feat(keycloak): set PKCE method and fix creating audience mapper

2025-09-19 03:10:59 +09:00
parent 7d75838b52
commit 79278ef5b2
4 changed files with 91 additions and 8 deletions
--- a/keycloak/scripts/get-client-details.ts
+++ b/keycloak/scripts/get-client-details.ts
@@ -0,0 +1,71 @@
+#!/usr/bin/env tsx
+
+import KcAdminClient from "@keycloak/keycloak-admin-client";
+import invariant from "tiny-invariant";
+
+async function main() {
+  const kcAdminClient = new KcAdminClient({
+    baseUrl: `https://${process.env.KEYCLOAK_HOST}`,
+    realmName: "master",
+  });
+
+  await kcAdminClient.auth({
+    username: process.env.KEYCLOAK_ADMIN_USER!,
+    password: process.env.KEYCLOAK_ADMIN_PASSWORD!,
+    grantType: "password",
+    clientId: "admin-cli",
+  });
+
+  const realm = process.env.KEYCLOAK_REALM!;
+  const clientId = process.env.KEYCLOAK_CLIENT_ID!;
+
+  invariant(realm, "KEYCLOAK_REALM is required");
+  invariant(clientId, "KEYCLOAK_CLIENT_ID is required");
+
+  try {
+    // Find the client
+    const clients = await kcAdminClient.clients.find({ realm, clientId });
+    if (clients.length === 0) {
+      throw new Error(`Client '${clientId}' not found in realm '${realm}'`);
+    }
+
+    const client = clients[0];
+
+    // Get full client details
+    const clientDetails = await kcAdminClient.clients.findOne({
+      realm,
+      id: client.id!,
+    });
+
+    console.log("=== Client Configuration ===");
+    console.log(`Client ID: ${clientDetails?.clientId}`);
+    console.log(`Access Type: ${clientDetails?.publicClient ? 'public' : 'confidential'}`);
+    console.log(`Client Authenticator: ${clientDetails?.clientAuthenticatorType}`);
+    console.log(`Standard Flow Enabled: ${clientDetails?.standardFlowEnabled}`);
+    console.log(`Direct Access Grants: ${clientDetails?.directAccessGrantsEnabled}`);
+    console.log(`Service Accounts Enabled: ${clientDetails?.serviceAccountsEnabled}`);
+    console.log(`Valid Redirect URIs: ${JSON.stringify(clientDetails?.redirectUris, null, 2)}`);
+    console.log(`Base URL: ${clientDetails?.baseUrl || 'Not set'}`);
+    console.log(`Root URL: ${clientDetails?.rootUrl || 'Not set'}`);
+    console.log(`Web Origins: ${JSON.stringify(clientDetails?.webOrigins, null, 2)}`);
+
+    // Get client secret if confidential
+    if (!clientDetails?.publicClient) {
+      try {
+        const clientSecret = await kcAdminClient.clients.getClientSecret({
+          realm,
+          id: client.id!,
+        });
+        console.log(`Client Secret: ${clientSecret.value}`);
+      } catch (error) {
+        console.log(`Client Secret: Error retrieving - ${error}`);
+      }
+    }
+
+  } catch (error) {
+    console.error(`Error retrieving client details: ${error}`);
+    process.exit(1);
+  }
+}
+
+main().catch(console.error);