diff --git a/app.py b/app.py
index 0abdfdd..e8c164c 100644
--- a/app.py
+++ b/app.py
@@ -35,9 +35,14 @@ oauth.register(
)
-@app.route("/api")
-def api():
- return make_response(redirect(resource_server_url + "/api?" + urllib.parse.urlencode({'callbackUrl': client_url})))
+@app.route("/service1")
+def service1():
+ return make_response(redirect(resource_server_url + "/api/v1/service1?" + urllib.parse.urlencode({'callbackUrl': client_url})))
+
+
+@app.route("/service2")
+def service2():
+ return make_response(redirect(resource_server_url + "/api/v1/service2?" + urllib.parse.urlencode({'callbackUrl': client_url})))
@app.route("/auth")
diff --git a/keycloak/client-oidc.json b/keycloak/client-oidc.json
new file mode 100644
index 0000000..8ee48a7
--- /dev/null
+++ b/keycloak/client-oidc.json
@@ -0,0 +1,134 @@
+{
+ "clientId": "client-oidc",
+ "name": "OIDC demo",
+ "description": "",
+ "rootUrl": "http://localhost:5001",
+ "adminUrl": "http://localhost:5001",
+ "baseUrl": "http://localhost:5001",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": true,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "BqWWnuj5JkgZZWEaXuR8bprEx53lqGxC",
+ "redirectUris": [
+ "/*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": true,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": true,
+ "authorizationServicesEnabled": true,
+ "publicClient": false,
+ "frontchannelLogout": true,
+ "protocol": "openid-connect",
+ "attributes": {
+ "oidc.ciba.grant.enabled": "false",
+ "client.secret.creation.time": "1718829555",
+ "backchannel.logout.session.required": "true",
+ "post.logout.redirect.uris": "+",
+ "display.on.consent.screen": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": false,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "name": "Client IP Address",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientAddress",
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientAddress",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "name": "realm roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "name": "client roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.attribute": "foo",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "resource_access.${client_id}.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
+ }
+ },
+ {
+ "name": "audience resolve",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-audience-resolve-mapper",
+ "consentRequired": false,
+ "config": {
+ "lightweight.claim": "false",
+ "access.token.claim": "true",
+ "introspection.token.claim": "true"
+ }
+ },
+ {
+ "name": "Client Host",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "clientHost",
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "clientHost",
+ "jsonType.label": "String"
+ }
+ },
+ {
+ "name": "Client ID",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usersessionmodel-note-mapper",
+ "consentRequired": false,
+ "config": {
+ "user.session.note": "client_id",
+ "id.token.claim": "true",
+ "introspection.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "client_id",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "profile",
+ "groups",
+ "email"
+ ],
+ "optionalClientScopes": [],
+ "access": {
+ "view": true,
+ "configure": true,
+ "manage": true
+ }
+}
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 82f7485..1c6fb34 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,5 @@
authlib
flask
requests
-urllib.parse
PyJWT
cryptography
diff --git a/templates/base.html b/templates/base.html
index 0eb5518..986cff6 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -5,9 +5,10 @@
- A Python OIDC demo
+ OIDC demo
-
+
+
@@ -18,7 +19,7 @@
-
A Python OIDC demo
+ OIDC demo
{% block content %}{% endblock %}
diff --git a/templates/index.html b/templates/index.html
index 86b3272..d22c121 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -28,6 +28,7 @@
{% endif %}
{% endif %}
- Call API
+ Call service1 API
+ Call service2 API
{% endblock %}