diff --git a/src/tasks/keycloak/config.ts b/src/tasks/keycloak/config.ts index 5aac9fde..1dddec91 100644 --- a/src/tasks/keycloak/config.ts +++ b/src/tasks/keycloak/config.ts @@ -219,7 +219,11 @@ export const idpProviderCfgTpl = async ( } } -export const otomiClientCfgTpl = (secret: string, redirectUris: string[]): Record => ({ +export const otomiClientCfgTpl = ( + secret: string, + redirectUris: string[], + webOrigins: string[], +): Record => ({ id: 'otomi', secret, defaultClientScopes: ['openid', 'email', 'profile'], @@ -229,6 +233,7 @@ export const otomiClientCfgTpl = (secret: string, redirectUris: string[]): Recor directAccessGrantsEnabled: true, serviceAccountsEnabled: true, authorizationServicesEnabled: true, + webOrigins, }) // type definition for imported ENV variable IDP_GROUP_MAPPINGS_TEAMS diff --git a/src/tasks/keycloak/keycloak.ts b/src/tasks/keycloak/keycloak.ts index bb462271..32f42c2b 100644 --- a/src/tasks/keycloak/keycloak.ts +++ b/src/tasks/keycloak/keycloak.ts @@ -35,9 +35,9 @@ import * as realmConfig from './realm-factory' const env = cleanEnv({ IDP_ALIAS, IDP_OIDC_URL, + KEYCLOAK_ADDRESS, KEYCLOAK_ADMIN, KEYCLOAK_ADMIN_PASSWORD, - KEYCLOAK_ADDRESS, KEYCLOAK_REALM, FEAT_EXTERNAL_IDP, }) @@ -48,11 +48,10 @@ const keyCloakRealm = 'otomi' async function main(): Promise { await waitTillAvailable(env.KEYCLOAK_ADDRESS) - const keycloakAddress = env.KEYCLOAK_ADDRESS - const basePath = `${keycloakAddress}/admin/realms` + const basePath = `${env.KEYCLOAK_ADDRESS}/admin/realms` let token: TokenSet try { - const keycloakIssuer = await Issuer.discover(`${keycloakAddress}/realms/${env.KEYCLOAK_REALM}/`) + const keycloakIssuer = await Issuer.discover(`${env.KEYCLOAK_ADDRESS}/realms/${env.KEYCLOAK_REALM}/`) const clientOptions: any = { client_id: 'admin-cli', client_secret: 'unused', diff --git a/src/tasks/keycloak/realm-factory.ts b/src/tasks/keycloak/realm-factory.ts index ae26a793..07a4c0db 100644 --- a/src/tasks/keycloak/realm-factory.ts +++ b/src/tasks/keycloak/realm-factory.ts @@ -24,6 +24,7 @@ import { IDP_OIDC_URL, IDP_SUB_CLAIM_MAPPER, IDP_USERNAME_CLAIM_MAPPER, + KEYCLOAK_ADDRESS, KEYCLOAK_CLIENT_SECRET, KEYCLOAK_REALM, REDIRECT_URIS, @@ -48,6 +49,7 @@ const env = cleanEnv({ IDP_CLIENT_ID, IDP_CLIENT_SECRET, IDP_ALIAS, + KEYCLOAK_ADDRESS, KEYCLOAK_CLIENT_SECRET, KEYCLOAK_REALM, REDIRECT_URIS, @@ -62,8 +64,12 @@ const env = cleanEnv({ export function createClient(): ClientRepresentation { const redirectUris: Array = env.REDIRECT_URIS + const webOrigins = [env.KEYCLOAK_ADDRESS] const secret = env.KEYCLOAK_CLIENT_SECRET - const otomiClientRepresentation = defaultsDeep(new ClientRepresentation(), otomiClientCfgTpl(secret, redirectUris)) + const otomiClientRepresentation = defaultsDeep( + new ClientRepresentation(), + otomiClientCfgTpl(secret, redirectUris, webOrigins), + ) return otomiClientRepresentation }