kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 02:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4d223f178452f94cc9f093fdadffa72b5bf270c0
computer-playbook/roles/web-app-keycloak/templates/import/clients/default.json.j2
Kevin Veen-Birkenbach 97f4045c68 Keycloak: align client attributes with realm dictionary 
- Extended kc_force_attrs in tasks/main.yml to source 'publicClient',
  'serviceAccountsEnabled' and 'frontchannelLogout' directly from
  KEYCLOAK_DICTIONARY_REALM for consistency with import definitions.
- Updated default.json.j2 import template to set 'publicClient' to true.
- Public client mode is required so the frontend API of role 'web-app-desktop'
  can handle login/logout flows without client secret.

Ref: https://chatgpt.com/share/68ae0060-4fac-800f-9f02-22592a4087d3
2025-08-26 21:22:27 +02:00

61 lines
1.9 KiB
Django/Jinja
Raw Blame History

{
"clientId": "{{ KEYCLOAK_CLIENT_ID }}",
"name": "",
"description": "",
"rootUrl": "{{ KEYCLOAK_REALM_URL }}",
"adminUrl": "{{ KEYCLOAK_REALM_URL }}",
"baseUrl": "{{ KEYCLOAK_REALM_URL }}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "{{ OIDC.CLIENT.SECRET }}",
"redirectUris": {{ KEYCLOAK_REDIRECT_URIS | to_json }},
"webOrigins": {{ KEYCLOAK_WEB_ORIGINS | to_json }},
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": true,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"publicClient": true,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"frontchannel.logout.url": {{ KEYCLOAK_FRONTCHANNEL_LOGOUT_URL | to_json }},
"realm_client": "false",
"oidc.ciba.grant.enabled": "false",
"client.secret.creation.time": "0",
"backchannel.logout.session.required": "true",
"standard.token.exchange.enabled": "false",
"post.logout.redirect.uris": {{ KEYCLOAK_POST_LOGOUT_URIS | to_json }},
"frontchannel.logout.session.required": "true",
"oauth2.device.authorization.grant.enabled": "false",
"display.on.consent.screen": "false",
"use.jwks.url": "false",
"backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"service_account",
"acr",
"roles",
"profile",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"organization",
"offline_access",
"microprofile-jwt",
"{{ KEYCLOAK_RBAC_GROUP_CLAIM }}",
"{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}"
]
}
Reference in New Issue View Git Blame Copy Permalink