microcks icon indicating copy to clipboard operation
microcks copied to clipboard
verified publisher icon microcks

Add support for dynamically adding `redirect-uri` to keycloak configuration

Open Harsh4902 opened this issue 10 months ago • 4 comments

Reason/Context

  • As we have successfully implemented sso-based login in microcks-cli we have to redirect the user to specific port where a server started by the CLI is waiting for the response of authentication from Keycloak.
  • Currently, we are adding only one redirect-uri which is the URI of the microcks server.

Description

  • We have to add the server-address/redirect-URL into the Keycloak configuration, otherwise keycloak will not allow that authentication request from the CLI
  • As admin we should have a privilege to add the redirect-uri dynamically.

Implementation ideas

No response

Harsh4902 avatar May 29 '25 17:05 Harsh4902

Hey @Harsh4902 , thanks for opening this one.

I don't think we would be able to dynamically add new redirect-uris in Keycloak realm config but we can at least add a new entry for a well-known port on localhost or for a range of port if the CLI is using a dynamic port attribution. How did you manage this on the CLI side?

BTW I wonder what would be the better way of doing this: adding a new redirect-uri in the microcks-app-js client definition of the realm OR adding a brand new microcks-cli client to better isolate use-cases? What do you think?

lbroudoux avatar Jun 05 '25 12:06 lbroudoux

Hey @Harsh4902 , thanks for opening this one.

I don't think we would be able to dynamically add new redirect-uris in Keycloak realm config but we can at least add a new entry for a well-known port on localhost or for a range of port if the CLI is using a dynamic port attribution. How did you manage this on the CLI side?

BTW I wonder what would be the better way of doing this: adding a new redirect-uri in the microcks-app-js client definition of the realm OR adding a brand new microcks-cli client to better isolate use-cases? What do you think?

Okay, we are using 8085 as the default port for the callback server of microcks-cli, and we are providing this realm configuration only in install/docker-compose/. So, I think we can add localhost:8085 as a redirect-uri. The use cases for both apps are almost similar, so I think there is no need to add a new microcks-cli client in the realm.

Harsh4902 avatar Jun 05 '25 17:06 Harsh4902

we are providing this realm configuration only in install/docker-compose/

We also have to add it in the configuration that is spawn by the Helm chart and the Operator.

8085 is a bit "close" to 8585 we put as an example for locally running Microcks. And also maybe subject to conflicts with locally running web-app. Couldn't we choose something more "original"?

lbroudoux avatar Jun 06 '25 08:06 lbroudoux

we are providing this realm configuration only in install/docker-compose/

We also have to add it in the configuration that is spawn by the Helm chart and the Operator.

8085 is a bit "close" to 8585 we put as an example for locally running Microcks. And also maybe subject to conflicts with locally running web-app. Couldn't we choose something more "original"?

Okay, let me check for rarely used ports and will update it in the CLI.

Harsh4902 avatar Jun 10 '25 03:06 Harsh4902

Okay, let me check for rarely used ports and will update it in the CLI.

Hey @Harsh4902 Did you get some time looking at this one? It could be cool to push the CLI and have this one prepared.

lbroudoux avatar Jul 07 '25 15:07 lbroudoux

@lbroudoux Oh! I missed this. Can we use 58085? I searched about this port but didn't find any usage, so maybe it can be our unique+original

Harsh4902 avatar Jul 07 '25 16:07 Harsh4902

Now done!

lbroudoux avatar Jul 08 '25 08:07 lbroudoux

Oh! Great 🎉. I am updating it in the CLI's code.

Harsh4902 avatar Jul 08 '25 15:07 Harsh4902