + "logoutUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout", + "syncMode": "FORCE", + "clientSecret": "ZZZZZZZZZZZZ" + } + }, + { + "alias": "bceid-basic", + "displayName": "Basic BCeID", + "internalId": "43ea332c-5a3b-463d-a110-106e090cb711", + "providerId": "oidc", + "enabled": true, + "updateProfileFirstLoginMode": "on", + "trustEmail": false, + "storeToken": false, + "addReadTokenRoleOnCreate": false, + "authenticateByDefault": false, + "linkOnly": false, + "firstBrokerLoginFlowAlias": "first broker login", + "config": { + "validateSignature": "true", + "userInfoUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/userinfo", + "tokenUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token", + "clientId": "YYYYYYYYYYYY", + "legacyLogoutRedirectUriSupported": "true", + "jwksUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/certs", + "backchannelSupported": "true", + "issuer": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard", + "useJwksUrl": "true", + "authorizationUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/auth?kc_idp_hint=bceidbasic", + "clientAuthMethod": "client_secret_post", + "logoutUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout", + "syncMode": "FORCE", + "clientSecret": "ZZZZZZZZZZZZ" + } + }, + { + "alias": "bceid-business", + "displayName": "Business BCeID", + "internalId": "42c4ccd4-8ef1-40ca-8629-b6064d5518c8", + "providerId": "oidc", + "enabled": true, + "updateProfileFirstLoginMode": "on", + "trustEmail": false, + "storeToken": false, + "addReadTokenRoleOnCreate": false, + "authenticateByDefault": false, + "linkOnly": false, + "firstBrokerLoginFlowAlias": "first broker login", + "config": { + "validateSignature": "true", + "userInfoUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/userinfo", + "tokenUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token", + "clientId": "YYYYYYYYYYYY", + "legacyLogoutRedirectUriSupported": "true", + "jwksUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/certs", + "backchannelSupported": "true", + "issuer": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard", + "useJwksUrl": "true", + "authorizationUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/auth?kc_idp_hint=bceidbusiness", + "clientAuthMethod": "client_secret_post", + "logoutUrl": "https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/logout", + "syncMode": "FORCE", + "clientSecret": "ZZZZZZZZZZZZ" + } + } + ], + "identityProviderMappers": [ + { + "id": "fb5c4d52-3b7e-40a8-82d8-34effb62368a", + "name": "bceid_business_guid", + "identityProviderAlias": "bceid-business", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claims": "[]", + "claim": "bceid_business_guid", + "user.attribute": "bceid_business_guid" + } + }, + { + "id": "42c4d000-a673-4037-99fb-2cbff21f90a3", + "name": "idir_username", + "identityProviderAlias": "idir", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claims": "[]", + "user.attribute": "idir_username", + "claim": "idir_username" + } + }, + { + "id": "fa7b1ac4-7b2a-447f-8ca7-44c7c45a63f5", + "name": "bceid_user_guid", + "identityProviderAlias": "bceid-business", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claims": "[]", + "claim": "bceid_user_guid", + "user.attribute": "bceid_user_guid" + } + }, + { + "id": "624ba867-2b7f-4993-a722-999738ec95ea", + "name": "bceid_username", + "identityProviderAlias": "bceid-business", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claims": "[]", + "claim": "bceid_username", + "user.attribute": "bceid_username" + } + }, + { + "id": "1ec7b12c-d794-4822-9239-a2c8f7517883", + "name": "display_name", + "identityProviderAlias": "idir", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claims": "[]", + "claim": "display_name", + "user.attribute": "display_name" + } + }, + { + "id": "a4203310-bbcc-4738-81c2-e18134b0811b", + "name": "bceid_user_guid", + "identityProviderAlias": "bceid-basic", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claims": "[]", + "claim": "bceid_user_guid", + "user.attribute": "bceid_user_guid" + } + }, + { + "id": "91f84b92-f23f-4f9b-ad9d-5848ec83a46f", + "name": "bceid_business_name", + "identityProviderAlias": "bceid-business", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claims": "[]", + "claim": "bceid_business_name", + "user.attribute": "bceid_business_name" + } + }, + { + "id": "520533dd-6725-494c-a1c2-45cd844f891a", + "name": "idir_user_guid", + "identityProviderAlias": "idir", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claim": "idir_user_guid", + "user.attribute": "idir_user_guid" + } + }, + { + "id": "4e2aca82-19df-479f-a291-e0f6de5b3158", + "name": "display_name", + "identityProviderAlias": "bceid-business", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claims": "[]", + "claim": "display_name", + "user.attribute": "display_name" + } + }, + { + "id": "c54d30f2-0ca9-44cd-bf18-6a381b6c1c74", + "name": "bceid_username", + "identityProviderAlias": "bceid-basic", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claims": "[]", + "claim": "bceid_username", + "user.attribute": "bceid_username" + } + }, + { + "id": "6b071a43-53b5-4388-87b7-965195a3850e", + "name": "display_name", + "identityProviderAlias": "bceid-basic", + "identityProviderMapper": "oidc-user-attribute-idp-mapper", + "config": { + "syncMode": "FORCE", + "claims": "[]", + "claim": "display_name", + "user.attribute": "display_name" + } + } + ], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "0c640507-249d-41ee-8cea-9279199e86a8", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "3d6bc22b-f026-4027-be2e-21bfaa41266c", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper" + ] + } + }, + { + "id": "e5bc221e-61ee-4ceb-a0ec-1b60ba62b894", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "2bb7e678-8e6f-441e-a35e-1d90205d6c11", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "ef8c4949-516c-42c0-9926-1efab2c1f5f2", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "203ec12f-9104-491b-95b4-277109e504d2", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "185eca43-4887-4668-8a45-57a6bbfe5e97", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "55b66f95-fe38-4b21-bf09-563146067264", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "d77bba1a-1a05-412c-a4b3-a20a0f3367aa", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + }, + { + "id": "d40d70e6-6cbd-4cea-a848-1126ff1129ce", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "78e98b37-a728-4b14-b9f4-f1ff0e926170", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "d9ee8954-4388-4210-837a-551728abc9f4", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [ + "" + ], + "defaultLocale": "", + "authenticationFlows": [ + { + "id": "9684d66d-b2b2-4e23-a188-d5326d396905", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "b212c1ee-8512-4b79-a99a-4dea14b9cd01", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "basic-auth-otp", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "4f0a00cc-0c54-46f2-ae91-5a606a712f74", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "1b82c73e-daac-4ac2-a771-315272631f56", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "9c727b09-a208-4cdd-af19-310af2e4779d", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "50e19199-b584-4446-adc0-ad16198ca590", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "542e80cd-c565-49ba-9cf1-884cba984685", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "bb67568e-b64d-4ed4-869b-d978a0a8caeb", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "39f6470f-0380-4782-a293-4b41dc9fb678", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "1e3b43b8-ab4e-4c25-90b5-b6b5a5d0f892", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "e25c0546-1741-4151-a4d6-7dc44a9b9881", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "eab404e8-6716-42ae-b749-dcca635b1344", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "e69762f7-5c97-4749-b3dc-573e5c6eff30", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "bab093fd-02b7-4458-9102-b86b9d5ae3e6", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "d8a4b285-838c-472f-9937-042f6ae3a6bc", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "58b25fe9-e7eb-45e2-9a88-342e88631bc2", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Authentication Options", + "userSetupAllowed": false + } + ] + }, + { + "id": "dc3e06a2-d8df-49d4-8d39-760b278998aa", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "cb65603c-dc6c-4543-9eff-80d2c394940e", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-profile-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "1901679b-dcf9-4f31-90fe-31c97684ed69", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "11d6845b-ae8c-4644-810e-1a88484860f2", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "7c2eb2f1-26e9-4cb8-a4e6-c0001d950d2a", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "727b2fde-fabd-46aa-a4af-aeb510673254", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "userProfileEnabled": "false", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5" + }, + "keycloakVersion": "18.0.0.redhat-00001", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 000000000..84375ad6d --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,33 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the +{ + "name": "common-hosted-form-service", + + "build": { + "dockerfile": "Dockerfile", + "context": "..", + "args": { + "VARIANT": "18.18.2-bullseye" + } + }, + + "features": { + "ghcr.io/devcontainers/features/docker-in-docker:2": {} + }, + + // Use this environment variable if you need to bind mount your local source code into a new container. + "remoteEnv": { + "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" + }, + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + "forwardPorts": [8082, 8081, 8080, 5432, 5173], + + // Use 'postCreateCommand' to run commands after the container is created. + "postCreateCommand": "bash ./.devcontainer/post-install.sh", + + // Configure tool-specific properties. + // "customizations": {}, + + // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. + //"remoteUser": "root" +} diff --git a/.devcontainer/post-install.sh b/.devcontainer/post-install.sh new file mode 100644 index 000000000..c6d2ea823 --- /dev/null +++ b/.devcontainer/post-install.sh @@ -0,0 +1,34 @@ +#!/bin/bash +set -ex + +# Convenience workspace directory for later use +WORKSPACE_DIR=$(pwd) +CHEFS_LOCAL_DIR=${WORKSPACE_DIR}/.devcontainer/chefs_local + +# install app libraries, prepare for app development and debugging... +cd app +npm install + +# install frontend libraries, prepare for ux development and debugging... +cd frontend +npm install + +# make an initial build of formio components and ready them for frontend +npm run build:formio +npm run deploy:formio + +# copy over the sample files to the image... +cp -u ${CHEFS_LOCAL_DIR}/local.json.sample ${CHEFS_LOCAL_DIR}/local.json +cp -u ${CHEFS_LOCAL_DIR}/realm-export.json.sample ${CHEFS_LOCAL_DIR}/realm-export.json + +# fire up keycloak and postgres... we want to seed the db +docker compose -f ${CHEFS_LOCAL_DIR}/docker-compose.yml up --wait +# run an initial migration for the db and seed it... +export NODE_CONFIG_DIR=${CHEFS_LOCAL_DIR} # need this to connect to the running postgres instance. +cd .. # back to app dir +npm run migrate +# npm run seed:run + +# take down keycloak and postgres, do not need them running all the time. +docker compose -f ${CHEFS_LOCAL_DIR}/docker-compose.yml down + diff --git a/.gitignore b/.gitignore index a66531df6..f3ab92d0e 100644 --- a/.gitignore +++ b/.gitignore @@ -45,6 +45,11 @@ yarn-error.log* !.vscode/tasks.json !.vscode/README.md +# devcontainer files +!.devcontainer/chefs_local/*.sample +.devcontainer/chefs_local/local.json +.devcontainer/chefs_local/realm-export.json + # temp office files ~$* *.*.bak diff --git a/.vscode/README.md b/.vscode/README.md index 4fa322833..c44fa3c95 100644 --- a/.vscode/README.md +++ b/.vscode/README.md @@ -17,6 +17,10 @@ Tasks can be run from the `Terminal` > `Run Task...` menu item. The `tasks.json` - `All - Reinstall`: reinstall the packages for both the API and the Frontend - `Unit Tests - API`: run the unit tests for the API - `Unit Tests - Frontend`: run the unit tests for the Frontend +- `Components Build`: build the formio components +- `Components Deploy`: deploy the formio components. Build and deploy before serving the frontend will save lots of time. +- `chefs_local up`: when inside the devcontainer, will bring up keycloak and postgresql for local CHEFS deployment. +- `chefs_local down`: when inside the devcontainer, will tear down running keycloak and postgresql for local CHEFS deployment. Tip: You can run the builtin `All Tests` task to run both of the unit tests at the same time. This is possible since they're both configured to be in the `test` group. diff --git a/.vscode/launch.json b/.vscode/launch.json index e10372dfc..95afba61f 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -13,7 +13,10 @@ "request": "launch", "runtimeArgs": ["run", "serve"], "runtimeExecutable": "npm", - "type": "node" + "type": "node", + "env": { + "NODE_CONFIG_DIR": "${workspaceFolder}/.devcontainer/chefs_local", + } }, { "cwd": "${workspaceFolder}/app/frontend", @@ -27,9 +30,18 @@ "name": "CHEFS Frontend", "outputCapture": "std", "request": "launch", - "runtimeArgs": ["run", "serve"], + "runtimeArgs": ["run", "dev"], "runtimeExecutable": "npm", - "type": "node" + "type": "node", + }, + { + "name": "CHEFS Frontend - chrome", + "type": "chrome", + "request": "launch", + "url": "http://localhost:5173/app", + "enableContentValidation": false, + "webRoot": "${workspaceFolder}/app/frontend/src", + "pathMapping": {"url": "//src/", "path": "${webRoot}/"} } ], "version": "0.2.0" diff --git a/.vscode/tasks.json b/.vscode/tasks.json index 9435a32ac..85aa0490c 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -38,7 +38,41 @@ "cwd": "${workspaceFolder}/app/frontend" }, "type": "shell" - } + }, + { + "args": ["run", "build:formio"], + "command": "npm", + "group": "test", + "label": "Components build", + "options": { + "cwd": "${workspaceFolder}/app/frontend" + }, + "type": "shell" + }, + { + "args": ["run", "deploy:formio"], + "command": "npm", + "group": "test", + "label": "Components deploy", + "options": { + "cwd": "${workspaceFolder}/app/frontend" + }, + "type": "shell" + }, + { + "label": "chefs_local up", + "type": "shell", + "command": "docker-compose -f ${workspaceFolder}/.devcontainer/chefs_local/docker-compose.yml up -d", + "isBackground": true, + "problemMatcher": [], + }, + { + "label": "chefs_local down", + "type": "shell", + "command": "docker-compose -f ${workspaceFolder}/.devcontainer/chefs_local/docker-compose.yml down", + "isBackground": true, + "problemMatcher": [], + }, ], "version": "2.0.0" } diff --git a/README.md b/README.md index 30d0507fc..719abfe94 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ Create, edit and publish forms. ## Directory Structure + .devcontainer - Visual Studio Code devcontainer and local environment config .github/ - PR and Issue templates .vscode/ - Visual Studio Code's Launcher and Tasks app/ - Application Root diff --git a/app/frontend/package.json b/app/frontend/package.json index 780e64f50..783ed37b9 100644 --- a/app/frontend/package.json +++ b/app/frontend/package.json @@ -26,7 +26,8 @@ "purge": "rm -rf src/formio node_modules", "purge:formio": "node ./component-update.js purge", "rebuild": "npm run clean && npm run build", - "reinstall": "npm run purge && npm install" + "reinstall": "npm run purge && npm install", + "dev": "vite --port 5173 --host" }, "dependencies": { "@bcgov/bc-sans": "^1.0.1",