# Script pour verifier et corriger la configuration du client btpxpress-frontend $KEYCLOAK_URL = "https://security.lions.dev" $REALM = "btpxpress" $CLIENT_ID = "btpxpress-frontend" Write-Host "Verification de la configuration du client $CLIENT_ID..." -ForegroundColor Yellow # Obtenir le token $body = @{ grant_type = "password" client_id = "admin-cli" username = "admin" password = "KeycloakAdmin2025!" } $tokenResponse = Invoke-RestMethod -Uri "$KEYCLOAK_URL/realms/master/protocol/openid-connect/token" -Method Post -ContentType "application/x-www-form-urlencoded" -Body $body $token = $tokenResponse.access_token $headers = @{ Authorization = "Bearer $token" "Content-Type" = "application/json" } # Recuperer le client $clients = Invoke-RestMethod -Uri "$KEYCLOAK_URL/admin/realms/$REALM/clients" -Method Get -Headers $headers $client = $clients | Where-Object { $_.clientId -eq $CLIENT_ID } Write-Host "" Write-Host "Configuration actuelle:" -ForegroundColor Cyan Write-Host " publicClient: $($client.publicClient)" -ForegroundColor White Write-Host " standardFlowEnabled: $($client.standardFlowEnabled)" -ForegroundColor White Write-Host " implicitFlowEnabled: $($client.implicitFlowEnabled)" -ForegroundColor White Write-Host " directAccessGrantsEnabled: $($client.directAccessGrantsEnabled)" -ForegroundColor White Write-Host " serviceAccountsEnabled: $($client.serviceAccountsEnabled)" -ForegroundColor White if ($client.attributes) { Write-Host " PKCE: $($client.attributes.'pkce.code.challenge.method')" -ForegroundColor White } Write-Host "" Write-Host "Redirect URIs configurees:" -ForegroundColor Cyan $client.redirectUris | ForEach-Object { Write-Host " - $_" -ForegroundColor White } # Verification et correction si necessaire $needsUpdate = $false if (-not $client.publicClient) { Write-Host "" Write-Host "ATTENTION: Le client n'est pas configure comme public!" -ForegroundColor Red $client.publicClient = $true $needsUpdate = $true } if (-not $client.standardFlowEnabled) { Write-Host "ATTENTION: Standard Flow n'est pas active!" -ForegroundColor Red $client.standardFlowEnabled = $true $needsUpdate = $true } if ($client.implicitFlowEnabled) { Write-Host "ATTENTION: Implicit Flow est active (non recommande)!" -ForegroundColor Yellow $client.implicitFlowEnabled = $false $needsUpdate = $true } if (-not $client.attributes -or $client.attributes.'pkce.code.challenge.method' -ne 'S256') { Write-Host "ATTENTION: PKCE n'est pas configure correctement!" -ForegroundColor Red if (-not $client.attributes) { $client.attributes = @{} } $client.attributes.'pkce.code.challenge.method' = 'S256' $needsUpdate = $true } # Verifier que http://localhost:8081/* est dans les redirect URIs $hasLocalhost8081 = $client.redirectUris -contains "http://localhost:8081/*" if (-not $hasLocalhost8081) { Write-Host "ATTENTION: http://localhost:8081/* manque dans les redirect URIs!" -ForegroundColor Red $needsUpdate = $true } if ($needsUpdate) { Write-Host "" Write-Host "Mise a jour de la configuration..." -ForegroundColor Yellow $body = $client | ConvertTo-Json -Depth 10 try { Invoke-RestMethod -Uri "$KEYCLOAK_URL/admin/realms/$REALM/clients/$($client.id)" ` -Method Put ` -Headers $headers ` -Body $body | Out-Null Write-Host "Configuration mise a jour avec succes!" -ForegroundColor Green } catch { Write-Host "Erreur lors de la mise a jour: $_" -ForegroundColor Red } } else { Write-Host "" Write-Host "Configuration correcte!" -ForegroundColor Green } Write-Host "" Write-Host "Configuration finale recommandee pour application.properties:" -ForegroundColor Yellow Write-Host " quarkus.oidc.client-id=btpxpress-frontend" -ForegroundColor Cyan Write-Host " quarkus.oidc.credentials.secret= (vide pour client public)" -ForegroundColor Cyan Write-Host " quarkus.oidc.authentication.pkce-required=true" -ForegroundColor Cyan Write-Host ""