baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(keycloak): creating scope, setting realm token lifespan

Browse Source
This commit is contained in:
Masaki Yatsu
2025-09-19 18:12:06 +09:00
parent 34ecf7fd28
commit 1860b0864b
3 changed files with 175 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
keycloak/justfile
View File

@@ -149,7 +149,7 @@ uninstall-operator:
kubectl delete -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/${KEYCLOAK_OPERATOR_VERSION}/kubernetes/keycloaks.k8s.keycloak.org-v1.yml --ignore-not-found
# Create Keycloak realm
create-realm create-client-for-k8s='true' access_token_lifespan='3600' refresh_token_lifespan='14400' sso_session_idle_timeout='7200':
create-realm create-client-for-k8s='true' access_token_lifespan='43200' refresh_token_lifespan='86400' sso_session_idle_timeout='7200':
#!/bin/bash
set -euo pipefail
export KEYCLOAK_ADMIN_USER=$(just admin-username)
@@ -268,7 +268,6 @@ delete-client realm client_id:
export KEYCLOAK_CLIENT_ID={{ client_id }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/delete-client.ts
# Add attribute mapper for Keycloak client
add-attribute-mapper client_id attribute_name display_name='' claim_name='' options='' default_value='' mapper_name='' view_perms='admin,user' edit_perms='admin':
#!/bin/bash
@@ -528,16 +527,32 @@ default-admin-password:
show-realm-token-settings realm:
#!/bin/bash
set -euo pipefail
export KEYCLOAK_ADMIN_USER=$(just admin-username)
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
export KEYCLOAK_REALM={{ realm }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/show-realm-token-settings.ts
# Update realm token settings (access token lifespan, refresh token lifespan, etc.)
update-realm-token-settings realm access_token_lifespan='3600' refresh_token_lifespan='1800':
update-realm-token-settings realm access_token_lifespan='' refresh_token_lifespan='':
#!/bin/bash
set -euo pipefail
export KEYCLOAK_REALM={{ realm }}
export ACCESS_TOKEN_LIFESPAN={{ access_token_lifespan }}
export REFRESH_TOKEN_LIFESPAN={{ refresh_token_lifespan }}
while [ -z "${ACCESS_TOKEN_LIFESPAN}" ]; do
ACCESS_TOKEN_LIFESPAN=$(
gum input --prompt="Access token lifespan (in seconds): " --width=100 \
--placeholder="e.g., 43200 for 12 hours" --value="43200"
)
done
while [ -z "${REFRESH_TOKEN_LIFESPAN}" ]; do
REFRESH_TOKEN_LIFESPAN=$(
gum input --prompt="Refresh token lifespan (in seconds): " --width=100 \
--placeholder="e.g., 86400 for 24 hours" --value="86400"
)
done
export KEYCLOAK_ADMIN_USER=$(just admin-username)
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
export KEYCLOAK_REALM={{ realm }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/update-realm-token-settings.ts
# Create Keycloak client role
@@ -627,3 +642,25 @@ remove-user-from-client-role realm username client_id role_name:
export KEYCLOAK_CLIENT_ID={{ client_id }}
export KEYCLOAK_ROLE_NAME={{ role_name }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/remove-user-from-client-role.ts
# Create client scope
create-client-scope realm scope_name description='':
#!/bin/bash
set -euo pipefail
export KEYCLOAK_ADMIN_USER=$(just admin-username)
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
export KEYCLOAK_REALM={{ realm }}
export SCOPE_NAME={{ scope_name }}
export DESCRIPTION="{{ description }}"
dotenvx run -q -f ../.env.local -- tsx ./scripts/create-client-scope.ts
# Add scope to client
add-scope-to-client realm client_id scope_name:
#!/bin/bash
set -euo pipefail
export KEYCLOAK_ADMIN_USER=$(just admin-username)
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
export KEYCLOAK_REALM={{ realm }}
export KEYCLOAK_CLIENT_ID={{ client_id }}
export SCOPE_NAME={{ scope_name }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/add-scope-to-client.ts