Skip to content

Instantly share code, notes, and snippets.

View thomasdarimont's full-sized avatar
🏠
Working from home

Thomas Darimont thomasdarimont

🏠
Working from home
View GitHub Profile
@thomasdarimont
thomasdarimont / readme.md
Last active March 24, 2025 13:05
API Sketch - Using different types to restrict available fields
class ClientCreate extends ClientUpdate {
    String type;
    // properties manadatory for creation
}

class ClientUpdate{
    String name;
 String description;
@thomasdarimont
thomasdarimont / readme.md
Last active March 19, 2025 13:17
Example Realm with a Configuration for OAuth2 Resource Indicators based on https://github.com/keycloak/keycloak/pull/35711

This import creates a new resource-indicators realm with a photoz client. The photoz client defines available resource-indicators via the authorization-services resources.

Create a user tester with password test in the resource-indicators realm.

Then you should be able to execute the following requests via curl.

Note the resource parameter which enables the client to select which resources should be associated with the authorization.

@thomasdarimont
thomasdarimont / JsonSchemaDemo.java
Last active March 10, 2025 22:41
JSON Schema Validation Example
package demo;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.networknt.schema.JsonNodePath;
import com.networknt.schema.JsonSchema;
import com.networknt.schema.JsonSchemaFactory;
import com.networknt.schema.SpecVersion;
import com.networknt.schema.ValidationMessage;
@thomasdarimont
thomasdarimont / healthcheck.sh
Created January 9, 2025 09:27
Keycloak Healthcheck for docker without curl
#!/bin/bash
exec 3<>/dev/tcp/localhost/8080
echo -e "GET /auth/health/ready HTTP/1.1\nhost: localhost:8080\n" >&3
timeout --preserve-status 1 cat <&3 | grep -m 1 status | grep -m 1 UP
ERROR=$?
exec 3<&-
exec 3>&-
@Component
public class CookieSecurityContextRepository implements SecurityContextRepository {
private static final String EMPTY_CREDENTIALS = "";
private static final String ANONYMOUS_USER = "anonymousUser";
private final String cookieHmacKey;
public CookieSecurityContextRepository(@Value("${auth.cookie.hmac-key}") String cookieHmacKey) {
this.cookieHmacKey = cookieHmacKey;
@thomasdarimont
thomasdarimont / JwtClientAuthApp.java
Last active November 1, 2024 13:01
Spring Boot 3.3.5 JwtClientAuthApp example
package demo.jwtclientauth;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
@thomasdarimont
thomasdarimont / DebugFriendlyCreatedResponseUtil.java
Created October 25, 2024 10:44
DebugFriendlyCreatedResponseUtil
package de.adorsys.keycloak.config.util;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.net.URI;
import java.util.Map;
@thomasdarimont
thomasdarimont / readme.md
Last active October 3, 2024 11:17
kct issues

Issue: First example does not show how to use --context, errors without it

Issue: ~/.kct folder not created if missing

Issue: How to configure trust store via CLI? Manually adding trust store at the root did not work either. Truststore setting was removed after adding new (http) context.

Issue: Truststore configuration does not work, even with truststore set, I cannot configure it.

Issue: Add support for skip certificate validation

@thomasdarimont
thomasdarimont / setup-keycloak-config-client.sh
Created October 3, 2024 09:20
Example for setting up a Keycloak Client via kcadm.sh with the official Keycloak docker image
#!/usr/bin/env bash
shopt -s expand_aliases
alias kcadm="docker run --net=host -i --user=1000:1000 --rm -v $(echo $HOME)/.acme/.keycloak:/opt/keycloak/.keycloak:z --entrypoint /opt/keycloak/bin/kcadm.sh quay.io/keycloak/keycloak:24.0.5"
KEYCLOAK_URL=http://localhost:8080/auth
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin
{
"clientId": "reference-client",
"name": "",
"description": "",
"rootUrl": "",
"adminUrl": "",
"baseUrl": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,