Configure keycloak correctly in api

Add present-portal Keycloak client in realm import file
2025-08-03 19:45:34 +02:00 · 2025-08-03 19:45:21 +02:00
3 changed files with 77 additions and 8 deletions
--- a/PresentPortal.ApiService/Program.cs
+++ b/PresentPortal.ApiService/Program.cs
@@ -12,11 +12,15 @@ builder.Services.AddProblemDetails();
 builder.Services.AddOpenApi();

 builder.Services.AddAuthentication()
-    .AddKeycloakJwtBearer(ServiceNames.Keycloak, "TODO", options =>
+    .AddKeycloakJwtBearer(ServiceNames.Keycloak, KeycloakConstants.Realm, options =>
    {
-        options.Audience = "TODO";
-        options.Authority = "TODO";
-        // options.
+        var keycloakHost = builder.Configuration.GetValue<string>($"services:{ServiceNames.Keycloak}:http:0")
+            ?? throw new InvalidOperationException("Keycloak host is not configured.");
+        
+        options.MetadataAddress = $"{keycloakHost}/realms/{KeycloakConstants.Realm}/.well-known/openid-configuration";
+        options.RequireHttpsMetadata = !builder.Environment.IsDevelopment();
+        options.Audience = KeycloakConstants.ClientId;
+        options.Authority = keycloakHost;
    });
 builder.Services.AddAuthorization();

--- a/PresentPortal.AppHost/Resources/present-portal-realm.json
+++ b/PresentPortal.AppHost/Resources/present-portal-realm.json
@@ -247,6 +247,7 @@
        "attributes" : { }
      } ],
      "security-admin-console" : [ ],
+      "present-portal" : [ ],
      "admin-cli" : [ ],
      "account-console" : [ ],
      "api" : [ ],
@@ -380,6 +381,8 @@
  "users" : [ {
    "id" : "016cc1d8-09ab-4ad5-89d5-20e9914bc842",
    "username" : "test.user",
+    "firstName" : "Test",
+    "lastName" : "User",
    "email" : "test.user@example.com",
    "emailVerified" : true,
    "createdTimestamp" : 1754238635582,
@@ -389,8 +392,8 @@
      "id" : "493e771f-8532-42b8-92d3-01d33b93eb95",
      "type" : "password",
      "userLabel" : "Password",
-      "createdDate" : 1754238756842,
-      "secretData" : "{\"value\":\"eKhtoLFdov6FTYyJbNgijMwjDTeRUIOgSAlqn1G1yhc=\",\"salt\":\"7EGEeMKMSeQAioeai2PkhQ==\",\"additionalParameters\":{}}",
+      "createdDate" : 1754242795823,
+      "secretData" : "{\"value\":\"/WcflTziw6svOyCBrhwANxyIciTotcR77SJi8sP1qNA=\",\"salt\":\"cIO+sgep76ozrA6AP1O/Xw==\",\"additionalParameters\":{}}",
      "credentialData" : "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}"
    } ],
    "disableableCredentialTypes" : [ ],
@@ -579,6 +582,60 @@
    "nodeReRegistrationTimeout" : 0,
    "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ],
    "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ]
+  }, {
+    "id" : "24189629-9558-4179-9e60-f8c9cf304222",
+    "clientId" : "present-portal",
+    "name" : "",
+    "description" : "",
+    "rootUrl" : "http://localhost:5102",
+    "adminUrl" : "",
+    "baseUrl" : "http://localhost:5102",
+    "surrogateAuthRequired" : false,
+    "enabled" : true,
+    "alwaysDisplayInConsole" : false,
+    "clientAuthenticatorType" : "client-secret",
+    "redirectUris" : [ "/*" ],
+    "webOrigins" : [ "/*" ],
+    "notBefore" : 0,
+    "bearerOnly" : false,
+    "consentRequired" : false,
+    "standardFlowEnabled" : true,
+    "implicitFlowEnabled" : false,
+    "directAccessGrantsEnabled" : false,
+    "serviceAccountsEnabled" : false,
+    "publicClient" : true,
+    "frontchannelLogout" : true,
+    "protocol" : "openid-connect",
+    "attributes" : {
+      "realm_client" : "false",
+      "oidc.ciba.grant.enabled" : "false",
+      "backchannel.logout.session.required" : "true",
+      "standard.token.exchange.enabled" : "false",
+      "frontchannel.logout.session.required" : "true",
+      "oauth2.device.authorization.grant.enabled" : "false",
+      "display.on.consent.screen" : "false",
+      "backchannel.logout.revoke.offline.tokens" : "false"
+    },
+    "authenticationFlowBindingOverrides" : { },
+    "fullScopeAllowed" : true,
+    "nodeReRegistrationTimeout" : -1,
+    "protocolMappers" : [ {
+      "id" : "e82a668b-2664-4eb6-9f53-36087cc51639",
+      "name" : "AudienceMapper",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-audience-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "included.client.audience" : "present-portal",
+        "id.token.claim" : "false",
+        "lightweight.claim" : "false",
+        "introspection.token.claim" : "true",
+        "access.token.claim" : "true",
+        "userinfo.token.claim" : "false"
+      }
+    } ],
+    "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "basic", "email" ],
+    "optionalClientScopes" : [ "address", "phone", "organization", "offline_access", "microprofile-jwt" ]
  }, {
    "id" : "a537806a-1e37-4e09-aceb-63439623b531",
    "clientId" : "realm-management",
@@ -1319,7 +1376,7 @@
      "subType" : "authenticated",
      "subComponents" : { },
      "config" : {
-        "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper" ]
+        "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper" ]
      }
    }, {
      "id" : "7c7a09a7-dd4b-4276-addb-e37cef12df36",
@@ -1337,7 +1394,7 @@
      "subType" : "anonymous",
      "subComponents" : { },
      "config" : {
-        "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper" ]
+        "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper" ]
      }
    }, {
      "id" : "14d408cd-b052-4089-bd01-19e36925cdf5",
--- a/PresentPortal.Shared/KeycloakConstants.cs
+++ b/PresentPortal.Shared/KeycloakConstants.cs
@@ -0,0 +1,8 @@
+namespace PresentPortal.Shared;
+
+public static class KeycloakConstants
+{
+    public const string Realm = "present-portal";
+    
+    public const string ClientId = "present-portal";
+}
Author	SHA1	Message	Date
ThompsonNye	865a21458d	Configure keycloak correctly in api	2025-08-03 19:45:34 +02:00
ThompsonNye	e28eb4bada	Add present-portal Keycloak client in realm import file	2025-08-03 19:45:21 +02:00