local OIDC provider for testing (#2608)

* local OIDC provider for testing

* minor adjustments

* addressed comments

docker-compose-deps.yml

@@ -14,6 +14,7 @@ services:
     volumes:
       - postgres-data:/var/lib/postgresql/data/
       - ./setup/db/10-docker_postgres_init.sql:/docker-entrypoint-initdb.d/10-docker_postgres_init.sql
+      - ./setup/db/11-docker_postgres_keycloack_init.sql:/docker-entrypoint-initdb.d/11-docker_postgres_keycloack_init.sql
     ports:
       - '127.0.0.1:5432:5432'
 
@@ -35,6 +36,40 @@ services:
       - '127.0.0.1:9000:9000'
       - '127.0.0.1:9001:9001'
 
+  # Local OIDC provider for testing
+  keycloak:
+    image: quay.io/keycloak/keycloak:25.0
+    depends_on:
+      - postgres
+    environment:
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: keycloak
+
+      KC_HOSTNAME: 127.0.0.1
+      KC_HOSTNAME_PORT: 9000
+      KC_HOSTNAME_STRICT: false
+      KC_HOSTNAME_STRICT_HTTPS: false
+
+      KC_LOG_LEVEL: info
+      KC_METRICS_ENABLED: true
+      KC_HEALTH_ENABLED: true
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+    ports:
+      - 8443:8443
+      - 9010:9000
+      - 8090:8080
+    command: start-dev --import-realm
+    volumes:
+      - ./setup/keycloak:/opt/keycloak/data/import
+    # user: root
+    # command: export --dir /opt/keycloak/backup --realm speckle
+    # volumes:
+    #   - ./keycloak-backup:/opt/keycloak/backup
+
+  # Local email server for email troubleshooting
   maildev:
     restart: always
     image: maildev/maildev

packages/server/.env-example

@@ -116,6 +116,13 @@ STRATEGY_LOCAL=true
 # OIDC_CLIENT_ID="-> FILL IN <-"
 # OIDC_CLIENT_SECRET="-> FILL IN <-"
 
+# Local OIDC provider for dev purposes: admin:admin for admin panel @ http://127.0.0.1:8090/admin, speckle:speckle for initial user @ http://127.0.0.1:8090/realms/speckle/account
+STRATEGY_OIDC=true
+OIDC_NAME="Local Keycloak"
+OIDC_DISCOVERY_URL="http://127.0.0.1:8090/realms/speckle/.well-known/openid-configuration"
+OIDC_CLIENT_ID="account"
+OIDC_CLIENT_SECRET="gLb9IEutYQ0npyvA8iHxPsObY3duGB0w"
+
 ############################################################
 # Tracing & co.
 # Note: all data is anonymous, and it helps us deliver

setup/db/11-docker_postgres_keycloack_init.sql

@@ -0,0 +1,14 @@
+CREATE USER keycloak WITH
+    LOGIN
+    NOSUPERUSER
+    INHERIT
+    PASSWORD 'keycloak';
+
+CREATE DATABASE keycloak
+    WITH 
+    OWNER = keycloak
+    ENCODING = 'UTF8'
+    LC_COLLATE = 'en_US.utf8'
+    LC_CTYPE = 'en_US.utf8'
+    TABLESPACE = pg_default
+    CONNECTION LIMIT = -1;

setup/keycloak/speckle-users-0.json

@@ -0,0 +1,30 @@
+{
+  "realm": "speckle",
+  "users": [
+    {
+      "id": "45aa3ddd-7e18-4cd1-b908-7ce24e0c1129",
+      "username": "speckle",
+      "firstName": "speckle",
+      "lastName": "speckle",
+      "email": "speckle@keycloak.com",
+      "emailVerified": true,
+      "createdTimestamp": 1723105000956,
+      "enabled": true,
+      "totp": false,
+      "credentials": [
+        {
+          "id": "ae1ffa2c-ff10-4d4e-a0f8-796b3f775c18",
+          "type": "password",
+          "createdDate": 1723105000980,
+          "secretData": "{\"value\":\"8QG5nJiQkscKrfVDc0TTSJ70lRCKadxvkPAFBs3TB1g=\",\"salt\":\"TPnXJz5JYxGl8wIlcXqiVw==\",\"additionalParameters\":{}}",
+          "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}"
+        }
+      ],
+      "disableableCredentialTypes": [],
+      "requiredActions": [],
+      "realmRoles": ["default-roles-speckle"],
+      "notBefore": 0,
+      "groups": []
+    }
+  ]
+}