realm: demo displayName: Demo enabled: true registrationAllowed: false loginWithEmailAllowed: true duplicateEmailsAllowed: false resetPasswordAllowed: true editUsernameAllowed: false bruteForceProtected: true clientScopes: - name: app:read description: Read access to application resources protocol: openid-connect - name: app:write description: Write access to application resources protocol: openid-connect roles: realm: - name: app-user description: Standard application user - name: app-admin description: Application administrator clients: - clientId: demo-app name: Demo Application enabled: true protocol: openid-connect publicClient: true standardFlowEnabled: true directAccessGrantsEnabled: true serviceAccountsEnabled: false redirectUris: - "http://localhost:3000/*" webOrigins: - "http://localhost:3000" defaultClientScopes: - web-origins - acr - profile - roles - email optionalClientScopes: - app:read - app:write protocolMappers: - name: demo-backend-audience protocol: openid-connect protocolMapper: oidc-audience-mapper config: included.client.audience: demo-backend access.token.claim: "true" - clientId: demo-app-pkce name: Demo Application (PKCE) enabled: true protocol: openid-connect publicClient: true standardFlowEnabled: true directAccessGrantsEnabled: false serviceAccountsEnabled: false attributes: pkce.code.challenge.method: S256 redirectUris: - "http://localhost:3000/*" webOrigins: - "http://localhost:3000" defaultClientScopes: - web-origins - acr - profile - roles - email - clientId: demo-backend name: Demo Backend enabled: true protocol: openid-connect publicClient: false standardFlowEnabled: false directAccessGrantsEnabled: false serviceAccountsEnabled: true secret: $(env:DEMO_BACKEND_SECRET) users: - username: demo-user email: demo@example.com firstName: Demo lastName: User enabled: true emailVerified: true credentials: - type: password value: $(env:DEMO_USER_PASSWORD) temporary: false realmRoles: - app-user