Keycloak setup script

keycloak-setup.sh

#!/bin.sh
# keycloak-setup.sh

# Adapted from : https://keycloak.ch/keycloak-tutorials/tutorial-1-installing-and-running-keycloak/
# basic variables. edit as needed
KCADM="/opt/keycloak/bin/kcadm.sh"
REALM_NAME=test_realm
CLIENT_ID=test_client
USER_NAME=username
USER_PASSWORD=password
CLIENT_BASE_URL="http://localhost:8000"
CLIENT_LOGOUT_WEBHOOK_URL="${CLIENT_BASE_URL}/auth/logout_webhook"

# establish connection session to keycloak
$KCADM config credentials --server ${KEYCLOAK_BASE_URL} \
--user admin \
--password admin \
--realm master

# test connection
$KCADM get serverinfo

# setup new realm
$KCADM create realms -s realm="${REALM_NAME}" -s enabled=true

# setup client
KEYCLOAK_PAYLOAD=$(cat <<EOF
{
    "clientId": "${CLIENT_ID}",
    "name": "${CLIENT_ID}",
    "access": {
        "view": true,
        "configure": true,
        "manage": true
    },
    "enabled": true,
    "baseUrl": "${CLIENT_BASE_URL}",
    "redirectUris": [
        "${CLIENT_BASE_URL}/*"
    ],
    "protocol": "openid-connect",
    "publicClient": true,
    "directAccessGrantsEnabled": false,
    "standardFlowEnabled": true,
    "implicitFlowEnabled": false,
    "fullScopeAllowed": true,
    "defaultClientScopes": [
        "web-origins",
        "role_list",
        "profile",
        "roles",
        "email"
    ],
 "attributes": {
  "backchannel.logout.revoke.offline.tokens": "false",
  "backchannel.logout.session.required": "true",
  "backchannel.logout.url": "${CLIENT_LOGOUT_WEBHOOK_URL}"
 }
}
EOF
)
echo "$KEYCLOAK_PAYLOAD" | $KCADM create clients -r ${REALM_NAME} -f -

# setup user
$KCADM create users -r $REALM_NAME \
-s username="${USER_NAME}" \
-s enabled=true \
-s firstName="${USER_NAME}" \
-s lastName="${USER_NAME}" \
-s email="${USER_NAME}@example.com" 

## setup user password
$KCADM set-password -r $REALM_NAME \
--username "${USER_NAME}" \
--new-password "${USER_PASSWORD}"