feat(keycloak): support direct access grant
This commit is contained in:
Masaki Yatsu
@@ -202,7 +202,7 @@ client-exists realm client_id:
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/client-exists.ts
|
||||
|
||||
# Create Keycloak client
|
||||
create-client realm client_id redirect_url client_secret='' session_idle='' session_max='':
|
||||
create-client realm client_id redirect_url client_secret='' session_idle='' session_max='' direct_access_grants='false':
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just admin-username)
|
||||
@@ -213,8 +213,20 @@ create-client realm client_id redirect_url client_secret='' session_idle='' sess
|
||||
export KEYCLOAK_REDIRECT_URL={{ redirect_url }}
|
||||
export KEYCLOAK_CLIENT_SESSION_IDLE={{ session_idle }}
|
||||
export KEYCLOAK_CLIENT_SESSION_MAX={{ session_max }}
|
||||
export KEYCLOAK_CLIENT_DIRECT_ACCESS_GRANTS={{ direct_access_grants }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/create-client.ts
|
||||
|
||||
# Add audience mapper to existing client
|
||||
add-audience-mapper realm client_id audience:
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just admin-username)
|
||||
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
|
||||
export KEYCLOAK_REALM={{ realm }}
|
||||
export KEYCLOAK_CLIENT_ID={{ client_id }}
|
||||
export KEYCLOAK_AUDIENCE={{ audience }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/add-audience-mapper.ts
|
||||
|
||||
# Delete Keycloak client
|
||||
delete-client realm client_id:
|
||||
#!/bin/bash
|
||||
@@ -225,15 +237,6 @@ delete-client realm client_id:
|
||||
export KEYCLOAK_CLIENT_ID={{ client_id }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/delete-client.ts
|
||||
|
||||
# Add Keycloak client audience mapper
|
||||
add-audience-mapper client_id:
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
export KEYCLOAK_ADMIN_USER=$(just admin-username)
|
||||
export KEYCLOAK_ADMIN_PASSWORD=$(just admin-password)
|
||||
export KEYCLOAK_REALM=${KEYCLOAK_REALM}
|
||||
export KEYCLOAK_CLIENT_ID={{ client_id }}
|
||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/add-audience-mapper.ts
|
||||
|
||||
# Add attribute mapper for Keycloak client
|
||||
add-attribute-mapper client_id attribute_name display_name='' claim_name='' options='' default_value='' mapper_name='' view_perms='admin,user' edit_perms='admin':
|
||||
|
||||
@@ -26,6 +26,7 @@ const main = async () => {
|
||||
|
||||
const sessionIdle = process.env.KEYCLOAK_CLIENT_SESSION_IDLE;
|
||||
const sessionMax = process.env.KEYCLOAK_CLIENT_SESSION_MAX;
|
||||
const directAccessGrants = process.env.KEYCLOAK_CLIENT_DIRECT_ACCESS_GRANTS;
|
||||
|
||||
const kcAdminClient = new KcAdminClient({
|
||||
baseUrl: `https://${keycloakHost}`,
|
||||
@@ -55,6 +56,7 @@ const main = async () => {
|
||||
enabled: true,
|
||||
redirectUris: redirectUris,
|
||||
publicClient: clientSecret && clientSecret !== '' ? false : true,
|
||||
directAccessGrantsEnabled: directAccessGrants === 'true',
|
||||
};
|
||||
|
||||
// Add session timeout settings if provided
|
||||
@@ -70,6 +72,10 @@ const main = async () => {
|
||||
console.log(`Setting Client Session Max Lifespan: ${sessionMax}`);
|
||||
}
|
||||
|
||||
if (directAccessGrants === 'true') {
|
||||
console.log('Enabling Direct Access Grants (Resource Owner Password Credentials)');
|
||||
}
|
||||
|
||||
const createdClient = await kcAdminClient.clients.create(clientConfig);
|
||||
console.log(`Client created successfully with ID: ${createdClient.id}`);
|
||||
} catch (error) {
|
||||
|
||||
Reference in New Issue
Block a user