From cfbbe02e64cb362da9eec64580c53beab7df736b Mon Sep 17 00:00:00 2001 From: Pascal Bleser Date: Thu, 5 Feb 2026 11:17:26 +0100 Subject: [PATCH] groupware: use the OIDC client ID 'web' instead of 'groupware' --- .../config/keycloak/clients/groupware.json | 58 ------------------- services/groupware/DEVELOPER.md | 6 +- 2 files changed, 3 insertions(+), 61 deletions(-) delete mode 100644 devtools/deployments/opencloud_full/config/keycloak/clients/groupware.json diff --git a/devtools/deployments/opencloud_full/config/keycloak/clients/groupware.json b/devtools/deployments/opencloud_full/config/keycloak/clients/groupware.json deleted file mode 100644 index 775bc03ea..000000000 --- a/devtools/deployments/opencloud_full/config/keycloak/clients/groupware.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "clientId": "groupware", - "name": "OpenCloud Groupware", - "description": "Used for authenticating automated HTTP clients of the OpenCloud Groupware API", - "rootUrl": "", - "adminUrl": "", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/*" - ], - "webOrigins": [ - "/*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": true, - "protocol": "openid-connect", - "attributes": { - "oidc.ciba.grant.enabled": "false", - "backchannel.logout.session.required": "true", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "groups", - "OpenCloudUnique_ID", - "basic", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ], - "access": { - "view": true, - "configure": true, - "manage": true - } -} diff --git a/services/groupware/DEVELOPER.md b/services/groupware/DEVELOPER.md index 19e779e84..7814ce74d 100644 --- a/services/groupware/DEVELOPER.md +++ b/services/groupware/DEVELOPER.md @@ -482,7 +482,7 @@ To check whether it works correctly, the following `curl` command: curl -ks -D- -X POST \ "https://keycloak.opencloud.test/realms/openCloud/protocol/openid-connect/token" \ -d username=alan -d password=demo -d grant_type=password \ --d client_id=groupware -d scope=openid +-d client_id=web -d scope=openid ``` should provide you with a JSON response that contains an `access_token` property. @@ -705,7 +705,7 @@ When using the “production” setup, first make sure to retrieve a JWT token=$(curl --silent --insecure --fail -X POST \ "https://keycloak.opencloud.test/realms/openCloud/protocol/openid-connect/token" \ -d username="alan" -d password="demo" \ --d grant_type=password -d client_id="groupware" -d scope=openid \ +-d grant_type=password -d client_id=web -d scope=openid \ | jq -r '.access_token') ``` @@ -723,7 +723,7 @@ curl --insecure -s -u "alan:demo" "https://cloud.opencloud.test/groupware/" > [!TIP] > Until everything is documented, the complete list of URI routes can be found in \ -[`$OCDIR/opencloud/services/groupware/pkg/groupware/groupware_route.go`](./pkg/groupware/groupware_route.go) +[`$OCDIR/opencloud/services/groupware/pkg/groupware/route.go`](./pkg/groupware/route.go) ## Services