baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(keycloak): support direct access grant

Browse Source
This commit is contained in:
Masaki Yatsu
2025-09-18 23:21:31 +09:00
parent b5a73d5428
commit d1eef065a4
2 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
keycloak/justfile
View File

@@ -202,7 +202,7 @@ client-exists realm client_id:
dotenvx run -q -f ../.env.local -- tsx ./scripts/client-exists.ts dotenvx run -q -f ../.env.local -- tsx ./scripts/client-exists.ts
# Create Keycloak client # Create Keycloak client
create-client realm client_id redirect_url client_secret='' session_idle='' session_max='': create-client realm client_id redirect_url client_secret='' session_idle='' session_max='' direct_access_grants='false':
#!/bin/bash #!/bin/bash
set -euo pipefail set -euo pipefail
export KEYCLOAK_ADMIN_USER=$(just admin-username) export KEYCLOAK_ADMIN_USER=$(just admin-username)
@@ -213,8 +213,20 @@ create-client realm client_id redirect_url client_secret='' session_idle='' sess
export KEYCLOAK_REDIRECT_URL={{ redirect_url }} export KEYCLOAK_REDIRECT_URL={{ redirect_url }}
export KEYCLOAK_CLIENT_SESSION_IDLE={{ session_idle }} export KEYCLOAK_CLIENT_SESSION_IDLE={{ session_idle }}
export KEYCLOAK_CLIENT_SESSION_MAX={{ session_max }} export KEYCLOAK_CLIENT_SESSION_MAX={{ session_max }}
export KEYCLOAK_CLIENT_DIRECT_ACCESS_GRANTS={{ direct_access_grants }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/create-client.ts dotenvx run -q -f ../.env.local -- tsx ./scripts/create-client.ts
# Add audience mapper to existing client
add-audience-mapper realm client_id audience:
#!/bin/bash
set -euo pipefail
export KEYCLOAK_ADMIN_USER=$(just admin-username)
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
export KEYCLOAK_REALM={{ realm }}
export KEYCLOAK_CLIENT_ID={{ client_id }}
export KEYCLOAK_AUDIENCE={{ audience }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/add-audience-mapper.ts
# Delete Keycloak client # Delete Keycloak client
delete-client realm client_id: delete-client realm client_id:
#!/bin/bash #!/bin/bash
@@ -225,15 +237,6 @@ delete-client realm client_id:
export KEYCLOAK_CLIENT_ID={{ client_id }} export KEYCLOAK_CLIENT_ID={{ client_id }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/delete-client.ts dotenvx run -q -f ../.env.local -- tsx ./scripts/delete-client.ts
# Add Keycloak client audience mapper
add-audience-mapper client_id:
#!/bin/bash
set -euo pipefail
export KEYCLOAK_ADMIN_USER=$(just admin-username)
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
export KEYCLOAK_REALM=${KEYCLOAK_REALM}
export KEYCLOAK_CLIENT_ID={{ client_id }}
dotenvx run -q -f ../.env.local -- tsx ./scripts/add-audience-mapper.ts
# Add attribute mapper for Keycloak client # Add attribute mapper for Keycloak client
add-attribute-mapper client_id attribute_name display_name='' claim_name='' options='' default_value='' mapper_name='' view_perms='admin,user' edit_perms='admin': add-attribute-mapper client_id attribute_name display_name='' claim_name='' options='' default_value='' mapper_name='' view_perms='admin,user' edit_perms='admin':

6
keycloak/scripts/create-client.ts
View File

@@ -26,6 +26,7 @@ const main = async () => {
const sessionIdle = process.env.KEYCLOAK_CLIENT_SESSION_IDLE; const sessionIdle = process.env.KEYCLOAK_CLIENT_SESSION_IDLE;
const sessionMax = process.env.KEYCLOAK_CLIENT_SESSION_MAX; const sessionMax = process.env.KEYCLOAK_CLIENT_SESSION_MAX;
const directAccessGrants = process.env.KEYCLOAK_CLIENT_DIRECT_ACCESS_GRANTS;
const kcAdminClient = new KcAdminClient({ const kcAdminClient = new KcAdminClient({
baseUrl: `https://${keycloakHost}`, baseUrl: `https://${keycloakHost}`,
@@ -55,6 +56,7 @@ const main = async () => {
enabled: true, enabled: true,
redirectUris: redirectUris, redirectUris: redirectUris,
publicClient: clientSecret && clientSecret !== '' ? false : true, publicClient: clientSecret && clientSecret !== '' ? false : true,
directAccessGrantsEnabled: directAccessGrants === 'true',
}; };
// Add session timeout settings if provided // Add session timeout settings if provided
@@ -70,6 +72,10 @@ const main = async () => {
console.log(`Setting Client Session Max Lifespan: ${sessionMax}`); console.log(`Setting Client Session Max Lifespan: ${sessionMax}`);
} }
if (directAccessGrants === 'true') {
console.log('Enabling Direct Access Grants (Resource Owner Password Credentials)');
}
const createdClient = await kcAdminClient.clients.create(clientConfig); const createdClient = await kcAdminClient.clients.create(clientConfig);
console.log(`Client created successfully with ID: ${createdClient.id}`); console.log(`Client created successfully with ID: ${createdClient.id}`);
} catch (error) { } catch (error) {