sttlab
100 lines
2.3 KiB
YAML
100 lines
2.3 KiB
YAML
realm: demo
|
|
displayName: Demo
|
|
enabled: true
|
|
registrationAllowed: false
|
|
loginWithEmailAllowed: true
|
|
duplicateEmailsAllowed: false
|
|
resetPasswordAllowed: true
|
|
editUsernameAllowed: false
|
|
bruteForceProtected: true
|
|
|
|
clientScopes:
|
|
- name: app:read
|
|
description: Read access to application resources
|
|
protocol: openid-connect
|
|
- name: app:write
|
|
description: Write access to application resources
|
|
protocol: openid-connect
|
|
|
|
roles:
|
|
realm:
|
|
- name: app-user
|
|
description: Standard application user
|
|
- name: app-admin
|
|
description: Application administrator
|
|
|
|
clients:
|
|
- clientId: demo-app
|
|
name: Demo Application
|
|
enabled: true
|
|
protocol: openid-connect
|
|
publicClient: true
|
|
standardFlowEnabled: true
|
|
directAccessGrantsEnabled: true
|
|
serviceAccountsEnabled: false
|
|
redirectUris:
|
|
- "http://localhost:3000/*"
|
|
webOrigins:
|
|
- "http://localhost:3000"
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
optionalClientScopes:
|
|
- app:read
|
|
- app:write
|
|
protocolMappers:
|
|
- name: demo-backend-audience
|
|
protocol: openid-connect
|
|
protocolMapper: oidc-audience-mapper
|
|
config:
|
|
included.client.audience: demo-backend
|
|
access.token.claim: "true"
|
|
|
|
- clientId: demo-app-pkce
|
|
name: Demo Application (PKCE)
|
|
enabled: true
|
|
protocol: openid-connect
|
|
publicClient: true
|
|
standardFlowEnabled: true
|
|
directAccessGrantsEnabled: false
|
|
serviceAccountsEnabled: false
|
|
attributes:
|
|
pkce.code.challenge.method: S256
|
|
redirectUris:
|
|
- "http://localhost:3000/*"
|
|
webOrigins:
|
|
- "http://localhost:3000"
|
|
defaultClientScopes:
|
|
- web-origins
|
|
- acr
|
|
- profile
|
|
- roles
|
|
- email
|
|
|
|
- clientId: demo-backend
|
|
name: Demo Backend
|
|
enabled: true
|
|
protocol: openid-connect
|
|
publicClient: false
|
|
standardFlowEnabled: false
|
|
directAccessGrantsEnabled: false
|
|
serviceAccountsEnabled: true
|
|
secret: $(env:DEMO_BACKEND_SECRET)
|
|
|
|
users:
|
|
- username: demo-user
|
|
email: demo@example.com
|
|
firstName: Demo
|
|
lastName: User
|
|
enabled: true
|
|
emailVerified: true
|
|
credentials:
|
|
- type: password
|
|
value: $(env:DEMO_USER_PASSWORD)
|
|
temporary: false
|
|
realmRoles:
|
|
- app-user
|