feat(keycloak): set PKCE method and fix creating audience mapper

2025-09-19 03:10:59 +09:00
parent 7d75838b52
commit 79278ef5b2
4 changed files with 91 additions and 8 deletions
--- a/keycloak/scripts/add-audience-mapper.ts
+++ b/keycloak/scripts/add-audience-mapper.ts
@@ -17,6 +17,9 @@ const main = async () => {
  const clientId = process.env.KEYCLOAK_CLIENT_ID;
  invariant(clientId, "KEYCLOAK_CLIENT_ID environment variable is required");

+  const audience = process.env.KEYCLOAK_AUDIENCE;
+  invariant(audience, "KEYCLOAK_AUDIENCE environment variable is required");
+
  const kcAdminClient = new KcAdminClient({
    baseUrl: `https://${keycloakHost}`,
    realmName: "master",
@@ -40,14 +43,14 @@ const main = async () => {
    const client = clients[0];
    invariant(client.id, "Client ID is not set");

-    const mapperName = `aud-mapper-${clientId}`;
+    const mapperName = `aud-mapper-${audience}`;
    const audienceMapper = {
      name: mapperName,
      protocol: "openid-connect",
      protocolMapper: "oidc-audience-mapper",
      config: {
-        "included.client.audience": clientId,
-        "id.token.claim": "true",
+        "included.client.audience": audience,
+        "id.token.claim": "false",
        "access.token.claim": "true",
      },
    };