docs: Ajout documentation et scripts de démarrage

- Documentation configuration OIDC, démarrage, diagnostic
- Scripts batch pour démarrage backend et client
- Script shell pour configuration Keycloak frontend

configure-keycloak-frontend.sh

@@ -0,0 +1,155 @@
+#!/bin/bash
+
+# Script de configuration Keycloak pour corriger l'authentification frontend
+set -e
+
+KEYCLOAK_URL="http://localhost:8180"
+REALM="lions-user-manager"
+CLIENT_ID="lions-user-manager-client"
+CLIENT_SECRET="client-secret-lions-2025"
+
+echo "=========================================="
+echo "Configuration Keycloak pour Frontend"
+echo "=========================================="
+
+# 1. Obtenir le token admin
+echo "1. Récupération du token admin..."
+TOKEN=$(curl -s -X POST "${KEYCLOAK_URL}/realms/master/protocol/openid-connect/token" \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -d "username=admin" \
+  -d "password=admin" \
+  -d "grant_type=password" \
+  -d "client_id=admin-cli" | grep -o '"access_token":"[^"]*' | cut -d'"' -f4)
+
+if [ -z "$TOKEN" ]; then
+  echo "❌ Erreur: Impossible d'obtenir le token admin"
+  exit 1
+fi
+echo "✅ Token obtenu"
+
+# 2. Vérifier si le client existe
+echo ""
+echo "2. Vérification du client ${CLIENT_ID}..."
+CLIENTS=$(curl -s -X GET "${KEYCLOAK_URL}/admin/realms/${REALM}/clients" \
+  -H "Authorization: Bearer ${TOKEN}")
+
+# Extraire l'ID interne du client
+INTERNAL_CLIENT_ID=$(echo "$CLIENTS" | grep -B 5 "\"clientId\":\"${CLIENT_ID}\"" | grep '"id"' | head -1 | grep -o '"id":"[^"]*' | cut -d'"' -f4)
+
+if [ -z "$INTERNAL_CLIENT_ID" ]; then
+  echo "⚠️ Client ${CLIENT_ID} n'existe pas, création..."
+
+  # Créer le client
+  curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/clients" \
+    -H "Authorization: Bearer ${TOKEN}" \
+    -H "Content-Type: application/json" \
+    -d "{
+      \"clientId\": \"${CLIENT_ID}\",
+      \"enabled\": true,
+      \"protocol\": \"openid-connect\",
+      \"publicClient\": false,
+      \"secret\": \"${CLIENT_SECRET}\",
+      \"redirectUris\": [\"http://localhost:8080/*\"],
+      \"webOrigins\": [\"http://localhost:8080\"],
+      \"standardFlowEnabled\": true,
+      \"directAccessGrantsEnabled\": true,
+      \"serviceAccountsEnabled\": false,
+      \"implicitFlowEnabled\": false,
+      \"fullScopeAllowed\": true
+    }"
+
+  echo "✅ Client créé"
+
+  # Récupérer l'ID après création
+  CLIENTS=$(curl -s -X GET "${KEYCLOAK_URL}/admin/realms/${REALM}/clients" \
+    -H "Authorization: Bearer ${TOKEN}")
+  INTERNAL_CLIENT_ID=$(echo "$CLIENTS" | grep -B 5 "\"clientId\":\"${CLIENT_ID}\"" | grep '"id"' | head -1 | grep -o '"id":"[^"]*' | cut -d'"' -f4)
+else
+  echo "✅ Client existe (ID: ${INTERNAL_CLIENT_ID})"
+fi
+
+# 3. Mettre à jour la configuration du client
+echo ""
+echo "3. Mise à jour de la configuration du client..."
+curl -s -X PUT "${KEYCLOAK_URL}/admin/realms/${REALM}/clients/${INTERNAL_CLIENT_ID}" \
+  -H "Authorization: Bearer ${TOKEN}" \
+  -H "Content-Type: application/json" \
+  -d "{
+    \"clientId\": \"${CLIENT_ID}\",
+    \"enabled\": true,
+    \"protocol\": \"openid-connect\",
+    \"publicClient\": false,
+    \"redirectUris\": [\"http://localhost:8080/*\"],
+    \"webOrigins\": [\"+\"],
+    \"standardFlowEnabled\": true,
+    \"directAccessGrantsEnabled\": true,
+    \"serviceAccountsEnabled\": false,
+    \"implicitFlowEnabled\": false,
+    \"fullScopeAllowed\": true,
+    \"attributes\": {
+      \"access.token.lifespan\": \"3600\",
+      \"use.refresh.tokens\": \"true\"
+    }
+  }"
+
+echo "✅ Configuration mise à jour"
+
+# 4. Définir le secret du client
+echo ""
+echo "4. Configuration du secret client..."
+curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/clients/${INTERNAL_CLIENT_ID}/client-secret" \
+  -H "Authorization: Bearer ${TOKEN}" \
+  -H "Content-Type: application/json" \
+  -d "{\"value\": \"${CLIENT_SECRET}\"}"
+
+echo "✅ Secret configuré"
+
+# 5. Vérifier les utilisateurs
+echo ""
+echo "5. Vérification des utilisateurs..."
+USERS=$(curl -s -X GET "${KEYCLOAK_URL}/admin/realms/${REALM}/users" \
+  -H "Authorization: Bearer ${TOKEN}")
+
+USER_COUNT=$(echo "$USERS" | grep -c '"username"' || echo "0")
+echo "✅ Utilisateurs trouvés: ${USER_COUNT}"
+
+if [ "$USER_COUNT" -eq "0" ]; then
+  echo "⚠️ Aucun utilisateur trouvé, création de testuser..."
+
+  # Créer l'utilisateur testuser
+  curl -s -X POST "${KEYCLOAK_URL}/admin/realms/${REALM}/users" \
+    -H "Authorization: Bearer ${TOKEN}" \
+    -H "Content-Type: application/json" \
+    -d '{
+      "username": "testuser",
+      "enabled": true,
+      "emailVerified": true,
+      "firstName": "Test",
+      "lastName": "User",
+      "email": "testuser@lions.dev",
+      "credentials": [{
+        "type": "password",
+        "value": "test123",
+        "temporary": false
+      }]
+    }'
+
+  echo "✅ Utilisateur testuser créé"
+fi
+
+echo ""
+echo "=========================================="
+echo "✅ Configuration Keycloak terminée!"
+echo "=========================================="
+echo ""
+echo "Informations de connexion:"
+echo "  Realm: ${REALM}"
+echo "  Client ID: ${CLIENT_ID}"
+echo "  Client Secret: ${CLIENT_SECRET}"
+echo "  Test User: testuser / test123"
+echo ""
+echo "URLs:"
+echo "  Frontend: http://localhost:8080"
+echo "  Backend: http://localhost:8081"
+echo "  Keycloak: http://localhost:8180"
+echo ""