Files
collective-lists/keycloak/realm-export.json
Oier Bravo Urtasun 7d91705fc2 feat(fase-1): auth, collective management, and DB migrations
- SQL migrations: users, collectives, collective_members, collective_invitations,
  full RLS policies, is_active_member/is_member/is_admin helpers,
  accept_invitation SECURITY DEFINER function, admin auto-promote trigger,
  avatars storage bucket
- Auth refactor: replace keycloak-js with Supabase OAuth (GoTrue OIDC proxy,
  Option B). signInWithOAuth({ provider: 'keycloak' }) + PKCE flow
- GoTrue config: GOTRUE_EXTERNAL_KEYCLOAK_URL + GOTRUE_EXTERNAL_KEYCLOAK_REDIRECT_URI
  added to docker-compose.dev.yml; Keycloak realm updated with GoTrue callback URI
- New routes: /auth/callback, /invitation/[token], /(app)/collective/manage
- Functional onboarding: create collective or join via invite link
- Full settings page: display name (debounced), avatar (initials/emoji/upload),
  language switcher, Keycloak account console link
- Components: Avatar.svelte (initials/emoji/upload with fallback),
  ImageCropper.svelte (cropperjs, 1:1 crop, lazy-loaded)
- i18n: added all Fase 1 message keys (en + es); renamed 'delete' → 'action_delete'
  (JS reserved word); fixed plugin-m-function-matcher major-version URL format
- Database types: manually seeded packages/types/src/database.ts from migrations
- .env.development: committed public dev defaults for SvelteKit type checking
- CLAUDE.md: documented /etc/hosts requirement for keycloak hostname

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-12 15:29:29 +02:00

145 lines
3.4 KiB
JSON

{
"id": "colectivo",
"realm": "colectivo",
"displayName": "Colectivo",
"enabled": true,
"sslRequired": "external",
"registrationAllowed": true,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": true,
"accessTokenLifespan": 3600,
"refreshTokenMaxReuse": 0,
"offlineSessionMaxLifespanEnabled": false,
"clients": [
{
"clientId": "colectivo-web",
"name": "Colectivo Web App",
"enabled": true,
"publicClient": true,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"protocol": "openid-connect",
"attributes": {
"pkce.code.challenge.method": "S256"
},
"redirectUris": [
"http://localhost:5173/*",
"http://localhost:3000/*",
"http://localhost:8001/auth/v1/callback",
"http://keycloak:8080/auth/v1/callback"
],
"webOrigins": [
"http://localhost:5173",
"http://localhost:3000",
"http://localhost:8001"
],
"fullScopeAllowed": true,
"defaultClientScopes": [
"web-origins",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
],
"users": [
{
"id": "11111111-1111-1111-1111-111111111111",
"username": "ana",
"email": "ana@dev.local",
"emailVerified": true,
"enabled": true,
"firstName": "Ana",
"lastName": "García",
"credentials": [
{
"type": "password",
"value": "test1234",
"temporary": false
}
]
},
{
"id": "22222222-2222-2222-2222-222222222222",
"username": "borja",
"email": "borja@dev.local",
"emailVerified": true,
"enabled": true,
"firstName": "Borja",
"lastName": "López",
"credentials": [
{
"type": "password",
"value": "test1234",
"temporary": false
}
]
},
{
"id": "33333333-3333-3333-3333-333333333333",
"username": "carmen",
"email": "carmen@dev.local",
"emailVerified": true,
"enabled": true,
"firstName": "Carmen",
"lastName": "Martínez",
"credentials": [
{
"type": "password",
"value": "test1234",
"temporary": false
}
]
},
{
"id": "44444444-4444-4444-4444-444444444444",
"username": "david",
"email": "david@dev.local",
"emailVerified": true,
"enabled": true,
"firstName": "David",
"lastName": "Fernández",
"credentials": [
{
"type": "password",
"value": "test1234",
"temporary": false
}
]
},
{
"id": "55555555-5555-5555-5555-555555555555",
"username": "eva",
"email": "eva@dev.local",
"emailVerified": true,
"enabled": true,
"firstName": "Eva",
"lastName": "Ruiz",
"credentials": [
{
"type": "password",
"value": "test1234",
"temporary": false
}
]
}
],
"scopeMappings": [],
"clientScopeMappings": {},
"roles": {
"realm": [],
"client": {}
}
}