-
Notifications
You must be signed in to change notification settings - Fork 3
Enhances Keycloak authentication flow #95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
14 commits
Select commit
Hold shift + click to select a range
8f76e81
feat: Add Keycloak authentication and authorization
fboucher 41b0670
feat: Implements Keycloak authentication
fboucher 766a902
feat: Enables Keycloak authentication
fboucher b5551cb
feat: Adds Keycloak authentication to BlazorApp
fboucher 57b1477
Fix(keycloak): Handles asynchronous sign out redirect
fboucher 65e2f6e
docs(ai-team): Docker-compose deployment documentation
fboucher ef0b58a
Adds Keycloak authentication support
fboucher d11f6fb
Docs: Updates Docker Compose deployment guide
fboucher 6b999e5
docs: Updates deployment instructions
fboucher e206306
clean-up
fboucher 1396ee9
docs: Updates .NET version and doc link
fboucher 3cd4194
Apply suggestion from @Copilot
fboucher 99c915d
Apply suggestion from @Copilot
fboucher b400740
Apply suggestions from code review
fboucher File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # NoteBookmark Docker Compose Environment Variables | ||
| # Copy this file to .env and replace all placeholder values with your actual configuration | ||
|
|
||
| # Keycloak Admin Credentials | ||
| KEYCLOAK_ADMIN_PASSWORD=your-secure-admin-password | ||
|
|
||
| # Keycloak Client Configuration | ||
| KEYCLOAK_AUTHORITY=http://localhost:8080/realms/notebookmark | ||
| KEYCLOAK_CLIENT_ID=notebookmark | ||
| KEYCLOAK_CLIENT_SECRET=your-keycloak-client-secret | ||
|
|
||
| # Azure Storage - Table Storage Connection | ||
| NB_STORAGE_OUTPUTS_TABLEENDPOINT=https://your-storage-account.table.core.windows.net/ | ||
|
|
||
| # Azure Storage - Blob Storage Connection | ||
| NB_STORAGE_OUTPUTS_BLOBENDPOINT=https://your-storage-account.blob.core.windows.net/ | ||
|
|
||
| # Notes: | ||
| # - Never commit the .env file to version control | ||
| # - Keep credentials secure and rotate them regularly | ||
| # - For local development, you can use "admin" as KEYCLOAK_ADMIN_PASSWORD | ||
| # - For production, use strong passwords and proper Azure Storage connection strings |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # Squad: union merge for append-only team state files | ||
| .ai-team/decisions.md merge=union | ||
| .ai-team/agents/*/history.md merge=union | ||
| .ai-team/log/** merge=union | ||
| .ai-team/orchestration-log/** merge=union |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,51 +1,48 @@ | ||
| <Project> | ||
| <ItemGroup> | ||
| <!-- Aspire packages --> | ||
| <PackageVersion Include="Aspire.Hosting.AppHost" Version="13.0.2" /> | ||
| <PackageVersion Include="Aspire.Hosting.Azure.Storage" Version="13.0.2" /> | ||
| <PackageVersion Include="Aspire.Hosting.Docker" Version="13.0.2-preview.1.25603.5" /> | ||
| <PackageVersion Include="Aspire.Azure.Data.Tables" Version="13.0.2" /> | ||
| <PackageVersion Include="Aspire.Azure.Storage.Blobs" Version="13.0.2" /> | ||
|
|
||
| <!-- Azure packages --> | ||
| <PackageVersion Include="Azure.Data.Tables" Version="12.11.0" /> | ||
| <PackageVersion Include="Azure.Storage.Blobs" Version="12.26.0" /> | ||
|
|
||
| <!-- Microsoft packages --> | ||
| <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="9.0.10" /> | ||
| <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Configuration" Version="10.0.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="10.0.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="10.0.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Http.Resilience" Version="10.1.0" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.2" /> | ||
| <PackageVersion Include="Microsoft.Extensions.ServiceDiscovery" Version="10.1.0" /> | ||
| <PackageVersion Include="Microsoft.FluentUI.AspNetCore.Components" Version="4.13.2" /> | ||
| <PackageVersion Include="Microsoft.FluentUI.AspNetCore.Components.Icons" Version="4.13.2" /> | ||
| <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="18.0.1" /> | ||
|
|
||
| <!-- OpenTelemetry packages --> | ||
| <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.14.0" /> | ||
| <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.14.0" /> | ||
| <PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.14.0" /> | ||
| <PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.14.0" /> | ||
| <PackageVersion Include="OpenTelemetry.Instrumentation.Runtime" Version="1.14.0" /> | ||
|
|
||
| <!-- Other packages --> | ||
| <PackageVersion Include="HtmlAgilityPack" Version="1.12.4" /> | ||
| <PackageVersion Include="Markdig" Version="0.44.0" /> | ||
| <PackageVersion Include="Microsoft.Agents.AI" Version="1.0.0-preview.260209.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.AI.OpenAI" Version="10.1.1-preview.1.25612.2" /> | ||
| <PackageVersion Include="Swashbuckle.AspNetCore" Version="9.0.6" /> | ||
| <PackageVersion Include="System.Text.Json" Version="9.0.10" /> | ||
|
|
||
| <!-- Test packages --> | ||
| <PackageVersion Include="coverlet.collector" Version="6.0.4" /> | ||
| <PackageVersion Include="FluentAssertions" Version="8.8.0" /> | ||
| <PackageVersion Include="Moq" Version="4.20.72" /> | ||
| <PackageVersion Include="Testcontainers.Azurite" Version="4.9.0" /> | ||
| <PackageVersion Include="xunit" Version="2.9.3" /> | ||
| <PackageVersion Include="xunit.runner.visualstudio" Version="3.1.5" /> | ||
| </ItemGroup> | ||
| </Project> | ||
| <Project> | ||
| <ItemGroup> | ||
| <!-- Aspire packages --> | ||
| <PackageVersion Include="Aspire.Hosting.AppHost" Version="13.1.1" /> | ||
| <PackageVersion Include="Aspire.Hosting.Azure.Storage" Version="13.1.1" /> | ||
| <PackageVersion Include="Aspire.Hosting.Docker" Version="13.1.1-preview.1.26105.8" /> | ||
| <PackageVersion Include="Aspire.Hosting.Keycloak" Version="13.1.1-preview.1.26105.8" /> | ||
| <PackageVersion Include="Aspire.Azure.Data.Tables" Version="13.1.1" /> | ||
| <PackageVersion Include="Aspire.Azure.Storage.Blobs" Version="13.1.1" /> | ||
| <!-- Azure packages --> | ||
| <PackageVersion Include="Azure.Data.Tables" Version="12.11.0" /> | ||
| <PackageVersion Include="Azure.Storage.Blobs" Version="12.26.0" /> | ||
| <!-- Microsoft packages --> | ||
| <PackageVersion Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.3" /> | ||
| <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="9.0.10" /> | ||
| <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Configuration" Version="10.0.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="10.0.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="10.0.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Http.Resilience" Version="10.1.0" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.2" /> | ||
| <PackageVersion Include="Microsoft.Extensions.ServiceDiscovery" Version="10.1.0" /> | ||
| <PackageVersion Include="Microsoft.FluentUI.AspNetCore.Components" Version="4.13.2" /> | ||
| <PackageVersion Include="Microsoft.FluentUI.AspNetCore.Components.Icons" Version="4.13.2" /> | ||
| <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="18.0.1" /> | ||
| <!-- OpenTelemetry packages --> | ||
| <PackageVersion Include="OpenTelemetry.Exporter.OpenTelemetryProtocol" Version="1.14.0" /> | ||
| <PackageVersion Include="OpenTelemetry.Extensions.Hosting" Version="1.14.0" /> | ||
| <PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.14.0" /> | ||
| <PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="1.14.0" /> | ||
| <PackageVersion Include="OpenTelemetry.Instrumentation.Runtime" Version="1.14.0" /> | ||
| <!-- Other packages --> | ||
| <PackageVersion Include="HtmlAgilityPack" Version="1.12.4" /> | ||
| <PackageVersion Include="Markdig" Version="0.44.0" /> | ||
| <PackageVersion Include="Microsoft.Agents.AI" Version="1.0.0-preview.260209.1" /> | ||
| <PackageVersion Include="Microsoft.Extensions.AI.OpenAI" Version="10.1.1-preview.1.25612.2" /> | ||
| <PackageVersion Include="Swashbuckle.AspNetCore" Version="9.0.6" /> | ||
| <PackageVersion Include="System.Text.Json" Version="9.0.10" /> | ||
| <!-- Test packages --> | ||
| <PackageVersion Include="coverlet.collector" Version="6.0.4" /> | ||
| <PackageVersion Include="FluentAssertions" Version="8.8.0" /> | ||
| <PackageVersion Include="Moq" Version="4.20.72" /> | ||
| <PackageVersion Include="Testcontainers.Azurite" Version="4.9.0" /> | ||
| <PackageVersion Include="xunit" Version="2.9.3" /> | ||
| <PackageVersion Include="xunit.runner.visualstudio" Version="3.1.5" /> | ||
| </ItemGroup> | ||
| </Project> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,54 +1,60 @@ | ||
| # Note Bookmark | ||
|
|
||
|   [](https://github.com/FBoucher/NoteBookmark/actions/workflows/running-unit-tests.yml) [](https://reka.ai/) | ||
|
|
||
|
|
||
|
|
||
|
|
||
| I use this project mostly everyday. I build it to help me collecting my thoughts about articles, and blob posts I read during the week and then aggregate them in a #ReadingNotes blog post. You can find those post on my blog [here](https://frankysnotes.com). | ||
|
|
||
| NoteBookmark is composed of three main sections: | ||
|
|
||
| - **Post**: where you can manage a posts "to read", and add notes to them. | ||
| - **Generate Summary**: where you can generate a summary of the posts you read. | ||
| - **Summaries**: where you can see all the summaries you generated. | ||
|
|
||
|  | ||
|
|
||
| ## How to deploy Your own NoteBookmark | ||
|
|
||
| ### Get the code on your machine | ||
|
|
||
| - Fork this repository to your account. | ||
| - Clone the repository to your local machine. | ||
|
|
||
|
|
||
| ### Deploy the solution (5 mins) | ||
|
|
||
| Using Azure Developer CLI let's initialize your environment. In a terminal, at the root of the project, run the following command. When ask give it a name (ex: NoteBookmark-dev). | ||
|
|
||
| ```bash | ||
| azd init | ||
| ``` | ||
|
|
||
| Now let's deploy the solution. Run the following command in the terminal. You will have to select your Azure subscription where you want to deploy the solution, and a location (ex: eastus). | ||
|
|
||
| ```bash | ||
| azd up | ||
| ``` | ||
|
|
||
| It should take around five minutes to deploy the solution. Once it's done, you will see the URL for **Deploying service blazor-app**. | ||
|
|
||
| ### Secure the App in a few clicks | ||
|
|
||
| The app is now deployed, but it's not secure. Navigate to the Azure Portal, and find the Resource Group you just deployed (ex: rg-notebookmark-dev). In this resource group, open the Container App **Container App**. From the left menu, select **Authentication** and click the **Add identity provider**. | ||
|
|
||
| You can choose between multiple providers, I like to use Microsoft since it's deploy in Azure and I'm already logged in. If Microsoft is choose, select the recomended **Client secret expiration** (ex: 180 days). You can keep all the other default settings. Click **Add**. | ||
|
|
||
| Next time you will navigate to the app, you will be prompt a to login with your Microsoft account. The first time you will have a **Permissions requested** screen, click **Accept**. | ||
|
|
||
| Voila! Your app is now secure. | ||
|
|
||
| ## Contributing | ||
|
|
||
| Your contributions are welcome! Take a look at [CONTRIBUTING](/CONTRIBUTING.md) for details. | ||
| # Note Bookmark | ||
|
|
||
|   [](https://github.com/FBoucher/NoteBookmark/actions/workflows/running-unit-tests.yml) [](https://reka.ai/) | ||
|
|
||
|
|
||
|
|
||
|
|
||
| I use this project mostly everyday. I build it to help me collecting my thoughts about articles, and blob posts I read during the week and then aggregate them in a #ReadingNotes blog post. You can find those post on my blog [here](https://frankysnotes.com). | ||
|
|
||
| NoteBookmark is composed of three main sections: | ||
|
|
||
| - **Post**: where you can manage a posts "to read", and add notes to them. | ||
| - **Generate Summary**: where you can generate a summary of the posts you read. | ||
| - **Summaries**: where you can see all the summaries you generated. | ||
|
|
||
|  | ||
|
|
||
| ## How to deploy Your own NoteBookmark | ||
|
|
||
| ### Get the code on your machine | ||
|
|
||
| - Fork this repository to your account. | ||
| - Clone the repository to your local machine. | ||
|
|
||
|
|
||
| ### Deploy the solution (5 mins) | ||
|
|
||
| Using Azure Developer CLI let's initialize your environment. In a terminal, at the root of the project, run the following command. When ask give it a name (ex: NoteBookmark-dev). | ||
|
|
||
| ```bash | ||
| azd init | ||
| ``` | ||
|
|
||
| Now let's deploy the solution. Run the following command in the terminal. You will have to select your Azure subscription where you want to deploy the solution, and a location (ex: eastus). | ||
|
|
||
| ```bash | ||
| azd up | ||
| ``` | ||
|
|
||
| It should take around five minutes to deploy the solution. Once it's done, you will see the URL for **Deploying service blazor-app**. | ||
|
|
||
| ### Secure the App in a few clicks | ||
|
|
||
| The app is now deployed, but it's not secure. Navigate to the Azure Portal, and find the Resource Group you just deployed (ex: rg-notebookmark-dev). In this resource group, open the Container App **Container App**. From the left menu, select **Authentication** and click the **Add identity provider**. | ||
|
|
||
| You can choose between multiple providers, I like to use Microsoft since it's deploy in Azure and I'm already logged in. If Microsoft is choose, select the recomended **Client secret expiration** (ex: 180 days). You can keep all the other default settings. Click **Add**. | ||
|
|
||
| Next time you will navigate to the app, you will be prompt a to login with your Microsoft account. The first time you will have a **Permissions requested** screen, click **Accept**. | ||
|
|
||
| Voila! Your app is now secure. | ||
|
|
||
| ## Documentation | ||
|
|
||
| For detailed setup guides and configuration information: | ||
| - [Keycloak Authentication Setup](/docs/keycloak-setup.md) - Complete guide for setting up Keycloak authentication | ||
| - [Docker Compose Deployment](/docs/docker-compose-deployment.md) - Deploy with Docker Compose (generate from Aspire or use provided files) | ||
|
|
||
| ## Contributing | ||
|
|
||
| Your contributions are welcome! Take a look at [CONTRIBUTING](/CONTRIBUTING.md) for details. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
KEYCLOAK_ADMIN_PASSWORDdefaults toadminif the env var isn’t provided. That makes it easy to accidentally deploy an insecure Keycloak instance. Remove the default fallback or at least require an explicit value for non-development usage.