dalex
/
todolist-proto
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
todolist-proto/KEYCLOAK_SETUP.md

150 lines
3.6 KiB
Markdown
Raw Permalink Normal View History

prototype works
2026-01-20 20:34:43 +01:00
# Keycloak Configuration Issue
## Problem
The application is getting a `401 Unauthorized` error when trying to authenticate:
```
POST https://terminus.bluelake.cloud/realms/dalex-immo-dev/protocol/openid-connect/token 401 (Unauthorized)
```
## Root Cause
The Keycloak client `dalex-proto` either:
1. Does not exist in the `dalex-immo-dev` realm, OR
2. Is not configured correctly for public client access
## Solution
You need to configure the Keycloak client on the server. Follow these steps:
### Step 1: Access Keycloak Admin Console
Go to: https://terminus.bluelake.cloud/admin/
### Step 2: Select the Realm
- Select the `dalex-immo-dev` realm from the realm dropdown
### Step 3: Create or Configure the Client
1. Navigate to **Clients** in the left sidebar
2. Look for client ID `dalex-proto`
3. If it doesn't exist, click **Create client**
### Step 4: Client Configuration
Configure the client with these settings:
#### Basic Settings Tab
```
Client ID: dalex-proto
Name: Dalex Todo Prototype
Description: Todo application prototype
Always display in UI: ON (optional)
Enabled: ON
```
#### Capability Config
```
Client authentication: OFF (this is a public client)
Authorization: OFF
Authentication flow:
☑ Standard flow (Authorization Code Flow)
☐ Direct access grants
☐ Implicit flow
☐ Service accounts roles
☐ OAuth 2.0 Device Authorization Grant
```
#### Access Settings
```
Root URL: http://localhost:3030
Home URL: http://localhost:3030
Valid redirect URIs:
- http://localhost:3030/*
- http://localhost:3030
Valid post logout redirect URIs:
- http://localhost:3030/*
- http://localhost:3030
Web origins:
- http://localhost:3030
- * (for development only)
Admin URL: (leave empty)
```
#### Advanced Settings (Optional but Recommended)
```
Proof Key for Code Exchange Code Challenge Method: S256
Access Token Lifespan: 5 Minutes (or as needed)
```
### Step 5: Save
Click **Save** at the bottom of the page.
### Step 6: Test
1. Restart the application: `docker-compose restart frontend`
2. Open http://localhost:3030
3. You should be redirected to Keycloak login
4. After login, you should see the todo application
## Alternative: Use Existing Client
If you don't have admin access to create a new client, you can use an existing public client that's typically available in Keycloak:
### Option 1: Use 'account-console' client
This client usually exists by default. Edit `frontend/src/keycloak.ts`:
```typescript
keycloak = new Keycloak({
url: 'https://terminus.bluelake.cloud/',
realm: 'dalex-immo-dev',
clientId: 'account-console' // Changed from 'dalex-proto'
})
```
Then rebuild: `docker-compose up --build -d`
### Option 2: Use 'account' client
Another default client. Edit `frontend/src/keycloak.ts`:
```typescript
keycloak = new Keycloak({
url: 'https://terminus.bluelake.cloud/',
realm: 'dalex-immo-dev',
clientId: 'account' // Changed from 'dalex-proto'
})
```
Then rebuild: `docker-compose up --build -d`
## Backend Configuration
Don't forget to update the backend `backend/Program.cs` to match the client ID:
```csharp
options.Audience = "dalex-proto"; // Or "account-console" or "account"
```
Then rebuild: `docker-compose up --build -d`
## Verification
After configuration, you should see in the browser console:
```
Initializing Keycloak...
Keycloak config: {url: "...", realm: "dalex-immo-dev", clientId: "dalex-proto"}
Keycloak initialized. Authenticated: true
User authenticated successfully
App.vue mounted, loading todos...
```
## Need Help?
If you don't have admin access to Keycloak, contact your Keycloak administrator and share this document with the required client configuration.