KeycloakProperties

data class KeycloakProperties(val serverUrl: String, val realm: String, val adminClientId: String, val adminClientSecret: String, val gatewayClientId: String, val gatewayClientSecret: String, val rolesClaimPath: String, val cookie: SharedConfigProperties.KeycloakProperties.CookieProperties)(source)

Keycloak realm / client configuration shared by all services.

Constructors

constructor(serverUrl: String, realm: String, adminClientId: String, adminClientSecret: String, gatewayClientId: String, gatewayClientSecret: String, rolesClaimPath: String, cookie: SharedConfigProperties.KeycloakProperties.CookieProperties)

data class CookieProperties(val refreshTokenCookieName: String, val httpOnly: Boolean, val secure: Boolean, val sameSite: String, val path: String)

Refresh-token cookie settings used by the API Gateway BFF.

Confidential client used by iam-service for the Keycloak Admin REST API.

Secret of adminClientId.

Refresh-token cookie configuration used by the gateway BFF.

Public client used by the API Gateway for the BFF OAuth2 code flow.

Secret of gatewayClientId.

Realm name used for both token issuance and admin operations.

Dot-separated path within the JWT to the roles list (e.g. realm_access.roles). Consumed by KeycloakJwtUtils.extractRoles.

Base URL of the Keycloak server (e.g. http://keycloak:8080).