From 541123649f4e1ca3056a80b4622fc618dbaa94bc Mon Sep 17 00:00:00 2001
From: sszuev <sss.zuev@gmail.com>
Date: Tue, 31 Dec 2024 21:13:02 +0300
Subject: [PATCH] deploy: add android-app keycloak-configuration

---
 .../keycloak/import/flashcards-realm.json     | 66 +++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/tutor-deploy/data/keycloak/import/flashcards-realm.json b/tutor-deploy/data/keycloak/import/flashcards-realm.json
index 6bdc1f0e..5291c681 100644
--- a/tutor-deploy/data/keycloak/import/flashcards-realm.json
+++ b/tutor-deploy/data/keycloak/import/flashcards-realm.json
@@ -640,6 +640,72 @@
     } ],
     "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ],
     "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+  }, {
+    "clientId": "flashcards-android",
+    "name": "flashcards-android",
+    "description": "",
+    "rootUrl": "",
+    "adminUrl": "",
+    "baseUrl": "",
+    "surrogateAuthRequired": false,
+    "enabled": true,
+    "alwaysDisplayInConsole": false,
+    "clientAuthenticatorType": "client-secret",
+    "redirectUris": [
+      "http://localhost:8080",
+      "com.github.sszuev.flashcards.android://oauth2redirect"
+    ],
+    "webOrigins": [
+      "*"
+    ],
+    "notBefore": 0,
+    "bearerOnly": false,
+    "consentRequired": false,
+    "standardFlowEnabled": true,
+    "implicitFlowEnabled": true,
+    "directAccessGrantsEnabled": true,
+    "serviceAccountsEnabled": false,
+    "publicClient": true,
+    "frontchannelLogout": true,
+    "protocol": "openid-connect",
+    "attributes": {
+      "oauth2.device.authorization.grant.enabled": "false",
+      "access.token.signed.response.alg": "RS256",
+      "backchannel.logout.revoke.offline.tokens": "false",
+      "use.refresh.tokens": "true",
+      "oidc.ciba.grant.enabled": "false",
+      "client.use.lightweight.access.token.enabled": "false",
+      "id.token.signed.response.alg": "RS256",
+      "backchannel.logout.session.required": "true",
+      "client_credentials.use_refresh_token": "false",
+      "acr.loa.map": "{}",
+      "require.pushed.authorization.requests": "false",
+      "tls.client.certificate.bound.access.tokens": "false",
+      "display.on.consent.screen": "false",
+      "pkce.code.challenge.method": "S256",
+      "token.response.type.bearer.lower-case": "false"
+    },
+    "authenticationFlowBindingOverrides": {},
+    "fullScopeAllowed": true,
+    "nodeReRegistrationTimeout": -1,
+    "defaultClientScopes": [
+      "web-origins",
+      "acr",
+      "roles",
+      "profile",
+      "email"
+    ],
+    "optionalClientScopes": [
+      "address",
+      "phone",
+      "offline_access",
+      "microprofile-jwt"
+    ],
+    "access": {
+      "view": true,
+      "configure": true,
+      "manage": true
+    }
   } ],
   "clientScopes" : [ {
     "id" : "98e61b34-d26f-4936-8e26-2fc35e5e7b31",