fix: adding webOrigins to allow account access

linode · Mar 22, 2022 · 0931f54 · 0931f54
1 parent 1fa35ce
commit 0931f54
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 6 deletions.
diff --git a/src/tasks/keycloak/config.ts b/src/tasks/keycloak/config.ts
@@ -219,7 +219,11 @@ export const idpProviderCfgTpl = async (
   }
 }
 
-export const otomiClientCfgTpl = (secret: string, redirectUris: string[]): Record<string, unknown> => ({
+export const otomiClientCfgTpl = (
+  secret: string,
+  redirectUris: string[],
+  webOrigins: string[],
+): Record<string, unknown> => ({
   id: 'otomi',
   secret,
   defaultClientScopes: ['openid', 'email', 'profile'],
@@ -229,6 +233,7 @@ export const otomiClientCfgTpl = (secret: string, redirectUris: string[]): Recor
   directAccessGrantsEnabled: true,
   serviceAccountsEnabled: true,
   authorizationServicesEnabled: true,
+  webOrigins,
 })
 
 // type definition for imported ENV variable IDP_GROUP_MAPPINGS_TEAMS

diff --git a/src/tasks/keycloak/keycloak.ts b/src/tasks/keycloak/keycloak.ts
@@ -35,9 +35,9 @@ import * as realmConfig from './realm-factory'
 const env = cleanEnv({
   IDP_ALIAS,
   IDP_OIDC_URL,
+  KEYCLOAK_ADDRESS,
   KEYCLOAK_ADMIN,
   KEYCLOAK_ADMIN_PASSWORD,
-  KEYCLOAK_ADDRESS,
   KEYCLOAK_REALM,
   FEAT_EXTERNAL_IDP,
 })
@@ -48,11 +48,10 @@ const keyCloakRealm = 'otomi'
 
 async function main(): Promise<void> {
   await waitTillAvailable(env.KEYCLOAK_ADDRESS)
-  const keycloakAddress = env.KEYCLOAK_ADDRESS
-  const basePath = `${keycloakAddress}/admin/realms`
+  const basePath = `${env.KEYCLOAK_ADDRESS}/admin/realms`
   let token: TokenSet
   try {
-    const keycloakIssuer = await Issuer.discover(`${keycloakAddress}/realms/${env.KEYCLOAK_REALM}/`)
+    const keycloakIssuer = await Issuer.discover(`${env.KEYCLOAK_ADDRESS}/realms/${env.KEYCLOAK_REALM}/`)
     const clientOptions: any = {
       client_id: 'admin-cli',
       client_secret: 'unused',

diff --git a/src/tasks/keycloak/realm-factory.ts b/src/tasks/keycloak/realm-factory.ts
@@ -24,6 +24,7 @@ import {
   IDP_OIDC_URL,
   IDP_SUB_CLAIM_MAPPER,
   IDP_USERNAME_CLAIM_MAPPER,
+  KEYCLOAK_ADDRESS,
   KEYCLOAK_CLIENT_SECRET,
   KEYCLOAK_REALM,
   REDIRECT_URIS,
@@ -48,6 +49,7 @@ const env = cleanEnv({
   IDP_CLIENT_ID,
   IDP_CLIENT_SECRET,
   IDP_ALIAS,
+  KEYCLOAK_ADDRESS,
   KEYCLOAK_CLIENT_SECRET,
   KEYCLOAK_REALM,
   REDIRECT_URIS,
@@ -62,8 +64,12 @@ const env = cleanEnv({
 
 export function createClient(): ClientRepresentation {
   const redirectUris: Array<string> = env.REDIRECT_URIS
+  const webOrigins = [env.KEYCLOAK_ADDRESS]
   const secret = env.KEYCLOAK_CLIENT_SECRET
-  const otomiClientRepresentation = defaultsDeep(new ClientRepresentation(), otomiClientCfgTpl(secret, redirectUris))
+  const otomiClientRepresentation = defaultsDeep(
+    new ClientRepresentation(),
+    otomiClientCfgTpl(secret, redirectUris, webOrigins),
+  )
   return otomiClientRepresentation
 }