From 1f0f9196c43ba5167f34a56d5d3d18076724acfe Mon Sep 17 00:00:00 2001
From: Pierre Tellier <piair338@gmail.com>
Date: Wed, 7 May 2025 10:45:38 +0200
Subject: [PATCH 1/4] feat: fixed 403 errors
---
Makefile | 1 +
.../WebSecurityCustomConfiguration.java | 12 +-
.../src/main/resources/application.properties | 4 +-
config/dev.env | 4 +-
keycloak/realm.json | 2638 +++++++++++++++++
5 files changed, 2652 insertions(+), 7 deletions(-)
create mode 100644 keycloak/realm.json
diff --git a/Makefile b/Makefile
index 6f4e820..676cf0d 100644
--- a/Makefile
+++ b/Makefile
@@ -2,6 +2,7 @@ help:
@echo "make [clean dev-front prod dev-back dev]"
clean:
+ pkill -9 node
@cp config/frontdev.env front/MyINPulse-front/.env
@cp config/frontdev.env .env
@cp config/frontdev.env MyINPulse-back/.env
diff --git a/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java b/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java
index 2cbeccb..52e57d6 100644
--- a/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java
+++ b/MyINPulse-back/src/main/java/enseirb/myinpulse/config/WebSecurityCustomConfiguration.java
@@ -56,12 +56,18 @@ public class WebSecurityCustomConfiguration {
http.authorizeHttpRequests(
authorize ->
authorize
- .requestMatchers("/entrepreneur/**", "/shared/**")
+ .requestMatchers("/entrepreneur/**")
.access(hasRole("REALM_MyINPulse-entrepreneur"))
- .requestMatchers("/admin/**", "/shared/**")
+ .requestMatchers("/admin/**")
.access(hasRole("REALM_MyINPulse-admin"))
+ .requestMatchers("/shared/**")
+ .hasAnyRole(
+ "REALM_MyINPulse-admin",
+ "REALM_MyINPulse-entrepreneur")
.requestMatchers("/unauth/**")
- .authenticated())
+ .authenticated()
+ .anyRequest()
+ .denyAll())
.oauth2ResourceServer(
oauth2 ->
oauth2.jwt(
diff --git a/MyINPulse-back/src/main/resources/application.properties b/MyINPulse-back/src/main/resources/application.properties
index 043c22b..0f12c34 100644
--- a/MyINPulse-back/src/main/resources/application.properties
+++ b/MyINPulse-back/src/main/resources/application.properties
@@ -1,6 +1,6 @@
spring.application.name=myinpulse
-spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:7080/realms/test/protocol/openid-connect/certs
-spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:7080/realms/test
+spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:7080/realms/${VITE_KEYCLOAK_REALM}/protocol/openid-connect/certs
+spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:7080/realms/${VITE_KEYCLOAK_REALM}
spring.datasource.url=jdbc:postgresql://${DATABASE_URL}/${BACKEND_DB}
spring.datasource.username=${BACKEND_USER}
spring.datasource.password=${BACKEND_PASSWORD}
diff --git a/config/dev.env b/config/dev.env
index bcd45f3..3b6eeaa 100644
--- a/config/dev.env
+++ b/config/dev.env
@@ -16,7 +16,7 @@ BACKEND_PASSWORD=backend_db_user_password
DATABASE_URL=localhost:5433
VITE_KEYCLOAK_URL=http://localhost:7080
-VITE_KEYCLOAK_CLIENT_ID=myinpulse-dev
-VITE_KEYCLOAK_REALM=test
+VITE_KEYCLOAK_CLIENT_ID=MyINPulse-vite
+VITE_KEYCLOAK_REALM=MyINPulse
VITE_APP_URL=http://localhost:5173
VITE_BACKEND_URL=http://localhost:8081/
diff --git a/keycloak/realm.json b/keycloak/realm.json
new file mode 100644
index 0000000..0a0810c
--- /dev/null
+++ b/keycloak/realm.json
@@ -0,0 +1,2638 @@
+{
+ "id": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902",
+ "realm": "MyINPulse",
+ "notBefore": 0,
+ "defaultSignatureAlgorithm": "RS256",
+ "revokeRefreshToken": false,
+ "refreshTokenMaxReuse": 0,
+ "accessTokenLifespan": 300,
+ "accessTokenLifespanForImplicitFlow": 900,
+ "ssoSessionIdleTimeout": 1800,
+ "ssoSessionMaxLifespan": 36000,
+ "ssoSessionIdleTimeoutRememberMe": 0,
+ "ssoSessionMaxLifespanRememberMe": 0,
+ "offlineSessionIdleTimeout": 2592000,
+ "offlineSessionMaxLifespanEnabled": false,
+ "offlineSessionMaxLifespan": 5184000,
+ "clientSessionIdleTimeout": 0,
+ "clientSessionMaxLifespan": 0,
+ "clientOfflineSessionIdleTimeout": 0,
+ "clientOfflineSessionMaxLifespan": 0,
+ "accessCodeLifespan": 60,
+ "accessCodeLifespanUserAction": 300,
+ "accessCodeLifespanLogin": 1800,
+ "actionTokenGeneratedByAdminLifespan": 43200,
+ "actionTokenGeneratedByUserLifespan": 300,
+ "oauth2DeviceCodeLifespan": 600,
+ "oauth2DevicePollingInterval": 5,
+ "enabled": true,
+ "sslRequired": "external",
+ "registrationAllowed": true,
+ "registrationEmailAsUsername": false,
+ "rememberMe": false,
+ "verifyEmail": false,
+ "loginWithEmailAllowed": true,
+ "duplicateEmailsAllowed": false,
+ "resetPasswordAllowed": false,
+ "editUsernameAllowed": false,
+ "bruteForceProtected": false,
+ "permanentLockout": false,
+ "maxTemporaryLockouts": 0,
+ "bruteForceStrategy": "MULTIPLE",
+ "maxFailureWaitSeconds": 900,
+ "minimumQuickLoginWaitSeconds": 60,
+ "waitIncrementSeconds": 60,
+ "quickLoginCheckMilliSeconds": 1000,
+ "maxDeltaTimeSeconds": 43200,
+ "failureFactor": 30,
+ "roles": {
+ "realm": [
+ {
+ "id": "1837cafb-5ab8-4209-8127-d2e094e4f67d",
+ "name": "default-roles-myinpulse",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "composites": {
+ "realm": [
+ "offline_access",
+ "uma_authorization"
+ ],
+ "client": {
+ "account": [
+ "manage-account",
+ "view-profile"
+ ]
+ }
+ },
+ "clientRole": false,
+ "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902",
+ "attributes": {}
+ },
+ {
+ "id": "386ec1d5-844c-4eea-9e0f-db636b5eef6e",
+ "name": "MyINPulse-admin",
+ "description": "Role for administrators",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-users",
+ "query-groups",
+ "manage-users",
+ "view-clients",
+ "query-clients",
+ "query-realms",
+ "realm-admin"
+ ],
+ "account": [
+ "manage-consent",
+ "view-consent",
+ "view-profile",
+ "view-groups",
+ "delete-account",
+ "view-applications",
+ "manage-account",
+ "manage-account-links"
+ ]
+ }
+ },
+ "clientRole": false,
+ "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902",
+ "attributes": {}
+ },
+ {
+ "id": "b97b11e5-d3a9-435b-84a9-9606de042566",
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902",
+ "attributes": {}
+ },
+ {
+ "id": "467438de-b701-4e4c-b93a-b321e0590ded",
+ "name": "MyINPulse-entrepreneur",
+ "description": "Role for entrepreneurs",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902",
+ "attributes": {}
+ },
+ {
+ "id": "92083400-a769-4446-a826-dc9e670c675a",
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902",
+ "attributes": {}
+ }
+ ],
+ "client": {
+ "realm-management": [
+ {
+ "id": "60ae16ca-0b98-455f-982e-bea895166a48",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "74a598d5-b467-4c7d-99b7-0af6ef7d3c46",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "7bba5b54-94b9-4175-af50-bcbafb83c59e",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "d1d601e8-7c89-4dd2-8b8d-a0007209dcca",
+ "name": "query-users",
+ "description": "${role_query-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "606a564b-02db-4a53-ab54-bb046b988807",
+ "name": "query-groups",
+ "description": "${role_query-groups}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "6a359238-f612-4739-91c6-68c23293a8b0",
+ "name": "manage-realm",
+ "description": "${role_manage-realm}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "a8691ba4-0830-46f1-927b-50a74c5be67f",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "0c23c803-8c57-4aec-87d0-b63964211284",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "b0f288bd-2999-47f6-93dd-96a25625d7b9",
+ "name": "view-events",
+ "description": "${role_view-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "eea3d793-85d7-44f3-9aa8-0a6e7a41a0b6",
+ "name": "view-users",
+ "description": "${role_view-users}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-users",
+ "query-groups"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "0fb4be83-230d-4670-ad93-cac3da57f6bf",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "fe0fd495-2e68-4316-acc8-d0eb960179f5",
+ "name": "create-client",
+ "description": "${role_create-client}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "417d9e68-03c2-43ef-a290-7c3ac8c91022",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-clients"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "fafc293d-4e13-4f6f-8b66-16ac77974e5a",
+ "name": "query-clients",
+ "description": "${role_query-clients}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "2eb53e25-ddbe-4eb8-bcef-660862d5a164",
+ "name": "query-realms",
+ "description": "${role_query-realms}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "9ee1128e-cc63-4188-9cf7-8d44eea2b2d5",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "319b2f8b-9774-4418-abfa-1b6fed535764",
+ "name": "realm-admin",
+ "description": "${role_realm-admin}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "view-realm",
+ "manage-clients",
+ "manage-identity-providers",
+ "query-users",
+ "query-groups",
+ "manage-realm",
+ "view-events",
+ "view-authorization",
+ "manage-users",
+ "view-users",
+ "view-identity-providers",
+ "create-client",
+ "view-clients",
+ "query-clients",
+ "query-realms",
+ "manage-authorization",
+ "manage-events",
+ "impersonation"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "ad8012d3-8437-4654-afb6-2e8246a6c126",
+ "name": "impersonation",
+ "description": "${role_impersonation}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ },
+ {
+ "id": "e8169c25-99e4-4672-af25-3de74c208fb7",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "attributes": {}
+ }
+ ],
+ "MyINPulse-vite": [],
+ "security-admin-console": [],
+ "admin-cli": [],
+ "account-console": [],
+ "broker": [
+ {
+ "id": "ee2f11dd-eda6-4ddd-bf18-da4f57341a6d",
+ "name": "read-token",
+ "description": "${role_read-token}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "465b3874-6a03-4f61-856a-ec92c1a30383",
+ "attributes": {}
+ }
+ ],
+ "account": [
+ {
+ "id": "5bb734ca-1e84-4efe-a306-f5171ed49246",
+ "name": "view-applications",
+ "description": "${role_view-applications}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c",
+ "attributes": {}
+ },
+ {
+ "id": "617dabe6-6d05-4d70-8c6f-94f3ff664249",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "manage-account-links"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c",
+ "attributes": {}
+ },
+ {
+ "id": "1da955d8-d827-40ed-a450-ce91db6da729",
+ "name": "manage-consent",
+ "description": "${role_manage-consent}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "account": [
+ "view-consent"
+ ]
+ }
+ },
+ "clientRole": true,
+ "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c",
+ "attributes": {}
+ },
+ {
+ "id": "fddbf83f-7c3d-4eec-b26c-39e5f0b6ef50",
+ "name": "manage-account-links",
+ "description": "${role_manage-account-links}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c",
+ "attributes": {}
+ },
+ {
+ "id": "fc2ad906-dadd-472a-8f8f-b8c45a1f68b3",
+ "name": "view-consent",
+ "description": "${role_view-consent}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c",
+ "attributes": {}
+ },
+ {
+ "id": "3bf3af64-b606-450d-bbb6-801f17bcaf5a",
+ "name": "view-groups",
+ "description": "${role_view-groups}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c",
+ "attributes": {}
+ },
+ {
+ "id": "ac2faad4-a292-43e4-b9f1-97155cdfa4b5",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c",
+ "attributes": {}
+ },
+ {
+ "id": "d50bac0f-a103-49c5-949b-68cc607af2cb",
+ "name": "delete-account",
+ "description": "${role_delete-account}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c",
+ "attributes": {}
+ }
+ ]
+ }
+ },
+ "groups": [],
+ "defaultRole": {
+ "id": "1837cafb-5ab8-4209-8127-d2e094e4f67d",
+ "name": "default-roles-myinpulse",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "clientRole": false,
+ "containerId": "cabafe50-534e-4f3d-9eeb-f9ab39ea7902"
+ },
+ "requiredCredentials": [
+ "password"
+ ],
+ "otpPolicyType": "totp",
+ "otpPolicyAlgorithm": "HmacSHA1",
+ "otpPolicyInitialCounter": 0,
+ "otpPolicyDigits": 6,
+ "otpPolicyLookAheadWindow": 1,
+ "otpPolicyPeriod": 30,
+ "otpPolicyCodeReusable": false,
+ "otpSupportedApplications": [
+ "totpAppFreeOTPName",
+ "totpAppGoogleName",
+ "totpAppMicrosoftAuthenticatorName"
+ ],
+ "localizationTexts": {},
+ "webAuthnPolicyRpEntityName": "keycloak",
+ "webAuthnPolicySignatureAlgorithms": [
+ "ES256",
+ "RS256"
+ ],
+ "webAuthnPolicyRpId": "",
+ "webAuthnPolicyAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyRequireResidentKey": "not specified",
+ "webAuthnPolicyUserVerificationRequirement": "not specified",
+ "webAuthnPolicyCreateTimeout": 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyAcceptableAaguids": [],
+ "webAuthnPolicyExtraOrigins": [],
+ "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms": [
+ "ES256",
+ "RS256"
+ ],
+ "webAuthnPolicyPasswordlessRpId": "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout": 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids": [],
+ "webAuthnPolicyPasswordlessExtraOrigins": [],
+ "scopeMappings": [
+ {
+ "clientScope": "offline_access",
+ "roles": [
+ "offline_access"
+ ]
+ },
+ {
+ "clientScope": "MyINPulse-client-scope",
+ "roles": [
+ "MyINPulse-entrepreneur",
+ "MyINPulse-admin"
+ ]
+ }
+ ],
+ "clientScopeMappings": {
+ "account": [
+ {
+ "client": "account-console",
+ "roles": [
+ "manage-account",
+ "view-groups"
+ ]
+ }
+ ]
+ },
+ "clients": [
+ {
+ "id": "623ff9e2-e2a2-48c9-9efb-7c913cbe395c",
+ "clientId": "account",
+ "name": "${client_account}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/MyINPulse/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "/realms/MyINPulse/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "realm_client": "false",
+ "post.logout.redirect.uris": "+"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "basic",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "organization",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "b6254726-0bb8-4d9c-8656-187959d4ed3f",
+ "clientId": "account-console",
+ "name": "${client_account-console}",
+ "rootUrl": "${authBaseUrl}",
+ "baseUrl": "/realms/MyINPulse/account/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "/realms/MyINPulse/account/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "realm_client": "false",
+ "post.logout.redirect.uris": "+",
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "26c2abdb-a1d1-4e05-9746-a99585533e5b",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "basic",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "organization",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "e62d51cd-6ce3-4cf1-b6d9-e183353cfabf",
+ "clientId": "admin-cli",
+ "name": "${client_admin-cli}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": false,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "realm_client": "false",
+ "client.use.lightweight.access.token.enabled": "true"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "basic",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "organization",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "465b3874-6a03-4f61-856a-ec92c1a30383",
+ "clientId": "broker",
+ "name": "${client_broker}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "realm_client": "true"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "basic",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "organization",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "ff7d6d3e-a59a-499a-b65d-891f31f0c990",
+ "clientId": "MyINPulse-vite",
+ "name": "MyINPulse",
+ "description": "client for MyINPulse",
+ "rootUrl": "http://localhost:5173",
+ "adminUrl": "http://localhost:5173/test",
+ "baseUrl": "http://localhost:5173/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "/*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": true,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": true,
+ "protocol": "openid-connect",
+ "attributes": {
+ "realm_client": "false",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "true",
+ "standard.token.exchange.enabled": "false",
+ "post.logout.redirect.uris": "+",
+ "frontchannel.logout.session.required": "true",
+ "display.on.consent.screen": "false",
+ "oauth2.device.authorization.grant.enabled": "true",
+ "backchannel.logout.revoke.offline.tokens": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "id": "d2431015-fec6-4261-8e40-8b761d0703bb",
+ "name": "primary mail",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "lightweight.claim": "false",
+ "access.token.claim": "true",
+ "claim.name": "PrimaryMail",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "MyINPulse-client-scope",
+ "basic",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "organization",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "563ef2a0-f8db-47b2-803b-dd094aa55b95",
+ "clientId": "realm-management",
+ "name": "${client_realm-management}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": true,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "realm_client": "true"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": 0,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "basic",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "organization",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "id": "c642e3d9-9c6d-45f9-86fd-9d6fdbab7b45",
+ "clientId": "security-admin-console",
+ "name": "${client_security-admin-console}",
+ "rootUrl": "${authAdminUrl}",
+ "baseUrl": "/admin/MyINPulse/console/",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "/admin/MyINPulse/console/*"
+ ],
+ "webOrigins": [
+ "+"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": false,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "realm_client": "false",
+ "client.use.lightweight.access.token.enabled": "true",
+ "post.logout.redirect.uris": "+",
+ "pkce.code.challenge.method": "S256"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": 0,
+ "protocolMappers": [
+ {
+ "id": "3fde52d8-24ec-4d1a-ae13-e0b38431d538",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "basic",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "organization",
+ "microprofile-jwt"
+ ]
+ }
+ ],
+ "clientScopes": [
+ {
+ "id": "886b7de1-de76-43e0-a93f-3ff4e048cd3b",
+ "name": "offline_access",
+ "description": "OpenID Connect built-in scope: offline_access",
+ "protocol": "openid-connect",
+ "attributes": {
+ "consent.screen.text": "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen": "true"
+ }
+ },
+ {
+ "id": "a5025d85-7485-4cba-a9fe-d9011f75ad52",
+ "name": "organization",
+ "description": "Additional claims about the organization a subject belongs to",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "consent.screen.text": "${organizationScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "039e94db-1db4-48c0-9fc9-a88e05d51430",
+ "name": "organization",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-organization-membership-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "organization",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "2a529309-6636-4a60-b2f9-febbaeff861c",
+ "name": "phone",
+ "description": "OpenID Connect built-in scope: phone",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "consent.screen.text": "${phoneScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "f20583a2-1713-4354-b1b2-835ea57a1e47",
+ "name": "phone number",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumber",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "be212685-00fd-4ce2-b2af-1c2fe75b2e6b",
+ "name": "phone number verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumberVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "phone_number_verified",
+ "jsonType.label": "boolean"
+ }
+ }
+ ]
+ },
+ {
+ "id": "50653545-af59-4d52-ad31-3bb040bda10d",
+ "name": "roles",
+ "description": "OpenID Connect scope for add user roles to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "consent.screen.text": "${rolesScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "57fb6b23-38de-44fd-a098-737494d9ea71",
+ "name": "client roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "resource_access.${client_id}.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "id": "e136c16d-e651-4d42-b3b8-806c7892d443",
+ "name": "realm roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "id": "3cffe9df-87cb-4532-94a6-6fbb1056c9d0",
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "8b3f56b7-77a3-4fa4-8aad-53ffef3860be",
+ "name": "address",
+ "description": "OpenID Connect built-in scope: address",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "consent.screen.text": "${addressScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "ccb3f102-a32c-48fc-bed9-7d52a59bf531",
+ "name": "address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-address-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute.formatted": "formatted",
+ "user.attribute.country": "country",
+ "introspection.token.claim": "true",
+ "user.attribute.postal_code": "postal_code",
+ "userinfo.token.claim": "true",
+ "user.attribute.street": "street",
+ "id.token.claim": "true",
+ "user.attribute.region": "region",
+ "access.token.claim": "true",
+ "user.attribute.locality": "locality"
+ }
+ }
+ ]
+ },
+ {
+ "id": "64c4ed3c-5335-464c-8570-521879048cfd",
+ "name": "basic",
+ "description": "OpenID Connect scope for add all basic claims to the token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "3c86109d-a7df-4277-b404-fe4c6d842a50",
+ "name": "auth_time",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "AUTH_TIME",
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "auth_time",
+ "jsonType.label": "long"
+ }
+ },
+ {
+ "id": "bbb1ea0e-2935-4a5f-b356-974f8bae8631",
+ "name": "sub",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-sub-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "e3d63f68-4228-4092-ba14-d089b74b658a",
+ "name": "service_account",
+ "description": "Specific scope for a client enabled for service accounts",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "eb28f794-7c08-4a2f-8999-4c788cc7e438",
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "f3033a28-91d3-4604-96ed-0bed93383fc9",
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "49be090a-b8d7-4225-b065-f07a9ff63799",
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "client_id",
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "client_id",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "00b816a9-2ada-4e34-9007-032b25b614c2",
+ "name": "saml_organization",
+ "description": "Organization Membership",
+ "protocol": "saml",
+ "attributes": {
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "e0685803-e563-427e-aada-52c9d0706a67",
+ "name": "organization",
+ "protocol": "saml",
+ "protocolMapper": "saml-organization-membership-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ]
+ },
+ {
+ "id": "4f666705-023a-4ae7-8548-9b39b4968031",
+ "name": "microprofile-jwt",
+ "description": "Microprofile - JWT built-in scope",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "1a31d387-67eb-4322-aa52-e92c9c922166",
+ "name": "groups",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "multivalued": "true",
+ "user.attribute": "foo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "groups",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "e2184dc1-0f35-4946-a6fe-3de41a275b01",
+ "name": "upn",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "upn",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "46290aad-6ee0-4fb7-a2d1-a66ea984df7e",
+ "name": "email",
+ "description": "OpenID Connect built-in scope: email",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "consent.screen.text": "${emailScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "0aadb12d-d57f-4de8-abfa-dd25cedceed7",
+ "name": "email",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "fb5afb47-7f72-4ce4-a95c-e8ded209c79a",
+ "name": "email verified",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "emailVerified",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email_verified",
+ "jsonType.label": "boolean"
+ }
+ }
+ ]
+ },
+ {
+ "id": "411dc1bb-cc6c-489d-bbf9-ef0a2a671454",
+ "name": "role_list",
+ "description": "SAML role list",
+ "protocol": "saml",
+ "attributes": {
+ "consent.screen.text": "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "25701c17-a19e-4987-92f7-cc3ed26206da",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ }
+ ]
+ },
+ {
+ "id": "12cebf93-719e-411d-81bd-b0f47ac0b740",
+ "name": "web-origins",
+ "description": "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "consent.screen.text": "",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "296537ae-a112-46fc-a57e-d03412a0627e",
+ "name": "allowed web origins",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-allowed-origins-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "264747a5-d98b-4d35-aff0-896dfa77a44b",
+ "name": "acr",
+ "description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
+ {
+ "id": "c309c4e6-5f3b-4b27-942f-9d14be006efb",
+ "name": "acr loa level",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-acr-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true"
+ }
+ }
+ ]
+ },
+ {
+ "id": "72746062-a338-4baf-ae55-2e1d33f303f0",
+ "name": "profile",
+ "description": "OpenID Connect built-in scope: profile",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "consent.screen.text": "${profileScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "ce8a71f9-8def-4880-89e6-91c3a13126d7",
+ "name": "full name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-full-name-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "userinfo.token.claim": "true"
+ }
+ },
+ {
+ "id": "dac1b7ff-84f1-40eb-841b-349e4a3a7908",
+ "name": "middle name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "middleName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "middle_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "79dca083-6504-4747-8e04-bbb56b932268",
+ "name": "family name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "lastName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "family_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "9054750a-5c71-45b6-94f8-b33fac6179c9",
+ "name": "given name",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "firstName",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "given_name",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "8c9c1b96-20b5-4937-9c76-acc9b75233a2",
+ "name": "gender",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "gender",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "gender",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "2f65c74b-3763-441d-aa34-d5499a1acfef",
+ "name": "zoneinfo",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "zoneinfo",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "zoneinfo",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "09189a92-9a8b-4282-b481-fd9e0df72341",
+ "name": "profile",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "profile",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "profile",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "4d0d59a1-058f-4a97-bb4c-f819433b567d",
+ "name": "website",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "website",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "website",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "2147cf47-f89c-41c6-9a57-5f62bda47ea2",
+ "name": "picture",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "picture",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "picture",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "a6a7a6df-d422-44e6-9099-608696a0204a",
+ "name": "nickname",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "nickname",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "nickname",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "f6f56c29-7315-471f-8ade-8edc1da8dd4c",
+ "name": "birthdate",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "birthdate",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "birthdate",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "9ec3bac4-b247-4fd7-aa9c-86f5ca483626",
+ "name": "updated at",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "updatedAt",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "updated_at",
+ "jsonType.label": "long"
+ }
+ },
+ {
+ "id": "0a63c24b-a29b-4d67-9fbb-74720074aac1",
+ "name": "locale",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "locale",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "id": "28462b1d-4c41-4dd1-8e66-452b1dd03d34",
+ "name": "username",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ },
+ {
+ "id": "e3ac3f2f-b148-48de-9ce3-f52a2128f693",
+ "name": "MyINPulse-client-scope",
+ "description": "client scope required for MyInpulse",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "gui.order": "",
+ "consent.screen.text": ""
+ },
+ "protocolMappers": [
+ {
+ "id": "51cf5da6-e24c-449c-8ad6-a1fd3dc2cb12",
+ "name": "realm roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "id": "967097c4-ef5e-41e9-bc3a-7b0f610b8931",
+ "name": "PrimaryMail",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-property-mapper",
+ "consentRequired": false,
+ "config": {
+ "introspection.token.claim": "true",
+ "userinfo.token.claim": "true",
+ "user.attribute": "PrimaryMail",
+ "id.token.claim": "true",
+ "lightweight.claim": "false",
+ "access.token.claim": "true",
+ "claim.name": "PrimaryMail",
+ "jsonType.label": "String"
+ }
+ }
+ ]
+ }
+ ],
+ "defaultDefaultClientScopes": [
+ "role_list",
+ "saml_organization",
+ "profile",
+ "email",
+ "roles",
+ "web-origins",
+ "acr",
+ "basic",
+ "MyINPulse-client-scope"
+ ],
+ "defaultOptionalClientScopes": [
+ "offline_access",
+ "address",
+ "phone",
+ "microprofile-jwt",
+ "organization"
+ ],
+ "browserSecurityHeaders": {
+ "contentSecurityPolicyReportOnly": "",
+ "xContentTypeOptions": "nosniff",
+ "referrerPolicy": "no-referrer",
+ "xRobotsTag": "none",
+ "xFrameOptions": "SAMEORIGIN",
+ "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection": "1; mode=block",
+ "strictTransportSecurity": "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer": {},
+ "eventsEnabled": false,
+ "eventsListeners": [
+ "jboss-logging"
+ ],
+ "enabledEventTypes": [],
+ "adminEventsEnabled": false,
+ "adminEventsDetailsEnabled": false,
+ "identityProviders": [
+ {
+ "alias": "Mocksaml",
+ "displayName": "",
+ "internalId": "63621154-e864-42dd-899e-ecf1e8523522",
+ "providerId": "saml",
+ "enabled": true,
+ "updateProfileFirstLoginMode": "on",
+ "trustEmail": false,
+ "storeToken": false,
+ "addReadTokenRoleOnCreate": false,
+ "authenticateByDefault": false,
+ "linkOnly": false,
+ "hideOnLogin": false,
+ "config": {
+ "postBindingLogout": "false",
+ "postBindingResponse": "true",
+ "backchannelSupported": "false",
+ "xmlSigKeyInfoKeyNameTransformer": "KEY_ID",
+ "idpEntityId": "https://saml.example.com/entityid",
+ "useMetadataDescriptorUrl": "false",
+ "loginHint": "false",
+ "allowCreate": "true",
+ "enabledFromMetadata": "true",
+ "syncMode": "LEGACY",
+ "singleSignOnServiceUrl": "https://mocksaml.com/api/saml/sso",
+ "wantAuthnRequestsSigned": "true",
+ "allowedClockSkew": "0",
+ "artifactBindingResponse": "false",
+ "validateSignature": "true",
+ "signingCertificate": "MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV\nSzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4\nMjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK\nDAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0\nRuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd\n4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V\npwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b\n2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ\nNfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF\nAAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW\n5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4\nkhuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX\nUjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L\nr/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M\nm0eo2USlSRTVl7QHRTuiuSThHpLKQQ==",
+ "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
+ "entityId": "ID",
+ "signSpMetadata": "false",
+ "wantAssertionsEncrypted": "false",
+ "signatureAlgorithm": "RSA_SHA256",
+ "sendClientIdOnLogout": "false",
+ "wantAssertionsSigned": "false",
+ "metadataDescriptorUrl": "https://mocksaml.com/api/saml/metadata",
+ "sendIdTokenOnLogout": "true",
+ "postBindingAuthnRequest": "true",
+ "forceAuthn": "false",
+ "attributeConsumingServiceIndex": "0",
+ "addExtensionsElementWithKeyInfo": "false",
+ "principalType": "SUBJECT"
+ }
+ }
+ ],
+ "identityProviderMappers": [],
+ "components": {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
+ {
+ "id": "ee761b58-01e2-450c-9aef-f630f1a55e76",
+ "name": "Full Scope Disabled",
+ "providerId": "scope",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "fabeba3b-31b2-4732-ba78-17e9bb6c2731",
+ "name": "Consent Required",
+ "providerId": "consent-required",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "ce7c973d-e64d-43ce-a181-343a40568ed4",
+ "name": "Trusted Hosts",
+ "providerId": "trusted-hosts",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "host-sending-registration-request-must-match": [
+ "true"
+ ],
+ "client-uris-must-match": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "0f27b23c-a67e-4c44-ae9e-78051c50853e",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "b26bd127-5cc0-4d4d-9a87-c02708f08fd0",
+ "name": "Max Clients Limit",
+ "providerId": "max-clients",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "max-clients": [
+ "200"
+ ]
+ }
+ },
+ {
+ "id": "1cb65b84-c03f-4228-bbec-e3e0cc74d21f",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "saml-user-attribute-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "oidc-usermodel-property-mapper",
+ "saml-user-property-mapper",
+ "saml-role-list-mapper",
+ "oidc-address-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "oidc-full-name-mapper"
+ ]
+ }
+ },
+ {
+ "id": "26612577-a31f-4b11-b0b9-16c70a170627",
+ "name": "Allowed Client Scopes",
+ "providerId": "allowed-client-templates",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {
+ "allow-default-scopes": [
+ "true"
+ ]
+ }
+ },
+ {
+ "id": "1e98f46d-1dc3-4f71-9b72-41f147ce21c9",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
+ "subType": "authenticated",
+ "subComponents": {},
+ "config": {
+ "allowed-protocol-mapper-types": [
+ "oidc-address-mapper",
+ "saml-user-attribute-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "oidc-usermodel-property-mapper",
+ "saml-user-property-mapper",
+ "oidc-full-name-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "saml-role-list-mapper"
+ ]
+ }
+ }
+ ],
+ "org.keycloak.keys.KeyProvider": [
+ {
+ "id": "122948f1-2b1b-4254-80d0-039a2ab9d307",
+ "name": "rsa-enc-generated",
+ "providerId": "rsa-enc-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ],
+ "algorithm": [
+ "RSA-OAEP"
+ ]
+ }
+ },
+ {
+ "id": "2ff74625-d87e-4ae0-8a97-84af55a8d866",
+ "name": "hmac-generated-hs512",
+ "providerId": "hmac-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ],
+ "algorithm": [
+ "HS512"
+ ]
+ }
+ },
+ {
+ "id": "3f1efcc8-7490-473f-aef4-df04ed1c9538",
+ "name": "aes-generated",
+ "providerId": "aes-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ]
+ }
+ },
+ {
+ "id": "b5d0ccc2-67a0-471d-a63b-a76b2d2350f3",
+ "name": "rsa-generated",
+ "providerId": "rsa-generated",
+ "subComponents": {},
+ "config": {
+ "priority": [
+ "100"
+ ]
+ }
+ }
+ ]
+ },
+ "internationalizationEnabled": false,
+ "supportedLocales": [],
+ "authenticationFlows": [
+ {
+ "id": "a886dd02-d43e-4286-b3d0-9c7913d9063e",
+ "alias": "Account verification options",
+ "description": "Method with which to verity the existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-email-verification",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Verify Existing Account by Re-authentication",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "dd5dcb22-ea68-4247-b67a-30eef5c3b0a3",
+ "alias": "Browser - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "ae23dc68-b134-47f7-a627-36b242255906",
+ "alias": "Browser - Conditional Organization",
+ "description": "Flow to determine if the organization identity-first login is to be used",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "organization",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "969eccc4-55da-42bb-a601-69b197421a7d",
+ "alias": "Direct Grant - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "direct-grant-validate-otp",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "8e62386a-e19a-47c3-8918-75223afb824e",
+ "alias": "First Broker Login - Conditional Organization",
+ "description": "Flow to determine if the authenticator that adds organization members is to be used",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "idp-add-organization-member",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "de176c7f-48b5-43e8-9a7c-dc023254d4b1",
+ "alias": "First broker login - Conditional OTP",
+ "description": "Flow to determine if the OTP is required for the authentication",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-otp-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "412f420f-e585-45e7-a726-2866263275a1",
+ "alias": "Handle Existing Account",
+ "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-confirm-link",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Account verification options",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "e21e3380-88de-44b3-ad8a-ee9eba5a90af",
+ "alias": "Organization",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 10,
+ "autheticatorFlow": true,
+ "flowAlias": "Browser - Conditional Organization",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "3d8b4a8b-7b25-46c6-97c4-75ca0bf7a7c1",
+ "alias": "Reset - Conditional OTP",
+ "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "conditional-user-configured",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-otp",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "7043514b-e394-4909-a3f4-9be8f8a6aba7",
+ "alias": "User creation or linking",
+ "description": "Flow for the existing/non-existing user alternatives",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "create unique user config",
+ "authenticator": "idp-create-user-if-unique",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Handle Existing Account",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "2bb4c227-f21a-4432-a77b-0bd0c06f7e02",
+ "alias": "Verify Existing Account by Re-authentication",
+ "description": "Reauthentication of existing account",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "idp-username-password-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "First broker login - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "15bcdcaf-0da3-4355-8aa2-955e0798d707",
+ "alias": "browser",
+ "description": "Browser based authentication",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-cookie",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "auth-spnego",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "identity-provider-redirector",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 25,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 26,
+ "autheticatorFlow": true,
+ "flowAlias": "Organization",
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "autheticatorFlow": true,
+ "flowAlias": "forms",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "644fca52-8bdf-4a3e-9b32-07f69915c062",
+ "alias": "clients",
+ "description": "Base authentication for clients",
+ "providerId": "client-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "client-secret",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-jwt",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-secret-jwt",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "client-x509",
+ "authenticatorFlow": false,
+ "requirement": "ALTERNATIVE",
+ "priority": 40,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "535a3bfa-71cf-4b62-81d1-72fe700921f0",
+ "alias": "direct grant",
+ "description": "OpenID Connect Resource Owner Grant",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "direct-grant-validate-username",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "direct-grant-validate-password",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 30,
+ "autheticatorFlow": true,
+ "flowAlias": "Direct Grant - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "dbe35063-63e5-40e8-9e61-586188c6f90e",
+ "alias": "docker auth",
+ "description": "Used by Docker clients to authenticate against the IDP",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "docker-http-basic-authenticator",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "b8640b3d-d6d8-47fc-8f0d-f547cf698265",
+ "alias": "first broker login",
+ "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticatorConfig": "review profile config",
+ "authenticator": "idp-review-profile",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "User creation or linking",
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 50,
+ "autheticatorFlow": true,
+ "flowAlias": "First Broker Login - Conditional Organization",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "ccfaba20-4672-4736-baaa-674bacad6135",
+ "alias": "forms",
+ "description": "Username, password, otp and other auth forms.",
+ "providerId": "basic-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "auth-username-password-form",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 20,
+ "autheticatorFlow": true,
+ "flowAlias": "Browser - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "2d270b74-8c37-4324-978a-58024eb726d0",
+ "alias": "registration",
+ "description": "Registration flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-page-form",
+ "authenticatorFlow": true,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": true,
+ "flowAlias": "registration form",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "89437d5e-0bab-41df-b356-c69a0a73ca56",
+ "alias": "registration form",
+ "description": "Registration form",
+ "providerId": "form-flow",
+ "topLevel": false,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "registration-user-creation",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-password-action",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 50,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-recaptcha-action",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 60,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "registration-terms-and-conditions",
+ "authenticatorFlow": false,
+ "requirement": "DISABLED",
+ "priority": 70,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "c37419f5-37d1-4c7f-9b3a-466c0933ecff",
+ "alias": "reset credentials",
+ "description": "Reset credentials for a user if they forgot their password or something",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "reset-credentials-choose-user",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-credential-email",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 20,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticator": "reset-password",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 30,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ },
+ {
+ "authenticatorFlow": true,
+ "requirement": "CONDITIONAL",
+ "priority": 40,
+ "autheticatorFlow": true,
+ "flowAlias": "Reset - Conditional OTP",
+ "userSetupAllowed": false
+ }
+ ]
+ },
+ {
+ "id": "4fb29e9f-660d-4388-bef9-b14fc2e9175b",
+ "alias": "saml ecp",
+ "description": "SAML ECP Profile Authentication Flow",
+ "providerId": "basic-flow",
+ "topLevel": true,
+ "builtIn": true,
+ "authenticationExecutions": [
+ {
+ "authenticator": "http-basic-authenticator",
+ "authenticatorFlow": false,
+ "requirement": "REQUIRED",
+ "priority": 10,
+ "autheticatorFlow": false,
+ "userSetupAllowed": false
+ }
+ ]
+ }
+ ],
+ "authenticatorConfig": [
+ {
+ "id": "83703e72-2f74-41cb-956b-8824b4607d83",
+ "alias": "create unique user config",
+ "config": {
+ "require.password.update.after.registration": "false"
+ }
+ },
+ {
+ "id": "8022fe77-88ec-4026-a4d7-6df976354735",
+ "alias": "review profile config",
+ "config": {
+ "update.profile.on.first.login": "missing"
+ }
+ }
+ ],
+ "requiredActions": [
+ {
+ "alias": "CONFIGURE_TOTP",
+ "name": "Configure OTP",
+ "providerId": "CONFIGURE_TOTP",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 10,
+ "config": {}
+ },
+ {
+ "alias": "TERMS_AND_CONDITIONS",
+ "name": "Terms and Conditions",
+ "providerId": "TERMS_AND_CONDITIONS",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 20,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PASSWORD",
+ "name": "Update Password",
+ "providerId": "UPDATE_PASSWORD",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 30,
+ "config": {}
+ },
+ {
+ "alias": "UPDATE_PROFILE",
+ "name": "Update Profile",
+ "providerId": "UPDATE_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 40,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_EMAIL",
+ "name": "Verify Email",
+ "providerId": "VERIFY_EMAIL",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 50,
+ "config": {}
+ },
+ {
+ "alias": "delete_account",
+ "name": "Delete Account",
+ "providerId": "delete_account",
+ "enabled": false,
+ "defaultAction": false,
+ "priority": 60,
+ "config": {}
+ },
+ {
+ "alias": "webauthn-register",
+ "name": "Webauthn Register",
+ "providerId": "webauthn-register",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 70,
+ "config": {}
+ },
+ {
+ "alias": "webauthn-register-passwordless",
+ "name": "Webauthn Register Passwordless",
+ "providerId": "webauthn-register-passwordless",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 80,
+ "config": {}
+ },
+ {
+ "alias": "VERIFY_PROFILE",
+ "name": "Verify Profile",
+ "providerId": "VERIFY_PROFILE",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 90,
+ "config": {}
+ },
+ {
+ "alias": "delete_credential",
+ "name": "Delete Credential",
+ "providerId": "delete_credential",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 100,
+ "config": {}
+ },
+ {
+ "alias": "update_user_locale",
+ "name": "Update User Locale",
+ "providerId": "update_user_locale",
+ "enabled": true,
+ "defaultAction": false,
+ "priority": 1000,
+ "config": {}
+ }
+ ],
+ "browserFlow": "browser",
+ "registrationFlow": "registration",
+ "directGrantFlow": "direct grant",
+ "resetCredentialsFlow": "reset credentials",
+ "clientAuthenticationFlow": "clients",
+ "dockerAuthenticationFlow": "docker auth",
+ "firstBrokerLoginFlow": "first broker login",
+ "attributes": {
+ "cibaBackchannelTokenDeliveryMode": "poll",
+ "cibaExpiresIn": "120",
+ "cibaAuthRequestedUserHint": "login_hint",
+ "oauth2DeviceCodeLifespan": "600",
+ "oauth2DevicePollingInterval": "5",
+ "clientOfflineSessionMaxLifespan": "0",
+ "clientSessionIdleTimeout": "0",
+ "parRequestUriLifespan": "60",
+ "clientSessionMaxLifespan": "0",
+ "clientOfflineSessionIdleTimeout": "0",
+ "cibaInterval": "5",
+ "realmReusableOtpCode": "false"
+ },
+ "keycloakVersion": "26.2.3",
+ "userManagedAccessAllowed": false,
+ "organizationsEnabled": false,
+ "verifiableCredentialsEnabled": false,
+ "adminPermissionsEnabled": false,
+ "clientProfiles": {
+ "profiles": []
+ },
+ "clientPolicies": {
+ "policies": []
+ }
+}
\ No newline at end of file
--
2.47.2
From c76e83f2bfe966131b44f909d72a032428ec4536 Mon Sep 17 00:00:00 2001
From: Pierre Tellier <piair338@gmail.com>
Date: Wed, 7 May 2025 11:00:15 +0200
Subject: [PATCH 2/4] feat: changed endpoints
---
front/MyINPulse-front/src/views/testComponent.vue | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/front/MyINPulse-front/src/views/testComponent.vue b/front/MyINPulse-front/src/views/testComponent.vue
index ec3039a..716c00d 100644
--- a/front/MyINPulse-front/src/views/testComponent.vue
+++ b/front/MyINPulse-front/src/views/testComponent.vue
@@ -1,6 +1,6 @@
<script lang="ts" setup>
import { store } from "../main.ts";
-import { callApi } from "@/services/api.ts";
+import { callApi, postApi } from "@/services/api.ts";
import { ref } from "vue";
const CustomRequest = ref("");
@@ -58,7 +58,7 @@ const USERID = ref("");
<tr>
<td>Get Pending Accounts</td>
<td>
- <button @click="callApi('admin/get_pending_accounts')">
+ <button @click="callApi('/admin/pending-accounts')">
call
</button>
</td>
--
2.47.2
From e84f69c21a462b46a0716ac49ef418c043690d33 Mon Sep 17 00:00:00 2001
From: Pierre Tellier <piair338@gmail.com>
Date: Wed, 7 May 2025 11:02:08 +0200
Subject: [PATCH 3/4] fix: unused imports
---
front/MyINPulse-front/src/views/testComponent.vue | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/front/MyINPulse-front/src/views/testComponent.vue b/front/MyINPulse-front/src/views/testComponent.vue
index 716c00d..0b6f20a 100644
--- a/front/MyINPulse-front/src/views/testComponent.vue
+++ b/front/MyINPulse-front/src/views/testComponent.vue
@@ -1,6 +1,6 @@
<script lang="ts" setup>
import { store } from "../main.ts";
-import { callApi, postApi } from "@/services/api.ts";
+import { callApi } from "@/services/api.ts";
import { ref } from "vue";
const CustomRequest = ref("");
--
2.47.2
From 43b40c94321ee75fe353999b5981297ff55a036b Mon Sep 17 00:00:00 2001
From: MAILLAL Anas <Anas.Maillal@bordeaux-inp.fr>
Date: Wed, 7 May 2025 11:04:16 +0200
Subject: [PATCH 4/4] feat: just added 403 response
---
documentation/openapi/src/adminApi.yaml | 37 +++++++++++--
documentation/openapi/src/bundled.yaml | 54 ++++++++++++++++++-
.../openapi/src/entrepreneurApi.yaml | 12 ++++-
documentation/openapi/src/sharedApi.yaml | 15 ++++--
documentation/openapi/src/unauthApi.yaml | 8 ++-
5 files changed, 113 insertions(+), 13 deletions(-)
diff --git a/documentation/openapi/src/adminApi.yaml b/documentation/openapi/src/adminApi.yaml
index 3b66cd1..cd3ca12 100644
--- a/documentation/openapi/src/adminApi.yaml
+++ b/documentation/openapi/src/adminApi.yaml
@@ -22,6 +22,8 @@ paths:
description: Bad Request - Invalid project data provided (e.g., missing required fields).
"401":
description: Unauthorized - Authentication required or invalid token.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
post:
operationId: addProjectManually
@@ -49,6 +51,8 @@ paths:
description: Bad Request - Project already exists.
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/admin/projects/pending:
@@ -70,7 +74,9 @@ paths:
items:
$ref: "./main.yaml#/components/schemas/project" # Assuming pending projects use the same schema
"401":
- description: Unauthorized.
+ description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/admin/request-join:
get:
@@ -92,6 +98,8 @@ paths:
$ref: "./main.yaml#/components/schemas/joinRequest"
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/admin/request-join/decision/{joinRequestId}:
post:
@@ -121,7 +129,9 @@ paths:
"400":
description: Bad Request - Invalid input (e.g., missing decision).
"401":
- description: Unauthorized.
+ description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/admin/projects/pending/decision:
@@ -150,6 +160,8 @@ paths:
description: Bad Request - Invalid input (e.g., missing decision).
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/admin/pending-accounts: # Path updated
@@ -172,6 +184,8 @@ paths:
$ref: "./main.yaml#/components/schemas/user-entrepreneur"
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/admin/accounts/validate/{userId}:
post: # Changed to POST as it changes state
@@ -195,7 +209,8 @@ paths:
description: No Content - Account validated successfully.
"400":
description: Bad Request - Invalid user ID format.
-
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@@ -217,6 +232,8 @@ paths:
type: array
items:
$ref: "./main.yaml#/components/schemas/appointment"
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
"404":
description: no appointments found.
"401":
@@ -254,6 +271,8 @@ paths:
schema: { $ref: "./main.yaml#/components/schemas/report" }
"400":
description: Bad Request - Invalid input (e.g., missing content, invalid appointment ID format).
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@@ -288,6 +307,8 @@ paths:
schema: { $ref: "./main.yaml#/components/schemas/report" }
"400":
description: Bad Request - Invalid input (e.g., missing content).
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@@ -314,6 +335,8 @@ paths:
description: No Content - Project removed successfully.
"400":
description: Bad Request - Invalid project ID format.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@@ -340,7 +363,9 @@ paths:
"200": # Use 200 No Content
description: No Content - Admin rights granted successfully.
"400":
- description: Bad Request - Invalid user ID format or user is already an admin.
+ description: Bad Request - Invalid user ID format or user is already an admin.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@@ -357,4 +382,6 @@ paths:
"200":
description: No Content - Admin user created successfully.
"401":
- description: Unauthorized.
\ No newline at end of file
+ description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
\ No newline at end of file
diff --git a/documentation/openapi/src/bundled.yaml b/documentation/openapi/src/bundled.yaml
index d663aac..3d4db60 100644
--- a/documentation/openapi/src/bundled.yaml
+++ b/documentation/openapi/src/bundled.yaml
@@ -257,6 +257,8 @@ paths:
description: Bad Request - Problem processing the token or user data derived from it.
'401':
description: Unauthorized - Valid authentication token required.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'/unauth/request-join/{projectId}':
post:
summary: Request to join an existing project
@@ -278,6 +280,8 @@ paths:
description: Bad Request - Invalid project ID format
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'409':
description: Already member/request pending.
/admin/pending-accounts:
@@ -301,6 +305,8 @@ paths:
$ref: '#/components/schemas/user-entrepreneur'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'/admin/accounts/validate/{userId}':
post:
operationId: validateUserAccount
@@ -326,6 +332,8 @@ paths:
description: Bad Request - Invalid user ID format.
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
/admin/request-join:
get:
operationId: getPendingProjects
@@ -347,6 +355,8 @@ paths:
$ref: '#/components/schemas/joinRequest'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'/admin/request-join/decision/{joinRequestId}':
post:
summary: Approve or reject a pending project join request
@@ -376,6 +386,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing decision).'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
/admin/projects:
get:
operationId: getAdminProjects
@@ -399,6 +411,8 @@ paths:
description: 'Bad Request - Invalid project data provided (e.g., missing required fields).'
'401':
description: Unauthorized - Authentication required or invalid token.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
post:
operationId: addProjectManually
summary: Manually add a new project
@@ -424,6 +438,8 @@ paths:
$ref: '#/components/schemas/project'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'409':
description: Bad Request - Project already exists.
/admin/projects/pending:
@@ -447,6 +463,8 @@ paths:
$ref: '#/components/schemas/project'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
/admin/projects/pending/decision:
post:
operationId: decidePendingProject
@@ -474,6 +492,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing decision).'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'/admin/appointments/report/{appointmentId}':
post:
operationId: createAppointmentReport
@@ -510,6 +530,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing content, invalid appointment ID format).'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
put:
operationId: updateAppointmentReport
summary: Update an existing appointment report
@@ -545,6 +567,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing content).'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
/admin/appointments/upcoming:
get:
operationId: getUpcomingAppointments
@@ -566,6 +590,8 @@ paths:
$ref: '#/components/schemas/appointment'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'404':
description: no appointments found.
'/admin/projects/{projectId}':
@@ -593,6 +619,8 @@ paths:
description: Bad Request - Invalid project ID format.
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'/admin/make-admin/{userId}':
post:
operationId: grantAdminRights
@@ -618,6 +646,8 @@ paths:
description: Bad Request - Invalid user ID format or user is already an admin.
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
/admin/create-account:
post:
summary: Creates Admin out Jwt Token
@@ -632,6 +662,8 @@ paths:
description: No Content - Admin user created successfully.
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'/shared/projects/sectionCells/{projectId}/{sectionId}/{date}':
get:
operationId: getSectionCellsByDate
@@ -676,6 +708,8 @@ paths:
description: Bad Request - Invalid parameter format.
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'/shared/projects/entrepreneurs/{projectId}':
get:
operationId: getProjectEntrepreneurs
@@ -706,7 +740,7 @@ paths:
'401':
description: Unauthorized.
'403':
- description: Forbidden - User does not have access to this project.
+ description: Forbidden - User does not have access to this project or invalid Keycloack configuration.
'404':
description: Not Found - Project not found.
'/shared/projects/admin/{projectId}':
@@ -737,7 +771,7 @@ paths:
'401':
description: Unauthorized.
'403':
- description: Forbidden - User does not have access to this project.
+ description: Forbidden - User does not have access to this project or invalid Keycloack configuration.
'404':
description: Not Found - Project not found.
'/shared/projects/appointments/{projectId}':
@@ -769,6 +803,8 @@ paths:
$ref: '#/components/schemas/appointment'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'/shared/appointments/report/{appointmentId}':
get:
operationId: getAppointmentReport
@@ -798,6 +834,8 @@ paths:
format: binary
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
/shared/appointments/request:
post:
operationId: requestAppointment
@@ -823,6 +861,8 @@ paths:
description: Bad Request - Invalid appointment details.
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
/entrepreneur/projects:
get:
summary: gets the projectId of the project associated with the entrepreneur
@@ -844,6 +884,8 @@ paths:
$ref: '#/components/schemas/project'
'401':
description: Unauthorized or identity not found
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'404':
description: Bad Request - Invalid input or ID mismatch.
/entrepreneur/projects/request:
@@ -873,6 +915,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing name).'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
/entrepreneur/sectionCells:
post:
operationId: addSectionCell
@@ -897,6 +941,8 @@ paths:
description: 'Bad Request - Invalid input (e.g., missing content or sectionId).'
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'/entrepreneur/sectionCells/{sectionCellId}':
put:
operationId: modifySectionCell
@@ -927,6 +973,8 @@ paths:
description: OK - Section cell updated successfully. Returns the updated cell.
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'404':
description: Bad Request - Invalid input or ID mismatch.
delete:
@@ -953,5 +1001,7 @@ paths:
description: Bad Request - Invalid ID format.
'401':
description: Unauthorized.
+ '403':
+ description: Bad Token - Invalid Keycloack configuration.
'404':
description: Bad Request - sectionCell not found.
diff --git a/documentation/openapi/src/entrepreneurApi.yaml b/documentation/openapi/src/entrepreneurApi.yaml
index 15ddc1f..4857132 100644
--- a/documentation/openapi/src/entrepreneurApi.yaml
+++ b/documentation/openapi/src/entrepreneurApi.yaml
@@ -27,6 +27,8 @@ paths:
description: Bad Request - Invalid input (e.g., missing name).
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/entrepreneur/sectionCells: # Base path
post:
@@ -52,6 +54,8 @@ paths:
description: Bad Request - Invalid input (e.g., missing content or sectionId).
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/entrepreneur/sectionCells/{sectionCellId}:
put:
@@ -84,6 +88,8 @@ paths:
description: Bad Request - Invalid input or ID mismatch.
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
delete:
operationId: removeSectionCell
@@ -110,6 +116,8 @@ paths:
description: Bad Request - sectionCell not found.
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/entrepreneur/projects:
@@ -133,4 +141,6 @@ paths:
"404":
description: Bad Request - Invalid input or ID mismatch.
"401":
- description: Unauthorized or identity not found
\ No newline at end of file
+ description: Unauthorized or identity not found
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
\ No newline at end of file
diff --git a/documentation/openapi/src/sharedApi.yaml b/documentation/openapi/src/sharedApi.yaml
index 15fa7bc..5a21aaa 100644
--- a/documentation/openapi/src/sharedApi.yaml
+++ b/documentation/openapi/src/sharedApi.yaml
@@ -36,7 +36,9 @@ paths:
items:
$ref: "./main.yaml#/components/schemas/sectionCell"
"400":
- description: Bad Request - Invalid parameter format.
+ description: Bad Request - Invalid parameter format.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@@ -68,7 +70,7 @@ paths:
"401":
description: Unauthorized.
"403":
- description: Forbidden - User does not have access to this project.
+ description: Forbidden - User does not have access to this project or invalid Keycloack configuration.
"404":
description: Not Found - Project not found.
@@ -97,7 +99,7 @@ paths:
"401":
description: Unauthorized.
"403":
- description: Forbidden - User does not have access to this project.
+ description: Forbidden - User does not have access to this project or invalid Keycloack configuration.
"404":
description: Not Found - Project not found.
@@ -126,6 +128,8 @@ paths:
type: array
items:
$ref: "./main.yaml#/components/schemas/appointment"
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
"401":
description: Unauthorized.
@@ -156,6 +160,8 @@ paths:
format: binary
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/shared/appointments/request:
@@ -180,7 +186,8 @@ paths:
description: Accepted - Appointment request submitted.
"400":
description: Bad Request - Invalid appointment details.
-
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
\ No newline at end of file
diff --git a/documentation/openapi/src/unauthApi.yaml b/documentation/openapi/src/unauthApi.yaml
index 7c5545b..5150d99 100644
--- a/documentation/openapi/src/unauthApi.yaml
+++ b/documentation/openapi/src/unauthApi.yaml
@@ -24,6 +24,8 @@ paths:
description: Bad Request - Problem processing the token or user data derived from it.
"401":
description: Unauthorized - Valid authentication token required.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/unauth/request-join/{projectId}:
post:
summary: Request to join an existing project
@@ -47,6 +49,8 @@ paths:
description: Already member/request pending.
"401":
description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
/unauth/request-admin-role:
post:
summary: Request to join an existing project
@@ -59,4 +63,6 @@ paths:
"400":
description: Bad Request - Invalid project ID format or already member/request pending.
"401":
- description: Unauthorized.
\ No newline at end of file
+ description: Unauthorized.
+ "403":
+ description: Bad Token - Invalid Keycloack configuration.
\ No newline at end of file
--
2.47.2