# Keycloak

Pre-configured KeyCloak OpenID Connect server for testing.

* **Realm**: ngx
* **Client ID**: ngxweb, ngxapi
* **Accounts**:
  * *ROLE\_ADMIN*
    1. ngxadmin : ngxadmin
  * *ROLE\_USER*
    1. sumo: demo
    2. sumo1: demo
    3. sumo2: demo
    4. sumo3: demo

## Configure SPA Client

> set issuer, clientId in apps/webapp/src/environments/environment.ts

```javascript
  auth: {
    clientId: 'ngxweb',
    issuer: 'http://localhost:8080/auth/realms/ngx',
  }
```

## Start

```bash
# Start keycloak
docker-compose up keycloak

# Stop keycloak
docker-compose stop keycloak
# this will remove volume created by docker.
docker-compose down

# SSH into keycloak container
docker-compose exec keycloak sh
```

## Use

<http://localhost:8080/>

> admin: admin123

## Setup

> Do import config. (first time only...) 1. login to keycloak admin console 2. create new realm `ngx` 3. import pre-set [config](https://github.com/xmlking/ngx-starter-kit/tree/5bb9e12bdf375b13d71f8b96023a86a04ae01a3a/docs/.deploy/keycloak/realm-manual-import.json)

## Test

```bash
# Environment variable. change as per your server setup
OIDC_ISSUER_URL=http://localhost:8080/auth/realms/ngx
OIDC_CLIENT=ngxweb

USERNAME=sumo
PASSWORD=demo

# get URLs
curl $OIDC_ISSUER_URL/.well-known/openid-configuration | jq .
#get certs
curl $OIDC_ISSUER_URL/protocol/openid-connect/certs | jq .

# Get tokens
response=$(curl -X POST $OIDC_ISSUER_URL/protocol/openid-connect/token \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -d username=$USERNAME \
 -d password=$PASSWORD \
 -d client_id=$OIDC_CLIENT \
 -d 'grant_type=password' \
 -d 'scope=openid')

access_token=$(echo $response | jq  -r '.access_token')
id_token=$(echo $response | jq  -r '.id_token')
refresh_token=$(echo $response | jq  -r '.refresh_token')

# Print tokens
echo $access_token
echo $id_token
echo $refresh_token

# Get User Profile
curl -X POST $OIDC_ISSUER_URL/protocol/openid-connect/userinfo \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -d "access_token=$access_token" | jq .

# Logout
curl -X POST  $OIDC_ISSUER_URL/protocol/openid-connect/logout \
 -H "Content-Type: application/x-www-form-urlencoded" \
 -d client_id=$OIDC_CLIENT \
 -d "refresh_token=$refresh_token" | jq .
```

### Example Access Token

```javascript
{
  "jti": "bcd8138f-cba9-49e4-a4fa-86f688ba2730",
  "exp": 1547688875,
  "nbf": 0,
  "iat": 1547688575,
  "iss": "http://localhost:8080/auth/realms/ngx",
  "aud": "ngxapi",
  "sub": "12c4ef1f-f4bd-451c-a435-ffc5daa1412c",
  "typ": "Bearer",
  "azp": "ngxweb",
  "auth_time": 0,
  "session_state": "92cc97ad-3be7-48e0-9ee9-4329b2a66f07",
  "acr": "1",
  "allowed-origins": [
    "*"
  ],
  "realm_access": {
    "roles": [
      "ROLE_USER"
    ]
  },
  "scope": "openid email ngxapi_audience profile",
  "email_verified": true,
  "name": "sumo1 ngx",
  "preferred_username": "sumo1",
  "given_name": "sumo1",
  "family_name": "ngx",
  "email": "sumo1@ngx.com"
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://xmlking.gitbook.io/ngx-starter-kit/dev-ops/keycloak.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.