diff --git a/backend/app.hopps.org/src/main/resources/application.properties b/backend/app.hopps.org/src/main/resources/application.properties
index b7e68fb9..15794e5b 100644
--- a/backend/app.hopps.org/src/main/resources/application.properties
+++ b/backend/app.hopps.org/src/main/resources/application.properties
@@ -37,6 +37,7 @@ quarkus.keycloak.devservices.port=8554
quarkus.keycloak.devservices.realm-name=quarkus
quarkus.oidc.devui.web-client-timeout=20S
%prod.quarkus.keycloak.devservices.enabled=false
+%dev.quarkus.keycloak.devservices.realm-path=quarkus-realm.json
#
########################################
# OpenFGA
diff --git a/backend/app.hopps.org/src/main/resources/keycloak-realm.json b/backend/app.hopps.org/src/main/resources/quarkus-realm.json
similarity index 79%
rename from backend/app.hopps.org/src/main/resources/keycloak-realm.json
rename to backend/app.hopps.org/src/main/resources/quarkus-realm.json
index 84c73190..054c773b 100644
--- a/backend/app.hopps.org/src/main/resources/keycloak-realm.json
+++ b/backend/app.hopps.org/src/main/resources/quarkus-realm.json
@@ -1,16 +1,14 @@
{
- "id": "491ac6c6-b77e-44a8-a95e-d771c8eb74ed",
- "realm": "hopps",
- "displayName": "Hopps",
- "displayNameHtml": "
Keycloak
",
+ "id": "248d65ab-5cec-458a-b141-05b6d7469be9",
+ "realm": "quarkus",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
- "refreshTokenMaxReuse": 0,
+ "refreshTokenMaxReuse": 10,
"accessTokenLifespan": 600,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
- "ssoSessionMaxLifespan": 36000,
+ "ssoSessionMaxLifespan": 600,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
@@ -30,12 +28,12 @@
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
- "registrationEmailAsUsername": true,
- "rememberMe": true,
+ "registrationEmailAsUsername": false,
+ "rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
- "resetPasswordAllowed": true,
+ "resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
@@ -49,44 +47,25 @@
"roles": {
"realm": [
{
- "id": "8b66ade6-3fb8-462e-96ef-9c8826ab1fa6",
+ "id": "b322f5e8-1cb1-43d6-b8d6-404caa160da5",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "248d65ab-5cec-458a-b141-05b6d7469be9",
+ "attributes": {}
+ },
+ {
+ "id": "f11fe8bd-040b-4265-95cb-9868c51f59bc",
"name": "admin",
- "description": "${role_admin}",
- "composite": true,
- "composites": {
- "realm": [
- "create-realm"
- ],
- "client": {
- "master-realm": [
- "query-groups",
- "query-realms",
- "impersonation",
- "view-users",
- "manage-clients",
- "view-events",
- "query-clients",
- "create-client",
- "query-users",
- "manage-identity-providers",
- "view-realm",
- "view-identity-providers",
- "manage-events",
- "view-authorization",
- "manage-realm",
- "manage-users",
- "view-clients",
- "manage-authorization"
- ]
- }
- },
+ "composite": false,
"clientRole": false,
- "containerId": "491ac6c6-b77e-44a8-a95e-d771c8eb74ed",
+ "containerId": "248d65ab-5cec-458a-b141-05b6d7469be9",
"attributes": {}
},
{
- "id": "b4882b6e-74dd-45ff-96b8-1b3b89062072",
- "name": "default-roles-master",
+ "id": "20026885-01f3-46b7-a634-266ad1d1f08b",
+ "name": "default-roles-quarkus",
"description": "${role_default-roles}",
"composite": true,
"composites": {
@@ -95,332 +74,326 @@
"uma_authorization"
],
"client": {
- "hopps-app": [
- "User"
- ],
"account": [
- "view-profile",
- "manage-account"
+ "manage-account",
+ "view-profile"
]
}
},
"clientRole": false,
- "containerId": "491ac6c6-b77e-44a8-a95e-d771c8eb74ed",
+ "containerId": "248d65ab-5cec-458a-b141-05b6d7469be9",
"attributes": {}
},
{
- "id": "2cb5c82c-978f-4346-8045-b3c031bc10d8",
+ "id": "0c3708bc-65dd-4098-a446-bf286d25a11b",
"name": "offline_access",
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
- "containerId": "491ac6c6-b77e-44a8-a95e-d771c8eb74ed",
+ "containerId": "248d65ab-5cec-458a-b141-05b6d7469be9",
"attributes": {}
},
{
- "id": "adfc5ec6-5c12-4dbd-807c-61ae39e6a6cc",
- "name": "create-realm",
- "description": "${role_create-realm}",
+ "id": "bef0c0f7-304d-4042-b37d-ca11fc23bae7",
+ "name": "user",
"composite": false,
"clientRole": false,
- "containerId": "491ac6c6-b77e-44a8-a95e-d771c8eb74ed",
- "attributes": {}
- },
- {
- "id": "ec85c0e1-41a7-48c3-b6f3-a3afcd74868b",
- "name": "uma_authorization",
- "description": "${role_uma_authorization}",
- "composite": false,
- "clientRole": false,
- "containerId": "491ac6c6-b77e-44a8-a95e-d771c8eb74ed",
+ "containerId": "248d65ab-5cec-458a-b141-05b6d7469be9",
"attributes": {}
}
],
"client": {
- "hopps-app": [
+ "realm-management": [
{
- "id": "944e39fb-d201-4678-9b58-1a3a41b95a14",
- "name": "User",
- "description": "",
- "composite": true,
- "composites": {
- "client": {
- "account": [
- "view-profile"
- ]
- }
- },
+ "id": "d0abf682-30ea-42d6-a1a5-af7241aac7b6",
+ "name": "query-groups",
+ "description": "${role_query-groups}",
+ "composite": false,
"clientRole": true,
- "containerId": "68999674-004d-4cd7-8383-4c0f1b5d8de8",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
- }
- ],
- "security-admin-console": [],
- "admin-cli": [],
- "account-console": [],
- "broker": [
+ },
{
- "id": "d677f558-2fa3-4f58-a8be-ab719a4e967a",
- "name": "read-token",
- "description": "${role_read-token}",
+ "id": "da124466-18e1-464d-b597-2b067d64dea1",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
"composite": false,
"clientRole": true,
- "containerId": "5bb4e972-9fdd-43d8-8df8-ff73cdbd327e",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
- }
- ],
- "master-realm": [
+ },
{
- "id": "d2769ba9-835f-4f34-9beb-5ce3c6f2619b",
- "name": "query-groups",
- "description": "${role_query-groups}",
+ "id": "bd66aca5-978d-4570-99e2-80f0b09f8500",
+ "name": "query-users",
+ "description": "${role_query-users}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "85b46f38-7a88-4515-921d-1bd3a3b9abc4",
- "name": "query-realms",
- "description": "${role_query-realms}",
+ "id": "65c961c0-5212-4e33-9d4e-ce3655e6901c",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "4aa12f69-ad2a-4d50-86ad-a0b87f499437",
- "name": "impersonation",
- "description": "${role_impersonation}",
+ "id": "7c491f05-2496-43a6-b773-9595ff1198a1",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "60330d7e-0fd8-47e9-bd82-f5be7d82eee3",
- "name": "view-users",
- "description": "${role_view-users}",
+ "id": "517e689c-5af9-45a6-b9bb-1334e4290c12",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
+ "attributes": {}
+ },
+ {
+ "id": "38a77c03-0ec8-49b1-a1a3-1ddbdd8cca29",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
+ "attributes": {}
+ },
+ {
+ "id": "5be7ef1d-6007-488f-939f-98c4e74954ae",
+ "name": "realm-admin",
+ "description": "${role_realm-admin}",
"composite": true,
"composites": {
"client": {
- "master-realm": [
+ "realm-management": [
"query-groups",
- "query-users"
+ "view-identity-providers",
+ "query-users",
+ "manage-events",
+ "manage-realm",
+ "view-realm",
+ "view-authorization",
+ "manage-users",
+ "impersonation",
+ "view-clients",
+ "create-client",
+ "view-users",
+ "view-events",
+ "query-clients",
+ "manage-clients",
+ "manage-authorization",
+ "manage-identity-providers",
+ "query-realms"
]
}
},
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "78b0e0de-8d90-4998-bddd-11b28219581c",
- "name": "manage-clients",
- "description": "${role_manage-clients}",
+ "id": "ea9feff2-01ad-472e-8e6f-1541a218c031",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "e77a1d9b-e429-4ec2-b5cc-ea619f788d2a",
- "name": "view-events",
- "description": "${role_view-events}",
+ "id": "f47d4606-900f-4a7d-ab84-bc2d503ebcc3",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "2bdc9f0d-2543-4540-9f19-e29808b0ca3e",
- "name": "query-clients",
- "description": "${role_query-clients}",
+ "id": "a6a10f8b-0579-495b-8803-87a61e64c197",
+ "name": "create-client",
+ "description": "${role_create-client}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "becf7755-b2da-4f1b-8f1d-65ac3a6cfc2b",
- "name": "create-client",
- "description": "${role_create-client}",
- "composite": false,
+ "id": "26dd84cf-6ae4-46a4-8fba-4ed6066d036a",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-clients"
+ ]
+ }
+ },
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "f18d628a-2084-41f9-b268-91d4a2d9488c",
- "name": "query-users",
- "description": "${role_query-users}",
- "composite": false,
+ "id": "de011257-6611-4fc5-a1a6-aa27cd1840f5",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-groups",
+ "query-users"
+ ]
+ }
+ },
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "14820157-877f-45a5-b581-1fcdacdaa678",
- "name": "manage-identity-providers",
- "description": "${role_manage-identity-providers}",
+ "id": "a87ac548-433c-4811-8edc-ec8f74db2720",
+ "name": "view-events",
+ "description": "${role_view-events}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "3414561b-0f62-4f9b-b2bb-8ef8b0845997",
- "name": "view-realm",
- "description": "${role_view-realm}",
+ "id": "ce5291c8-cdf1-4982-87f1-0e1c42112aa9",
+ "name": "query-clients",
+ "description": "${role_query-clients}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "a9e1e681-4153-4bda-86fa-ade74eeb1353",
- "name": "view-identity-providers",
- "description": "${role_view-identity-providers}",
+ "id": "ecb03c2d-e969-4c11-aeea-0671f9a6d15d",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "6ec2a45c-e05b-403b-b4cc-364804a3c58e",
- "name": "manage-events",
- "description": "${role_manage-events}",
+ "id": "6ea035ae-d6e1-4dc7-8de0-6257592fb82e",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "6fcc66cc-1982-41b5-b904-01792a8217e2",
- "name": "view-authorization",
- "description": "${role_view-authorization}",
+ "id": "2796a31a-b398-4ec2-9f31-3bedcf789877",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
},
{
- "id": "e034eba7-9def-40ed-af18-b1a595fae9f1",
- "name": "manage-realm",
- "description": "${role_manage-realm}",
+ "id": "63249a9e-40b6-4044-aaf3-4601f8eca31f",
+ "name": "query-realms",
+ "description": "${role_query-realms}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
"attributes": {}
- },
+ }
+ ],
+ "security-admin-console": [],
+ "admin-cli": [],
+ "account-console": [],
+ "quarkus-app": [],
+ "broker": [
{
- "id": "95f4edc5-2be3-41a1-8f6e-24a6863ab59a",
- "name": "manage-users",
- "description": "${role_manage-users}",
+ "id": "ce3534af-5d3d-4736-bf41-a2c78b86e9f9",
+ "name": "read-token",
+ "description": "${role_read-token}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "4b83e0ec-8ce5-4a68-95de-943336814ce6",
"attributes": {}
- },
+ }
+ ],
+ "account": [
{
- "id": "b1854201-8fa0-4335-9e25-9e8a67126f9f",
- "name": "view-clients",
- "description": "${role_view-clients}",
+ "id": "88693d9d-2b99-4b61-a21d-d314e8c1ca97",
+ "name": "manage-consent",
+ "description": "${role_manage-consent}",
"composite": true,
"composites": {
"client": {
- "master-realm": [
- "query-clients"
+ "account": [
+ "view-consent"
]
}
},
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "a6eaeb5b-e405-427e-a7b0-b992b0acbc47",
"attributes": {}
},
{
- "id": "bb33d029-0026-4b4b-bea0-8a0e5fe8d7ec",
- "name": "manage-authorization",
- "description": "${role_manage-authorization}",
+ "id": "6a9749d6-fce6-43fe-b4c8-eab578d5302b",
+ "name": "view-consent",
+ "description": "${role_view-consent}",
"composite": false,
"clientRole": true,
- "containerId": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
+ "containerId": "a6eaeb5b-e405-427e-a7b0-b992b0acbc47",
"attributes": {}
- }
- ],
- "account": [
+ },
{
- "id": "a18b07a6-1437-465c-9146-a9292c531126",
+ "id": "e41b28f2-7749-4947-8788-2b8ff53ececf",
"name": "delete-account",
"description": "${role_delete-account}",
"composite": false,
"clientRole": true,
- "containerId": "63371709-7c4f-440d-af60-39c5583e51d1",
- "attributes": {}
- },
- {
- "id": "26af3cc8-7e81-43c5-b844-7c7314a68f00",
- "name": "view-groups",
- "description": "${role_view-groups}",
- "composite": false,
- "clientRole": true,
- "containerId": "63371709-7c4f-440d-af60-39c5583e51d1",
- "attributes": {}
- },
- {
- "id": "6c014fe9-1ef1-4434-baf1-60550f3ad8f7",
- "name": "manage-account-links",
- "description": "${role_manage-account-links}",
- "composite": false,
- "clientRole": true,
- "containerId": "63371709-7c4f-440d-af60-39c5583e51d1",
- "attributes": {}
- },
- {
- "id": "d6e84abe-b094-4bb9-a060-9548e212fdf2",
- "name": "view-profile",
- "description": "${role_view-profile}",
- "composite": false,
- "clientRole": true,
- "containerId": "63371709-7c4f-440d-af60-39c5583e51d1",
+ "containerId": "a6eaeb5b-e405-427e-a7b0-b992b0acbc47",
"attributes": {}
},
{
- "id": "083b55d3-40b7-4ff3-8fb3-d29f5fbe6c07",
+ "id": "ad940761-2f9b-4702-b261-ffadec7efc3d",
"name": "view-applications",
"description": "${role_view-applications}",
"composite": false,
"clientRole": true,
- "containerId": "63371709-7c4f-440d-af60-39c5583e51d1",
+ "containerId": "a6eaeb5b-e405-427e-a7b0-b992b0acbc47",
"attributes": {}
},
{
- "id": "7c086566-9aec-4d2d-b4be-45382d57b93d",
- "name": "view-consent",
- "description": "${role_view-consent}",
+ "id": "f5979dbe-b17e-4fb7-892d-ff787bba9a60",
+ "name": "view-groups",
+ "description": "${role_view-groups}",
"composite": false,
"clientRole": true,
- "containerId": "63371709-7c4f-440d-af60-39c5583e51d1",
+ "containerId": "a6eaeb5b-e405-427e-a7b0-b992b0acbc47",
"attributes": {}
},
{
- "id": "d4bb7bbf-62af-4fe2-87f6-85df6f620702",
- "name": "manage-consent",
- "description": "${role_manage-consent}",
- "composite": true,
- "composites": {
- "client": {
- "account": [
- "view-consent"
- ]
- }
- },
+ "id": "af43a684-83d2-478c-a155-f8dc305833b7",
+ "name": "manage-account-links",
+ "description": "${role_manage-account-links}",
+ "composite": false,
"clientRole": true,
- "containerId": "63371709-7c4f-440d-af60-39c5583e51d1",
+ "containerId": "a6eaeb5b-e405-427e-a7b0-b992b0acbc47",
"attributes": {}
},
{
- "id": "1e0d8b5c-4ce8-4e43-a2d1-c34cf073cb78",
+ "id": "8a23e6dc-9ed9-4387-baee-a2ab726cf268",
"name": "manage-account",
"description": "${role_manage-account}",
"composite": true,
@@ -432,7 +405,16 @@
}
},
"clientRole": true,
- "containerId": "63371709-7c4f-440d-af60-39c5583e51d1",
+ "containerId": "a6eaeb5b-e405-427e-a7b0-b992b0acbc47",
+ "attributes": {}
+ },
+ {
+ "id": "a98f0d40-4687-478b-bb6f-c0c826fdeba4",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "a6eaeb5b-e405-427e-a7b0-b992b0acbc47",
"attributes": {}
}
]
@@ -440,12 +422,12 @@
},
"groups": [],
"defaultRole": {
- "id": "b4882b6e-74dd-45ff-96b8-1b3b89062072",
- "name": "default-roles-master",
+ "id": "20026885-01f3-46b7-a634-266ad1d1f08b",
+ "name": "default-roles-quarkus",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
- "containerId": "491ac6c6-b77e-44a8-a95e-d771c8eb74ed"
+ "containerId": "248d65ab-5cec-458a-b141-05b6d7469be9"
},
"requiredCredentials": [
"password"
@@ -465,8 +447,7 @@
"localizationTexts": {},
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": [
- "ES256",
- "RS256"
+ "ES256"
],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
@@ -479,8 +460,7 @@
"webAuthnPolicyExtraOrigins": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": [
- "ES256",
- "RS256"
+ "ES256"
],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
@@ -491,6 +471,24 @@
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"webAuthnPolicyPasswordlessExtraOrigins": [],
+ "users": [
+ {
+ "id": "1471b72c-c2f4-4673-8f2e-f401b5137ba5",
+ "username": "service-account-quarkus-app",
+ "emailVerified": false,
+ "createdTimestamp": 1736499409499,
+ "enabled": true,
+ "totp": false,
+ "serviceAccountClientId": "quarkus-app",
+ "disableableCredentialTypes": [],
+ "requiredActions": [],
+ "realmRoles": [
+ "default-roles-quarkus"
+ ],
+ "notBefore": 0,
+ "groups": []
+ }
+ ],
"scopeMappings": [
{
"clientScope": "offline_access",
@@ -512,17 +510,17 @@
},
"clients": [
{
- "id": "63371709-7c4f-440d-af60-39c5583e51d1",
+ "id": "a6eaeb5b-e405-427e-a7b0-b992b0acbc47",
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
- "baseUrl": "/realms/master/account/",
+ "baseUrl": "/realms/quarkus/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
- "/realms/master/account/*"
+ "/realms/quarkus/account/*"
],
"webOrigins": [],
"notBefore": 0,
@@ -536,7 +534,6 @@
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
- "realm_client": "false",
"post.logout.redirect.uris": "+"
},
"authenticationFlowBindingOverrides": {},
@@ -545,8 +542,8 @@
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"basic",
"email"
],
@@ -554,22 +551,21 @@
"address",
"phone",
"offline_access",
- "organization",
"microprofile-jwt"
]
},
{
- "id": "5b7ae0a7-428f-404f-826b-435718ddd642",
+ "id": "982817b3-4d3c-42b6-8dc0-1e16846fb9ae",
"clientId": "account-console",
"name": "${client_account-console}",
"rootUrl": "${authBaseUrl}",
- "baseUrl": "/realms/master/account/",
+ "baseUrl": "/realms/quarkus/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
- "/realms/master/account/*"
+ "/realms/quarkus/account/*"
],
"webOrigins": [],
"notBefore": 0,
@@ -583,7 +579,6 @@
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
- "realm_client": "false",
"post.logout.redirect.uris": "+",
"pkce.code.challenge.method": "S256"
},
@@ -592,7 +587,7 @@
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
- "id": "caa687b2-3316-4f75-97a3-dce175357448",
+ "id": "d114783a-0536-48a3-ac39-07b97cac26a6",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
@@ -603,8 +598,8 @@
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"basic",
"email"
],
@@ -612,12 +607,11 @@
"address",
"phone",
"offline_access",
- "organization",
"microprofile-jwt"
]
},
{
- "id": "ae4b948a-0c0f-40d6-98bc-def3709976d7",
+ "id": "59adda10-73c7-410e-bf39-30c21dd2b517",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"surrogateAuthRequired": false,
@@ -636,18 +630,15 @@
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
- "attributes": {
- "realm_client": "false",
- "client.use.lightweight.access.token.enabled": "true"
- },
+ "attributes": {},
"authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
+ "fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"basic",
"email"
],
@@ -655,12 +646,11 @@
"address",
"phone",
"offline_access",
- "organization",
"microprofile-jwt"
]
},
{
- "id": "5bb4e972-9fdd-43d8-8df8-ff73cdbd327e",
+ "id": "4b83e0ec-8ce5-4a68-95de-943336814ce6",
"clientId": "broker",
"name": "${client_broker}",
"surrogateAuthRequired": false,
@@ -679,17 +669,15 @@
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
- "attributes": {
- "realm_client": "true"
- },
+ "attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"basic",
"email"
],
@@ -697,15 +685,12 @@
"address",
"phone",
"offline_access",
- "organization",
"microprofile-jwt"
]
},
{
- "id": "68999674-004d-4cd7-8383-4c0f1b5d8de8",
- "clientId": "hopps-app",
- "name": "Hopps",
- "description": "",
+ "id": "4303b4e1-eb67-4b2b-9416-781d69614da2",
+ "clientId": "quarkus-app",
"rootUrl": "http://localhost:5173",
"adminUrl": "http://localhost:5173",
"baseUrl": "http://localhost:5173",
@@ -725,48 +710,79 @@
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
- "implicitFlowEnabled": false,
+ "implicitFlowEnabled": true,
"directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
+ "serviceAccountsEnabled": true,
"publicClient": true,
- "frontchannelLogout": true,
+ "frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
- "realm_client": "false",
- "oidc.ciba.grant.enabled": "false",
- "backchannel.logout.session.required": "true",
- "login_theme": "keycloakify-starter",
- "oauth2.device.authorization.grant.enabled": "false",
- "display.on.consent.screen": "false",
- "backchannel.logout.revoke.offline.tokens": "false"
+ "post.logout.redirect.uris": "+"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "profile",
- "roles",
- "basic",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "organization",
- "microprofile-jwt"
- ]
- },
- {
- "id": "448b0800-cc9b-46a8-88d9-4d08700fc5bb",
- "clientId": "master-realm",
- "name": "master Realm",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
+ "protocolMappers": [
+ {
+ "id": "cd9b0b1d-b2cf-41ac-8181-c950a9ea4901",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "2fbde836-586b-426e-8148-53b2bda4a426",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "39d59309-72eb-4433-904f-9def07de9459",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "client_id",
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "client_id",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "microprofile-jwt",
+ "profile"
+ ],
+ "optionalClientScopes": []
+ },
+ {
+ "id": "c5c201b7-79d0-4159-b666-e8633f72dcf3",
+ "clientId": "realm-management",
+ "name": "${client_realm-management}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
@@ -778,17 +794,16 @@
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
- "attributes": {
- "realm_client": "true"
- },
+ "protocol": "openid-connect",
+ "attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"basic",
"email"
],
@@ -796,22 +811,21 @@
"address",
"phone",
"offline_access",
- "organization",
"microprofile-jwt"
]
},
{
- "id": "e9c42595-249e-401d-aab1-6a20cbfbcd88",
+ "id": "87f1ec93-623d-4ff0-8bfe-d1b90d8dcb7b",
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"rootUrl": "${authAdminUrl}",
- "baseUrl": "/admin/master/console/",
+ "baseUrl": "/admin/quarkus/console/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
- "/admin/master/console/*"
+ "/admin/quarkus/console/*"
],
"webOrigins": [
"+"
@@ -827,17 +841,15 @@
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
- "realm_client": "false",
- "client.use.lightweight.access.token.enabled": "true",
"post.logout.redirect.uris": "+",
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
+ "fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
- "id": "a54431cc-13d1-439c-aaac-507c4da8ea06",
+ "id": "502f3fdf-0498-4152-8759-d359353c5b28",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
@@ -856,8 +868,8 @@
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"basic",
"email"
],
@@ -865,233 +877,257 @@
"address",
"phone",
"offline_access",
- "organization",
"microprofile-jwt"
]
}
],
"clientScopes": [
{
- "id": "6585e67e-23e1-49c2-b995-1b57924e0d05",
- "name": "saml_organization",
- "description": "Organization Membership",
- "protocol": "saml",
- "attributes": {
- "display.on.consent.screen": "false"
- },
- "protocolMappers": [
- {
- "id": "37a356f9-778e-4b29-9b6e-a6b84a908a9e",
- "name": "organization",
- "protocol": "saml",
- "protocolMapper": "saml-organization-membership-mapper",
- "consentRequired": false,
- "config": {}
- }
- ]
- },
- {
- "id": "b221f5d9-5bab-4c75-9caf-4c1267219cb6",
- "name": "profile",
- "description": "OpenID Connect built-in scope: profile",
+ "id": "d4f8abe9-a099-4c0c-849d-0d10be86b5d6",
+ "name": "phone",
+ "description": "OpenID Connect built-in scope: phone",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
- "consent.screen.text": "${profileScopeConsentText}",
+ "consent.screen.text": "${phoneScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
- "id": "dafc4673-41be-4fef-812b-5c0242321c30",
- "name": "given name",
+ "id": "b868a9e5-e9cf-4778-a8c9-753be12a910f",
+ "name": "phone number verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
- "user.attribute": "firstName",
+ "user.attribute": "phoneNumberVerified",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "given_name",
- "jsonType.label": "String"
+ "claim.name": "phone_number_verified",
+ "jsonType.label": "boolean"
}
},
{
- "id": "284457d2-ac4d-42a6-a6d6-ba1317e4c2c3",
- "name": "full name",
+ "id": "767c7dc4-46da-429b-9a0c-20454c9a4ff7",
+ "name": "phone number",
"protocol": "openid-connect",
- "protocolMapper": "oidc-full-name-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
- "id.token.claim": "true",
"introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumber",
+ "id.token.claim": "true",
"access.token.claim": "true",
- "userinfo.token.claim": "true"
+ "claim.name": "phone_number",
+ "jsonType.label": "String"
}
- },
+ }
+ ]
+ },
+ {
+ "id": "18c67a0b-4c7d-4d11-9e40-bf051470b703",
+ "name": "roles",
+ "description": "OpenID Connect scope for add user roles to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "consent.screen.text": "${rolesScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
{
- "id": "dd417e69-20dc-4f2b-93f4-3ab46d68bd1b",
- "name": "profile",
+ "id": "3b121a35-1545-41a6-957f-303cae39bfec",
+ "name": "client roles",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
+ "user.attribute": "foo",
"introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "profile",
- "id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "profile",
- "jsonType.label": "String"
+ "claim.name": "resource_access.${client_id}.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
}
},
{
- "id": "3819353e-3bba-4780-9245-329ad78e6f8c",
- "name": "zoneinfo",
+ "id": "b2e5ed89-c945-4e0d-9ed7-86244baca471",
+ "name": "audience resolve",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "zoneinfo",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "zoneinfo",
- "jsonType.label": "String"
+ "access.token.claim": "true"
}
},
{
- "id": "e7f5c641-aa4f-4b4d-884a-b21921df10bc",
- "name": "birthdate",
+ "id": "857777de-eb5e-4177-b407-0b821e722a75",
+ "name": "realm roles",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
+ "user.attribute": "foo",
"introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "birthdate",
- "id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "birthdate",
- "jsonType.label": "String"
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
}
- },
+ }
+ ]
+ },
+ {
+ "id": "6d6890ab-64ff-484c-ba2a-5c66b12bf42a",
+ "name": "address",
+ "description": "OpenID Connect built-in scope: address",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "consent.screen.text": "${addressScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
{
- "id": "8c41219d-f47c-41b8-b7c0-59b8650ee85a",
- "name": "picture",
+ "id": "b130baff-2a07-47bc-b0b9-0bd8e4c68d52",
+ "name": "address",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-address-mapper",
"consentRequired": false,
"config": {
+ "user.attribute.formatted": "formatted",
+ "user.attribute.country": "country",
"introspection.token.claim": "true",
+ "user.attribute.postal_code": "postal_code",
"userinfo.token.claim": "true",
- "user.attribute": "picture",
+ "user.attribute.street": "street",
"id.token.claim": "true",
+ "user.attribute.region": "region",
"access.token.claim": "true",
- "claim.name": "picture",
- "jsonType.label": "String"
+ "user.attribute.locality": "locality"
}
- },
+ }
+ ]
+ },
+ {
+ "id": "7ca9fbe7-3f20-4bd6-83d4-3af81981fbe6",
+ "name": "basic",
+ "description": "OpenID Connect scope for add all basic claims to the token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
{
- "id": "1bf5a279-c34c-4aec-9c1b-9902a0d1b22f",
- "name": "locale",
+ "id": "209423f7-6dd9-4fb5-a899-f7140082c627",
+ "name": "sub",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-sub-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "locale",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "locale",
- "jsonType.label": "String"
+ "access.token.claim": "true"
}
},
{
- "id": "aa26591e-c10c-4311-a9da-d78f337032ba",
- "name": "username",
+ "id": "81a19e89-61cc-4caa-9d42-ae75f3c18141",
+ "name": "auth_time",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
- "introspection.token.claim": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "username",
+ "user.session.note": "AUTH_TIME",
"id.token.claim": "true",
+ "introspection.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "preferred_username",
- "jsonType.label": "String"
+ "claim.name": "auth_time",
+ "jsonType.label": "long"
}
- },
+ }
+ ]
+ },
+ {
+ "id": "59f86b95-9463-4704-bfc2-67128e820620",
+ "name": "profile",
+ "description": "OpenID Connect built-in scope: profile",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "consent.screen.text": "${profileScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
{
- "id": "79171349-9e5c-4b36-ac06-86b4bd0c9de8",
- "name": "updated at",
+ "id": "48f6eb89-3165-4fad-a1d2-04374ccd594f",
+ "name": "profile",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
- "user.attribute": "updatedAt",
+ "user.attribute": "profile",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "updated_at",
- "jsonType.label": "long"
+ "claim.name": "profile",
+ "jsonType.label": "String"
}
},
{
- "id": "f9d7a735-01ed-4c07-8256-88037520fe28",
- "name": "middle name",
+ "id": "6ce9fa42-8d0e-4f50-a2a4-5e59178cb342",
+ "name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
- "user.attribute": "middleName",
+ "user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "middle_name",
+ "claim.name": "locale",
"jsonType.label": "String"
}
},
{
- "id": "8abb48de-92c9-4429-9259-cec4291f7359",
- "name": "nickname",
+ "id": "8d231b1e-1c39-453e-a301-f4e053b874cd",
+ "name": "middle name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
- "user.attribute": "nickname",
+ "user.attribute": "middleName",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "nickname",
+ "claim.name": "middle_name",
"jsonType.label": "String"
}
},
{
- "id": "309a839b-f50f-424f-b878-1a901a0cf2f6",
- "name": "gender",
+ "id": "46c2b7ab-c6d7-439c-9af7-a14e12df2d15",
+ "name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
- "user.attribute": "gender",
+ "user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "gender",
+ "claim.name": "given_name",
"jsonType.label": "String"
}
},
{
- "id": "efa52ffb-5fca-480b-9bf4-4fc331cf90a3",
+ "id": "4a503eea-d1c2-4d62-b00c-f0165ef6773c",
"name": "website",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
@@ -1107,7 +1143,7 @@
}
},
{
- "id": "e32a752e-13f5-423c-be6c-8ea2f6735183",
+ "id": "b94d0d2d-35fd-43e2-99b2-968cb0783ac6",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
@@ -1121,247 +1157,160 @@
"claim.name": "family_name",
"jsonType.label": "String"
}
- }
- ]
- },
- {
- "id": "35ccf1c5-511f-47f2-8c94-1505a6bc2e6f",
- "name": "address",
- "description": "OpenID Connect built-in scope: address",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "consent.screen.text": "${addressScopeConsentText}",
- "display.on.consent.screen": "true"
- },
- "protocolMappers": [
+ },
{
- "id": "5bec77bd-b323-40db-900c-6ae52fb04cae",
- "name": "address",
+ "id": "17a92a06-5a15-4ed6-abba-9ab9e6982a16",
+ "name": "birthdate",
"protocol": "openid-connect",
- "protocolMapper": "oidc-address-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
- "user.attribute.formatted": "formatted",
- "user.attribute.country": "country",
"introspection.token.claim": "true",
- "user.attribute.postal_code": "postal_code",
"userinfo.token.claim": "true",
- "user.attribute.street": "street",
+ "user.attribute": "birthdate",
"id.token.claim": "true",
- "user.attribute.region": "region",
"access.token.claim": "true",
- "user.attribute.locality": "locality"
- }
- }
- ]
- },
- {
- "id": "a628ce51-1663-446a-99f3-7e78d17c2a71",
- "name": "basic",
- "description": "OpenID Connect scope for add all basic claims to the token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "display.on.consent.screen": "false"
- },
- "protocolMappers": [
- {
- "id": "4921fa27-9c81-4908-a9a8-6eb81958fd27",
- "name": "sub",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-sub-mapper",
- "consentRequired": false,
- "config": {
- "introspection.token.claim": "true",
- "access.token.claim": "true"
+ "claim.name": "birthdate",
+ "jsonType.label": "String"
}
},
{
- "id": "01bc1bcc-8f8e-46fe-9066-1324b9e06766",
- "name": "auth_time",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "consentRequired": false,
- "config": {
- "user.session.note": "AUTH_TIME",
- "id.token.claim": "true",
- "introspection.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "auth_time",
- "jsonType.label": "long"
- }
- }
- ]
- },
- {
- "id": "d4d2febb-2109-44f6-8470-b69e25ae3201",
- "name": "phone",
- "description": "OpenID Connect built-in scope: phone",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "consent.screen.text": "${phoneScopeConsentText}",
- "display.on.consent.screen": "true"
- },
- "protocolMappers": [
- {
- "id": "3cfe589b-996b-44ae-8bd5-908115c5f57c",
- "name": "phone number",
+ "id": "fcd6d493-87ff-452a-9a14-29fcc8fc00a7",
+ "name": "gender",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
- "user.attribute": "phoneNumber",
+ "user.attribute": "gender",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "phone_number",
+ "claim.name": "gender",
"jsonType.label": "String"
}
},
{
- "id": "0b931929-5bd3-41f5-bf42-df74eb60ab55",
- "name": "phone number verified",
+ "id": "f02682c2-cc04-4422-bf5b-68c25f10d4a4",
+ "name": "updated at",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
- "user.attribute": "phoneNumberVerified",
+ "user.attribute": "updatedAt",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "phone_number_verified",
- "jsonType.label": "boolean"
+ "claim.name": "updated_at",
+ "jsonType.label": "long"
}
- }
- ]
- },
- {
- "id": "b92668b1-a623-4789-b290-6eb6d675bc60",
- "name": "web-origins",
- "description": "OpenID Connect scope for add allowed web origins to the access token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "consent.screen.text": "",
- "display.on.consent.screen": "false"
- },
- "protocolMappers": [
+ },
{
- "id": "9d9fabe0-bcf9-4089-9ff5-6f5072668313",
- "name": "allowed web origins",
+ "id": "dbad7485-7cf0-4b2f-a4d5-f89898e1ecef",
+ "name": "username",
"protocol": "openid-connect",
- "protocolMapper": "oidc-allowed-origins-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
- "access.token.claim": "true"
- }
- }
- ]
- },
- {
- "id": "576ba828-b7c7-49ef-926e-c5c6fe99aaeb",
- "name": "acr",
- "description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "display.on.consent.screen": "false"
- },
- "protocolMappers": [
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ },
{
- "id": "febf1113-f406-4097-b0ff-233ce2db1b69",
- "name": "acr loa level",
+ "id": "8cd5ed14-2149-4400-a8e1-75a25b3f2eb8",
+ "name": "full name",
"protocol": "openid-connect",
- "protocolMapper": "oidc-acr-mapper",
+ "protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"introspection.token.claim": "true",
- "access.token.claim": "true"
+ "access.token.claim": "true",
+ "userinfo.token.claim": "true"
}
- }
- ]
- },
- {
- "id": "399b8a6f-fd98-4cad-b4fa-0a315b2e12bd",
- "name": "email",
- "description": "OpenID Connect built-in scope: email",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "consent.screen.text": "${emailScopeConsentText}",
- "display.on.consent.screen": "true"
- },
- "protocolMappers": [
+ },
{
- "id": "e150ef4b-5360-417c-aaa7-3774e55eb77c",
- "name": "email",
+ "id": "bb287d1b-3762-4cb3-8ead-1e605cb0ffd6",
+ "name": "nickname",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
- "user.attribute": "email",
+ "user.attribute": "nickname",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "email",
+ "claim.name": "nickname",
"jsonType.label": "String"
}
},
{
- "id": "ce814b95-44a8-405e-bcd7-8f3e1b77c11d",
- "name": "email verified",
+ "id": "3ea65960-ff50-4e51-ab50-2cffbee03dde",
+ "name": "zoneinfo",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
- "user.attribute": "emailVerified",
+ "user.attribute": "zoneinfo",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "email_verified",
- "jsonType.label": "boolean"
+ "claim.name": "zoneinfo",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8644766b-4e1a-41fe-93f0-65e698d72cf0",
+ "name": "picture",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "picture",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "picture",
+ "jsonType.label": "String"
}
}
]
},
{
- "id": "bb877643-f8da-4e51-8edf-4e891451c1a2",
- "name": "organization",
- "description": "Additional claims about the organization a subject belongs to",
+ "id": "b96c1eb3-967d-4fcc-b488-b0a0bc6dea67",
+ "name": "web-origins",
+ "description": "OpenID Connect scope for add allowed web origins to the access token",
"protocol": "openid-connect",
"attributes": {
- "include.in.token.scope": "true",
- "consent.screen.text": "${organizationScopeConsentText}",
- "display.on.consent.screen": "true"
+ "include.in.token.scope": "false",
+ "consent.screen.text": "",
+ "display.on.consent.screen": "false"
},
"protocolMappers": [
{
- "id": "bfd23042-fea9-4807-8b90-e0b306da20a4",
- "name": "organization",
+ "id": "6c06f7bf-724f-4ac4-95e2-bd86dae11667",
+ "name": "allowed web origins",
"protocol": "openid-connect",
- "protocolMapper": "oidc-organization-membership-mapper",
+ "protocolMapper": "oidc-allowed-origins-mapper",
"consentRequired": false,
"config": {
- "id.token.claim": "true",
"introspection.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "organization",
- "jsonType.label": "String",
- "multivalued": "true"
+ "access.token.claim": "true"
}
}
]
},
{
- "id": "ac32ef76-aa44-4e8f-842c-211ca13d4eca",
+ "id": "2d343db3-06b8-4e91-9aa9-2032d3a625f4",
"name": "microprofile-jwt",
"description": "Microprofile - JWT built-in scope",
"protocol": "openid-connect",
@@ -1371,7 +1320,7 @@
},
"protocolMappers": [
{
- "id": "f92a0f3e-93f1-4b2b-9090-97d71f3d6310",
+ "id": "d7d17a02-d85e-4d0c-923a-d6444b648aef",
"name": "groups",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
@@ -1387,7 +1336,7 @@
}
},
{
- "id": "68a5615e-b80d-4547-9ee4-7c1f8b54de64",
+ "id": "a74d6225-ef7c-4e82-8882-f78911cfac87",
"name": "upn",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
@@ -1405,7 +1354,17 @@
]
},
{
- "id": "2536d1b5-2a2a-4b8a-8656-13b8e581c1b6",
+ "id": "55d0a396-063f-4ded-9957-d654cbb01932",
+ "name": "offline_access",
+ "description": "OpenID Connect built-in scope: offline_access",
+ "protocol": "openid-connect",
+ "attributes": {
+ "consent.screen.text": "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen": "true"
+ }
+ },
+ {
+ "id": "c13dd35e-47c3-4792-894b-bf6968803431",
"name": "role_list",
"description": "SAML role list",
"protocol": "saml",
@@ -1415,7 +1374,7 @@
},
"protocolMappers": [
{
- "id": "bf0048ae-af8c-46fb-88b8-c30edee658f1",
+ "id": "6392ca6b-5ff7-49da-9bad-275b7a4aea87",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
@@ -1429,73 +1388,77 @@
]
},
{
- "id": "f5e73e94-fe76-48d6-9d58-877ecc803156",
- "name": "roles",
- "description": "OpenID Connect scope for add user roles to the access token",
+ "id": "8e7ffecd-41b6-4c82-b137-c3f4b7a5d6c2",
+ "name": "email",
+ "description": "OpenID Connect built-in scope: email",
"protocol": "openid-connect",
"attributes": {
- "include.in.token.scope": "false",
- "consent.screen.text": "${rolesScopeConsentText}",
+ "include.in.token.scope": "true",
+ "consent.screen.text": "${emailScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
- "id": "581d29bf-6f2e-4029-867f-0791ba5b79dc",
- "name": "audience resolve",
+ "id": "a6e65006-5abe-4e38-8e07-5c456bda314a",
+ "name": "email",
"protocol": "openid-connect",
- "protocolMapper": "oidc-audience-resolve-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
- "access.token.claim": "true"
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
}
},
{
- "id": "e3be866d-be96-4b5e-8fe1-9119e783618f",
- "name": "realm roles",
+ "id": "eb9df2dc-a733-4bdf-b4fc-4cd78e3337d1",
+ "name": "email verified",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
- "user.attribute": "foo",
"introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "emailVerified",
+ "id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "realm_access.roles",
- "jsonType.label": "String",
- "multivalued": "true"
+ "claim.name": "email_verified",
+ "jsonType.label": "boolean"
}
- },
+ }
+ ]
+ },
+ {
+ "id": "13b01404-f1a6-4786-a731-ee93c8537dec",
+ "name": "acr",
+ "description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
{
- "id": "12c73914-de99-4fac-b99c-a73235218e10",
- "name": "client roles",
+ "id": "b4d79185-48ea-4e5a-9fb7-619b552f3e73",
+ "name": "acr loa level",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "protocolMapper": "oidc-acr-mapper",
"consentRequired": false,
"config": {
- "user.attribute": "foo",
+ "id.token.claim": "true",
"introspection.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "resource_access.${client_id}.roles",
- "jsonType.label": "String",
- "multivalued": "true"
+ "access.token.claim": "true"
}
}
]
- },
- {
- "id": "b0ff0d30-7f02-4ac5-bd2f-8a4cbc5114c3",
- "name": "offline_access",
- "description": "OpenID Connect built-in scope: offline_access",
- "protocol": "openid-connect",
- "attributes": {
- "consent.screen.text": "${offlineAccessScopeConsentText}",
- "display.on.consent.screen": "true"
- }
}
],
"defaultDefaultClientScopes": [
"role_list",
- "saml_organization",
"profile",
"email",
"roles",
@@ -1507,24 +1470,19 @@
"offline_access",
"address",
"phone",
- "microprofile-jwt",
- "organization"
+ "microprofile-jwt"
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"referrerPolicy": "no-referrer",
"xRobotsTag": "none",
- "xFrameOptions": "",
- "contentSecurityPolicy": "",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
- "loginTheme": "keycloakify-starter",
- "accountTheme": "",
- "adminTheme": "",
- "emailTheme": "",
"eventsEnabled": false,
"eventsListeners": [
"jboss-logging"
@@ -1537,19 +1495,45 @@
"components": {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
{
- "id": "9d426e1c-cd0d-4d45-995a-169886ea98ce",
- "name": "Allowed Client Scopes",
- "providerId": "allowed-client-templates",
+ "id": "8767344f-711b-43c0-906c-501c2b1a3493",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
- "allow-default-scopes": [
- "true"
+ "allowed-protocol-mapper-types": [
+ "oidc-usermodel-property-mapper",
+ "oidc-address-mapper",
+ "oidc-full-name-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "saml-user-property-mapper",
+ "saml-user-attribute-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "saml-role-list-mapper"
+ ]
+ }
+ },
+ {
+ "id": "3cd85c02-4b57-407f-bed4-e9a79ddf9516",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "oidc-usermodel-attribute-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "oidc-full-name-mapper",
+ "oidc-address-mapper",
+ "saml-role-list-mapper",
+ "oidc-usermodel-property-mapper",
+ "saml-user-attribute-mapper",
+ "saml-user-property-mapper"
]
}
},
{
- "id": "e92bd66e-b558-4e7c-8ecd-041310545ea8",
+ "id": "d111ba67-04ec-4f0b-bb9e-0e06b30aefc4",
"name": "Max Clients Limit",
"providerId": "max-clients",
"subType": "anonymous",
@@ -1561,15 +1545,27 @@
}
},
{
- "id": "38ecdc56-54d3-440b-adac-aa43e6bdad47",
- "name": "Full Scope Disabled",
- "providerId": "scope",
+ "id": "f3c52414-50f8-45a7-b858-b930c60fbc7e",
+ "name": "Consent Required",
+ "providerId": "consent-required",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
- "id": "8b7b74fd-3d09-4512-b401-19c82f1aafa8",
+ "id": "ead999d8-83df-48f5-a3c5-bc7711bf2234",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "17ea29e5-8bcf-4281-a06f-c512da3967c0",
"name": "Trusted Hosts",
"providerId": "trusted-hosts",
"subType": "anonymous",
@@ -1584,26 +1580,15 @@
}
},
{
- "id": "e17cc221-d232-426a-8f5d-f2ede048f652",
- "name": "Allowed Protocol Mapper Types",
- "providerId": "allowed-protocol-mappers",
- "subType": "authenticated",
+ "id": "eabca06b-3d7f-433c-a811-062265ffaa28",
+ "name": "Full Scope Disabled",
+ "providerId": "scope",
+ "subType": "anonymous",
"subComponents": {},
- "config": {
- "allowed-protocol-mapper-types": [
- "oidc-usermodel-attribute-mapper",
- "oidc-full-name-mapper",
- "oidc-address-mapper",
- "saml-role-list-mapper",
- "oidc-sha256-pairwise-sub-mapper",
- "saml-user-attribute-mapper",
- "saml-user-property-mapper",
- "oidc-usermodel-property-mapper"
- ]
- }
+ "config": {}
},
{
- "id": "19685e9e-4c0e-44f3-9f99-92b0d47618c7",
+ "id": "87cb0e1a-7ca9-4c3e-ae1e-ec1ae027a44c",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "authenticated",
@@ -1613,50 +1598,22 @@
"true"
]
}
- },
- {
- "id": "3b9ce241-f338-444d-ab61-44226b04d243",
- "name": "Allowed Protocol Mapper Types",
- "providerId": "allowed-protocol-mappers",
- "subType": "anonymous",
- "subComponents": {},
- "config": {
- "allowed-protocol-mapper-types": [
- "saml-user-attribute-mapper",
- "oidc-usermodel-attribute-mapper",
- "oidc-address-mapper",
- "saml-role-list-mapper",
- "saml-user-property-mapper",
- "oidc-usermodel-property-mapper",
- "oidc-full-name-mapper",
- "oidc-sha256-pairwise-sub-mapper"
- ]
- }
- },
- {
- "id": "9cec35f9-aec0-442d-a1cf-84bc406ca37d",
- "name": "Consent Required",
- "providerId": "consent-required",
- "subType": "anonymous",
- "subComponents": {},
- "config": {}
}
],
- "org.keycloak.userprofile.UserProfileProvider": [
+ "org.keycloak.keys.KeyProvider": [
{
- "id": "290074a7-c23e-44a9-a326-c95b033be670",
- "providerId": "declarative-user-profile",
+ "id": "f234f515-59ec-4e29-88b0-ac016f9f6e4f",
+ "name": "rsa-generated",
+ "providerId": "rsa-generated",
"subComponents": {},
"config": {
- "kc.user.profile.config": [
- "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}"
+ "priority": [
+ "100"
]
}
- }
- ],
- "org.keycloak.keys.KeyProvider": [
+ },
{
- "id": "6874f24f-67d7-4335-9c20-b7eb77808e7e",
+ "id": "4b8a2df1-28fa-4915-ae2d-0d8318f41450",
"name": "hmac-generated-hs512",
"providerId": "hmac-generated",
"subComponents": {},
@@ -1670,7 +1627,7 @@
}
},
{
- "id": "56bbf35d-4d2e-4e94-983a-e1aaf669808e",
+ "id": "9f07749a-9b7b-4287-9c40-83bd83ea1dae",
"name": "rsa-enc-generated",
"providerId": "rsa-enc-generated",
"subComponents": {},
@@ -1684,18 +1641,7 @@
}
},
{
- "id": "0406aec2-5db5-42ef-8b9e-9eb1da348724",
- "name": "rsa-generated",
- "providerId": "rsa-generated",
- "subComponents": {},
- "config": {
- "priority": [
- "100"
- ]
- }
- },
- {
- "id": "76994947-983d-4d38-965f-302f539d4579",
+ "id": "03852650-47bf-40a8-99a0-2a7bf462fc2f",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
@@ -1707,16 +1653,11 @@
}
]
},
- "internationalizationEnabled": true,
- "supportedLocales": [
- "de",
- "uk",
- "en"
- ],
- "defaultLocale": "en",
+ "internationalizationEnabled": false,
+ "supportedLocales": [],
"authenticationFlows": [
{
- "id": "a4329bcf-4f7e-436b-b475-8cfe660c048e",
+ "id": "36ecd2ef-fb9c-43bd-b7e2-fdc279595436",
"alias": "Account verification options",
"description": "Method with which to verity the existing account",
"providerId": "basic-flow",
@@ -1742,7 +1683,7 @@
]
},
{
- "id": "2ab06f22-7c1e-4561-bb7f-e3b4d7224245",
+ "id": "ce52dda6-fdbb-48bb-981a-d34e6417316d",
"alias": "Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
@@ -1768,7 +1709,7 @@
]
},
{
- "id": "6fb2622b-8156-4bf4-8d7a-993243ef898f",
+ "id": "f8a107a7-f022-406d-ac18-41a3d46f504f",
"alias": "Direct Grant - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
@@ -1794,7 +1735,7 @@
]
},
{
- "id": "f60da335-9e98-4dc6-b84a-0e08601929fa",
+ "id": "afd6f14f-0de3-4047-98af-ce9d3c751062",
"alias": "First broker login - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
@@ -1820,7 +1761,7 @@
]
},
{
- "id": "a1c8cc8f-e6ce-4e4c-a0e5-c556cee7cd3c",
+ "id": "1a77557a-cf20-4d44-a6d9-f0d4e0713843",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
@@ -1846,7 +1787,7 @@
]
},
{
- "id": "a4eeab1c-8373-4f5f-b447-995e5c998c6a",
+ "id": "f15be997-a83d-46c6-81fc-06ed4a281b12",
"alias": "Reset - Conditional OTP",
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId": "basic-flow",
@@ -1872,7 +1813,7 @@
]
},
{
- "id": "8142c48c-c33f-46a0-9921-1a7c63b7dbe0",
+ "id": "fe8eb120-7dbc-456e-806f-5fcaab3acd2f",
"alias": "User creation or linking",
"description": "Flow for the existing/non-existing user alternatives",
"providerId": "basic-flow",
@@ -1899,7 +1840,7 @@
]
},
{
- "id": "c549084a-67a1-4b3b-b64a-892eeb9d2aaf",
+ "id": "a893e81f-f75e-4ca7-9350-6197e2dae757",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
@@ -1925,9 +1866,9 @@
]
},
{
- "id": "4e201d16-4623-4dad-85de-c6ff615a18db",
+ "id": "a107f625-99b7-46ac-864d-c0432b0b7506",
"alias": "browser",
- "description": "Browser based authentication",
+ "description": "browser based authentication",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
@@ -1967,7 +1908,7 @@
]
},
{
- "id": "2189cf18-71c9-4d66-8f6c-b84259f3085f",
+ "id": "3df5a0b3-deaf-4048-a161-c422900fc92b",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
@@ -2009,7 +1950,7 @@
]
},
{
- "id": "67dd8c9d-16eb-40b7-a471-7de6c9c27292",
+ "id": "55086811-6527-443b-b7a9-0436d60d3652",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
@@ -2043,7 +1984,7 @@
]
},
{
- "id": "06f05380-0ab5-4ff7-afb7-d8a57242f15a",
+ "id": "fc850757-525e-4956-ae19-84a2a490ba72",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
@@ -2061,7 +2002,7 @@
]
},
{
- "id": "32a3abfa-083d-4537-9feb-37d07d8d809e",
+ "id": "4d0bf4ac-259c-4df0-97e2-0fdb91384017",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
@@ -2088,7 +2029,7 @@
]
},
{
- "id": "a38575f9-d557-496a-b895-a0e49179df90",
+ "id": "e7f54052-a7a6-4ac4-8f8c-77c59a7a2930",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
@@ -2114,9 +2055,9 @@
]
},
{
- "id": "d7b7d42f-6d93-47b8-911f-502705ff049f",
+ "id": "c3c5dcbf-34b0-49fc-9b45-16d8058ca0ef",
"alias": "registration",
- "description": "Registration flow",
+ "description": "registration flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
@@ -2133,9 +2074,9 @@
]
},
{
- "id": "b747a760-28ea-4dc2-99c4-c8cb2a33bdbc",
+ "id": "85457788-3467-4ed4-a910-61eaa3965022",
"alias": "registration form",
- "description": "Registration form",
+ "description": "registration form",
"providerId": "form-flow",
"topLevel": false,
"builtIn": true,
@@ -2175,7 +2116,7 @@
]
},
{
- "id": "45b7fc12-e9e6-4fdc-9891-53a92057dd5e",
+ "id": "0613fc7d-2447-4aa1-aa1b-3ed004def299",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
@@ -2217,7 +2158,7 @@
]
},
{
- "id": "ca099863-f8d4-4edd-a57e-234a7c0dc837",
+ "id": "ff4c9ae1-3f63-41cd-9558-b73a7b27ca98",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
@@ -2237,14 +2178,14 @@
],
"authenticatorConfig": [
{
- "id": "37b7e57f-542a-4f48-bb79-425dccc8e864",
+ "id": "2926f58e-f0d1-4110-8e21-91764ad50383",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
- "id": "00ba7107-ff21-482f-9dd5-d6ae7965bc26",
+ "id": "7ef72aff-fb2f-48e3-9b43-26972e735497",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"
@@ -2361,27 +2302,15 @@
"firstBrokerLoginFlow": "first broker login",
"attributes": {
"cibaBackchannelTokenDeliveryMode": "poll",
- "cibaAuthRequestedUserHint": "login_hint",
- "oauth2DevicePollingInterval": "5",
- "clientOfflineSessionMaxLifespan": "0",
- "clientSessionIdleTimeout": "0",
- "actionTokenGeneratedByUserLifespan.verify-email": "",
- "actionTokenGeneratedByUserLifespan.idp-verify-account-via-email": "",
- "clientOfflineSessionIdleTimeout": "0",
- "actionTokenGeneratedByUserLifespan.execute-actions": "",
- "cibaInterval": "5",
- "realmReusableOtpCode": "false",
"cibaExpiresIn": "120",
+ "cibaAuthRequestedUserHint": "login_hint",
"oauth2DeviceCodeLifespan": "600",
+ "oauth2DevicePollingInterval": "5",
"parRequestUriLifespan": "60",
- "clientSessionMaxLifespan": "0",
- "frontendUrl": "",
- "organizationsEnabled": "false",
- "acr.loa.map": "{}",
- "shortVerificationUri": "",
- "actionTokenGeneratedByUserLifespan.reset-credentials": ""
+ "cibaInterval": "5",
+ "realmReusableOtpCode": "false"
},
- "keycloakVersion": "26.0.2",
+ "keycloakVersion": "25.0.6",
"userManagedAccessAllowed": false,
"organizationsEnabled": false,
"clientProfiles": {
diff --git a/frontend/spa/.prettierrc b/frontend/spa/.prettierrc
index 8b700454..5953e957 100644
--- a/frontend/spa/.prettierrc
+++ b/frontend/spa/.prettierrc
@@ -3,5 +3,6 @@
"singleQuote": true,
"trailingComma": "es5",
"tabWidth": 4,
- "printWidth": 160
+ "printWidth": 160,
+ "endOfLine": "crlf"
}
diff --git a/frontend/spa/package.json b/frontend/spa/package.json
index fb8c5d06..e0ef675a 100644
--- a/frontend/spa/package.json
+++ b/frontend/spa/package.json
@@ -33,6 +33,7 @@
"@types/lodash": "^4.17.11",
"ag-grid-community": "^32.3.3",
"ag-grid-react": "^32.3.3",
+ "axios": "^1.7.9",
"class-variance-authority": "^0.7.0",
"clsx": "^2.1.1",
"emoji-mart": "^5.6.0",
diff --git a/frontend/spa/pnpm-lock.yaml b/frontend/spa/pnpm-lock.yaml
index 053cb8d5..4048ee96 100644
--- a/frontend/spa/pnpm-lock.yaml
+++ b/frontend/spa/pnpm-lock.yaml
@@ -56,6 +56,9 @@ importers:
ag-grid-react:
specifier: ^32.3.3
version: 32.3.3(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+ axios:
+ specifier: ^1.7.9
+ version: 1.7.9
class-variance-authority:
specifier: ^0.7.0
version: 0.7.0
diff --git a/frontend/spa/src/App.tsx b/frontend/spa/src/App.tsx
index 0bdfe70b..85f8e950 100644
--- a/frontend/spa/src/App.tsx
+++ b/frontend/spa/src/App.tsx
@@ -12,6 +12,7 @@ function App() {
useEffect(() => {
themeService.init();
languageService.init();
+
authService.init().catch((e) => console.error('Failed to init authService:', e));
emojiService.init().catch((e) => console.error('Failed to init emojiService:', e));
diff --git a/frontend/spa/src/components/Forms/OrganizationRegistrationForm/OrganizationRegistrationForm.tsx b/frontend/spa/src/components/Forms/OrganizationRegistrationForm/OrganizationRegistrationForm.tsx
index 9ec858f0..6ad3df09 100644
--- a/frontend/spa/src/components/Forms/OrganizationRegistrationForm/OrganizationRegistrationForm.tsx
+++ b/frontend/spa/src/components/Forms/OrganizationRegistrationForm/OrganizationRegistrationForm.tsx
@@ -43,6 +43,7 @@ export function OrganizationRegistrationForm(props: Props) {
owner: {
firstName: data.firstName,
lastName: data.lastName,
+
email: data.email,
},
organization: {
@@ -68,20 +69,21 @@ export function OrganizationRegistrationForm(props: Props) {
-
-
-
-
-
-
+
diff --git a/frontend/spa/src/components/OrganizationStructureTree/OrganizationTree.tsx b/frontend/spa/src/components/OrganizationStructureTree/OrganizationTree.tsx
index a2f17937..11b09ff1 100644
--- a/frontend/spa/src/components/OrganizationStructureTree/OrganizationTree.tsx
+++ b/frontend/spa/src/components/OrganizationStructureTree/OrganizationTree.tsx
@@ -58,8 +58,6 @@ function OrganizationTree({ tree, onTreeChanged }: OrganizationStructureTreeProp
};
useEffect(() => {
- console.log('TREE PROP CHANGED', tree);
-
setTreeData(tree);
}, [tree]);
diff --git a/frontend/spa/src/components/views/OrganizationSettingsView.tsx b/frontend/spa/src/components/views/OrganizationSettingsView.tsx
index e9669902..03d8a0eb 100644
--- a/frontend/spa/src/components/views/OrganizationSettingsView.tsx
+++ b/frontend/spa/src/components/views/OrganizationSettingsView.tsx
@@ -43,7 +43,6 @@ function OrganizationSettingsView() {
console.error(e);
showError(t('organization.settings.saveError'));
} finally {
- console.log('Finally');
setIsLoading(false);
}
};
@@ -76,8 +75,6 @@ function OrganizationSettingsView() {
});
}, []);
- console.log('RENDER', isLoading);
-
return (
<>
diff --git a/frontend/spa/src/services/ApiService.ts b/frontend/spa/src/services/ApiService.ts
index 5045afc4..526d9459 100644
--- a/frontend/spa/src/services/ApiService.ts
+++ b/frontend/spa/src/services/ApiService.ts
@@ -15,6 +15,7 @@ export class ApiService {
this.finUrl = import.meta.env.VITE_API_FIN_URL || '';
this.bommel = new BommelService(this.orgUrl);
+
this.invoices = new InvoicesService(this.finUrl);
this.organization = new OrganizationService(this.orgUrl);
}
diff --git a/frontend/spa/src/services/OrganizationTreeService.ts b/frontend/spa/src/services/OrganizationTreeService.ts
index 1cebd089..7f7cd669 100644
--- a/frontend/spa/src/services/OrganizationTreeService.ts
+++ b/frontend/spa/src/services/OrganizationTreeService.ts
@@ -35,7 +35,6 @@ export class OrganizationTreeService {
}
if (idsToDelete.length) {
- console.log('IDs to delete:', idsToDelete);
await Promise.allSettled(idsToDelete.map((id) => apiService.bommel.deleteBommel(id)));
}
}
@@ -101,7 +100,6 @@ export class OrganizationTreeService {
if (!bommel.id) {
// save new bommel
bommel = await apiService.bommel.createBommel(bommel);
- console.log('BOMMEL CREATED', bommel);
node.data = { id: bommel.id, emoji: bommel.emoji || '' };
} else {
// update existing bommel
@@ -112,13 +110,9 @@ export class OrganizationTreeService {
if (isChanged) {
const moveTo = isMoved ? bommel.parent?.id : undefined;
bommel = await apiService.bommel.updateBommel(bommel.id!, _.omit(bommel, ['parent', 'children']));
- console.log('BOMMEL UPDATED', bommel);
if (isMoved && moveTo) {
await apiService.bommel.moveBommel(bommel.id!, moveTo);
- console.log('BOMMEL MOVED', bommel, 'to', moveTo);
}
- } else {
- console.log('BOMMEL UPDATE SKIPPED', bommel, original);
}
}
}
diff --git a/frontend/spa/src/services/api/BommelService.ts b/frontend/spa/src/services/api/BommelService.ts
index ea9b9bd6..55d1c2f5 100644
--- a/frontend/spa/src/services/api/BommelService.ts
+++ b/frontend/spa/src/services/api/BommelService.ts
@@ -1,69 +1,59 @@
+import axios, { AxiosInstance } from 'axios';
+
import { Bommel } from '@/services/api/types/Bommel.ts';
+import authService from '@/services/auth/AuthService.ts';
export class BommelService {
- constructor(private baseUrl: string) {}
+ private axiosInstance: AxiosInstance;
- async getBommel(id: number) {
- const response = await fetch(`${this.baseUrl}/bommel/${id}`, {
- method: 'GET',
+ constructor(private baseUrl: string) {
+ this.axiosInstance = axios.create({
+ baseURL: this.baseUrl,
+ headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${authService.getAuthToken()}` },
});
- return (await response.json()) as Promise;
}
- async deleteBommel(id: number) {
- await fetch(`${this.baseUrl}/bommel/${id}?recursive=true`, { method: 'DELETE' });
+ async getBommel(id: number): Promise {
+ const response = await this.axiosInstance.get(`/bommel/${id}`);
+ return response.data;
}
- async createBommel(data: Partial) {
- const response = await fetch(`${this.baseUrl}/bommel`, {
- method: 'POST',
- headers: { 'Content-Type': 'application/json' },
- body: JSON.stringify(data),
- });
+ async deleteBommel(id: number): Promise {
+ await this.axiosInstance.delete(`/bommel/${id}?recursive=true`, { headers: { 'Content-Type': 'application/json' } });
+ }
- return response.json();
+ async createBommel(data: Partial): Promise {
+ const response = await this.axiosInstance.post('/bommel', data);
+ return response.data;
}
async createRootBommel(data: Partial & { organizationId: number }): Promise {
- const response = await fetch(`${this.baseUrl}/bommel/root`, {
- method: 'POST',
- headers: { 'Content-Type': 'application/json' },
- body: JSON.stringify(data),
- });
- return response.status === 200 || response.status === 201 ? response.json() : undefined;
+ const response = await this.axiosInstance.post('/bommel/root', data);
+ return response.data;
}
- async getBommelChildren(id: string) {
- const response = await fetch(`${this.baseUrl}/bommel/${id}/children`, {
- method: 'GET',
- });
- return response.json();
+ async getBommelChildren(id: string): Promise {
+ const response = await this.axiosInstance.get(`/bommel/${id}/children`);
+ return response.data;
}
async getBommelChildrenRecursive(id: number): Promise<{ bommel: Bommel }[]> {
- const response = await fetch(`${this.baseUrl}/bommel/${id}/children/recursive`, { method: 'GET' });
- return response.json();
+ const response = await this.axiosInstance.get<{ bommel: Bommel }[]>(`/bommel/${id}/children/recursive`);
+ return response.data;
}
async getRootBommel(organisationId: number): Promise {
- const response = await fetch(`${this.baseUrl}/bommel/root/${organisationId}`, { method: 'GET' });
- return await response.json();
+ const response = await this.axiosInstance.get(`/bommel/root/${organisationId}`);
+ return response.data;
}
- async updateBommel(id: number, data: Partial) {
- const response = await fetch(`${this.baseUrl}/bommel/${id}`, {
- method: 'PUT',
- headers: { 'Content-Type': 'application/json' },
- body: JSON.stringify(data),
- });
- return response.json();
+ async updateBommel(id: number, data: Partial): Promise {
+ const response = await this.axiosInstance.put(`/bommel/${id}`, data);
+ return response.data;
}
async moveBommel(id: number, newParentId: number): Promise> {
- const response = await fetch(`${this.baseUrl}/bommel/move/${id}/to/${newParentId}`, {
- method: 'PUT',
- headers: { 'Content-Type': 'application/json' },
- });
- return await response.json();
+ const response = await this.axiosInstance.put>(`/bommel/move/${id}/to/${newParentId}`);
+ return response.data;
}
}
diff --git a/frontend/spa/src/services/api/OrganizationService.ts b/frontend/spa/src/services/api/OrganizationService.ts
index 94e1b920..2b5db4de 100644
--- a/frontend/spa/src/services/api/OrganizationService.ts
+++ b/frontend/spa/src/services/api/OrganizationService.ts
@@ -1,3 +1,7 @@
+import axios, { AxiosInstance } from 'axios';
+
+import authService from '@/services/auth/AuthService.ts';
+
type RegisterOrganizationPayload = {
owner: {
firstName: string;
@@ -22,30 +26,25 @@ type RegisterOrganizationPayload = {
};
export class OrganizationService {
- constructor(private baseUrl: string) {}
+ private axiosInstance: AxiosInstance;
- async registerOrganization(payload: RegisterOrganizationPayload): Promise {
- const url = `${import.meta.env.VITE_ORGANIZATION_SERVICE_URL || this.baseUrl}/organization`;
- await window.fetch(url, {
- method: 'POST',
- headers: {
- 'Content-Type': 'application/json',
- },
- body: JSON.stringify(payload),
+ constructor(private baseUrl: string) {
+ this.axiosInstance = axios.create({
+ baseURL: this.baseUrl,
+ headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${authService.getAuthToken()}` },
});
}
- async getBySlug(slug: string) {
- const url = `${import.meta.env.VITE_ORGANIZATION_SERVICE_URL || this.baseUrl}/organization/${slug}`;
- const result = await window.fetch(url, {
- method: 'GET',
- headers: { 'Content-Type': 'application/json' },
- });
+ async registerOrganization(payload: RegisterOrganizationPayload): Promise {
+ const url = `${import.meta.env.VITE_ORGANIZATION_SERVICE_URL || this.baseUrl}/organization`;
+ await axios.post(url, payload, { headers: { 'Content-Type': 'application/json' } });
+ }
- const organisation = await result.json();
- console.log(organisation);
+ async getCurrentOrganization() {
+ const url = `${import.meta.env.VITE_ORGANIZATION_SERVICE_URL || this.baseUrl}/organization/my`;
+ const result = await this.axiosInstance.get(url);
- return organisation;
+ return result.data;
}
createSlug(input: string): string {
diff --git a/frontend/spa/src/services/api/invoicesService.ts b/frontend/spa/src/services/api/invoicesService.ts
index 9172b86d..bc6d2c31 100644
--- a/frontend/spa/src/services/api/invoicesService.ts
+++ b/frontend/spa/src/services/api/invoicesService.ts
@@ -1,8 +1,18 @@
+import axios, { AxiosInstance } from 'axios';
+
import { InvoicesTableData } from '@/components/InvoicesTable/types';
import { TransactionRecord } from '@/services/api/types/TransactionRecord.ts';
+import authService from '@/services/auth/AuthService.ts';
export class InvoicesService {
- constructor(private baseUrl: string) {}
+ private axiosInstance: AxiosInstance;
+
+ constructor(private baseUrl: string) {
+ this.axiosInstance = axios.create({
+ baseURL: this.baseUrl,
+ headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${authService.getAuthToken()}` },
+ });
+ }
async getInvoices(): Promise {
const transactions: TransactionRecord[] = [];
@@ -12,13 +22,11 @@ export class InvoicesService {
while (true) {
const url = `${import.meta.env.VITE_INVOICES_SERVICE_URL || this.baseUrl}/all?page=${page}&size=${pageSize}`;
- const response = await fetch(url, { method: 'GET' });
- const data = (await response.json()) as TransactionRecord[];
+ const response = await this.axiosInstance.get(url);
+ const data = response.data;
if (Array.isArray(data)) {
- data.forEach((transaction) => {
- transactions.push(transaction);
- });
+ transactions.push(...data);
if (data.length < pageSize) {
break;
}
@@ -39,7 +47,7 @@ export class InvoicesService {
// async getInvoicesByBommel(bommelId: number): Promise {
// const url = `${import.meta.env.VITE_INVOICES_SERVICE_URL || this.baseUrl}/all`;
- // const response = await fetch(url, { method: 'GET' });
- // return response.json();
+ // const response = await this.axiosInstance.get(url);
+ // return response.data;
// }
}
diff --git a/frontend/spa/src/services/auth/AuthService.ts b/frontend/spa/src/services/auth/AuthService.ts
index 976633b0..dc5e1066 100644
--- a/frontend/spa/src/services/auth/AuthService.ts
+++ b/frontend/spa/src/services/auth/AuthService.ts
@@ -3,7 +3,6 @@ import { pick } from 'lodash';
import { KeycloakServiceProvider } from '@/services/auth/keycloakServiceProvider.ts';
import { AuthServiceProvider } from '@/services/auth/AuthServiceProvider.ts';
import { useStore } from '@/store/store.ts';
-import apiService from '@/services/ApiService.ts';
export class AuthService {
private provider: AuthServiceProvider;
@@ -22,6 +21,7 @@ export class AuthService {
}
login() {
+ window.localStorage.setItem('REDIRECT_AFTER_LOGIN', 'true');
return this.provider.login();
}
@@ -38,7 +38,19 @@ export class AuthService {
return this.provider.checkLogin();
}
+ onUserLogin() {
+ const isRedirectAfterLogin = window.localStorage.getItem('REDIRECT_AFTER_LOGIN') === 'true';
+ window.localStorage.removeItem('REDIRECT_AFTER_LOGIN');
+
+ if (isRedirectAfterLogin) {
+ window.setTimeout(() => {
+ window.location.href = '/';
+ }, 0);
+ }
+ }
+
async loadUserOrganisation() {
+ const apiService = (await import('@/services/ApiService.ts')).default;
const user = useStore.getState().user;
if (!user) {
@@ -46,9 +58,7 @@ export class AuthService {
return;
}
- // todo replace with out using slug
- const organisationSlug = 'test';
- const organisation = await apiService.organization.getBySlug(organisationSlug);
+ const organisation = await apiService.organization.getCurrentOrganization();
useStore.getState().setOrganization(organisation);
}
diff --git a/frontend/spa/src/services/auth/keycloakServiceProvider.ts b/frontend/spa/src/services/auth/keycloakServiceProvider.ts
index 4b13e6da..5d834ce0 100644
--- a/frontend/spa/src/services/auth/keycloakServiceProvider.ts
+++ b/frontend/spa/src/services/auth/keycloakServiceProvider.ts
@@ -34,6 +34,7 @@ export class KeycloakServiceProvider implements AuthServiceProvider {
try {
const data = (await this.keycloak.loadUserInfo()) as { id: string; name: string; email: string };
await this.authService.setAuthUser(data);
+ await this.authService.onUserLogin();
} catch (e) {
await this.authService.setAuthUser(null);
console.error('Failed to load user info', e);